From 240300b90b0690a60ec93634984565ee92cd73da Mon Sep 17 00:00:00 2001 From: Kim Burgaard Date: Thu, 26 Mar 2026 23:35:28 -0700 Subject: [PATCH 1/3] Added /me endpoint and made SSO login tweaks --- README.md | 19 +- openapi/seclai.openapi.json | 210 +++++++++++------ src/auth.ts | 68 +++--- src/client.ts | 6 +- src/index.ts | 8 + src/openapi.ts | 456 +++++++++++++++++++++--------------- tests/client.test.ts | 2 +- 7 files changed, 470 insertions(+), 299 deletions(-) diff --git a/README.md b/README.md index 0927290..2332fbd 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Credentials are resolved via a chain (first match wins): 1. Explicit `apiKey` option 2. Explicit `accessToken` option (string or `() => string | Promise`) 3. `SECLAI_API_KEY` environment variable -4. SSO profile from `~/.seclai/config` with cached tokens in `~/.seclai/sso/cache/` +4. SSO — cached tokens from `~/.seclai/sso/cache/` (always available as fallback) ```ts // API key @@ -81,13 +81,24 @@ const client = new Seclai({ profile: "my-profile" }); const client = new Seclai(); ``` -To set up SSO authentication, install the [Seclai CLI](https://www.npmjs.com/package/seclai) and run: +#### SSO authentication + +SSO is the default fallback when no explicit credentials are provided. The SDK +includes built-in production SSO defaults, so no configuration is needed: ```bash -seclai configure sso # set up an SSO profile -seclai auth login # authenticate via browser +npx @seclai/cli auth login # authenticate via browser — works immediately ``` +To customize SSO settings (e.g. for a staging environment), use `seclai configure sso` +or set environment variables: + +| Variable | Description | Default | +|---|---|---| +| `SECLAI_SSO_DOMAIN` | Cognito domain | `auth.seclai.com` | +| `SECLAI_SSO_CLIENT_ID` | Cognito app client ID | `4bgf8v9qmc5puivbaqon9n5lmr` | +| `SECLAI_SSO_REGION` | AWS region | `us-west-2` | + ## API documentation Online API documentation (latest): diff --git a/openapi/seclai.openapi.json b/openapi/seclai.openapi.json index 1d43e1c..39566f3 100644 --- a/openapi/seclai.openapi.json +++ b/openapi/seclai.openapi.json @@ -2,7 +2,7 @@ "components": { "parameters": { "X-Account-Id": { - "description": "Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect.", + "description": "Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication \u2014 the key's account is always used.", "in": "header", "name": "X-Account-Id", "required": false, @@ -3310,6 +3310,28 @@ "title": "MarkConversationTurnRequest", "type": "object" }, + "MeResponse": { + "properties": { + "account_id": { + "format": "uuid", + "title": "Account Id", + "type": "string" + }, + "organizations": { + "items": { + "$ref": "#/components/schemas/OrganizationInfoResponse" + }, + "title": "Organizations", + "type": "array" + } + }, + "required": [ + "account_id", + "organizations" + ], + "title": "MeResponse", + "type": "object" + }, "MemoryBankAiAssistantResponse": { "description": "Response from the memory bank AI assistant.", "properties": { @@ -3701,6 +3723,31 @@ "title": "OrganizationAlertPreferenceListResponse", "type": "object" }, + "OrganizationInfoResponse": { + "properties": { + "account_id": { + "format": "uuid", + "title": "Account Id", + "type": "string" + }, + "id": { + "format": "uuid", + "title": "Id", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + } + }, + "required": [ + "id", + "name", + "account_id" + ], + "title": "OrganizationInfoResponse", + "type": "object" + }, "PaginationResponse": { "description": "Pagination information.", "properties": { @@ -7078,7 +7125,7 @@ "paths": { "/agents": { "get": { - "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "list_agents_api_agents_get", "parameters": [ { @@ -7140,7 +7187,7 @@ ] }, "post": { - "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Agent is created in the API key's account.", + "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires `X-API-Key`. Agent is created in the API key's account.", "operationId": "create_agent_api_agents_post", "parameters": [ { @@ -7721,7 +7768,7 @@ }, "/agents/runs/search": { "post": { - "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Searches only within your account's traces.", + "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires `X-API-Key`. Searches only within your account's traces.", "operationId": "search_agent_runs_api_agents_runs_search_post", "parameters": [ { @@ -7768,7 +7815,7 @@ }, "/agents/runs/{run_id}": { "delete": { - "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only cancel runs belonging to your account.", + "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only cancel runs belonging to your account.", "operationId": "delete_agent_run_api_agents_runs__run_id__delete", "parameters": [ { @@ -7812,7 +7859,7 @@ ] }, "get": { - "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access runs belonging to your account.", + "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access runs belonging to your account.", "operationId": "get_agent_run_api_agents_runs__run_id__get", "parameters": [ { @@ -7870,7 +7917,7 @@ }, "/agents/{agent_id}": { "delete": { - "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete agents belonging to your account.", + "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only delete agents belonging to your account.", "operationId": "delete_agent_api_agents__agent_id__delete", "parameters": [ { @@ -7907,7 +7954,7 @@ ] }, "get": { - "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", + "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access agents belonging to your account.", "operationId": "get_agent_metadata_api_agents__agent_id__get", "parameters": [ { @@ -7951,7 +7998,7 @@ ] }, "put": { - "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", + "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update agents belonging to your account.", "operationId": "update_agent_api_agents__agent_id__put", "parameters": [ { @@ -8007,7 +8054,7 @@ }, "/agents/{agent_id}/ai-assistant/conversations": { "get": { - "description": "Fetch the AI assistant conversation history for a specific step of an agent.\n\nReturns past conversation turns (user inputs, AI responses, accept/decline status) ordered oldest first. Use `step_type` to filter by step type, and optionally `step_id` to narrow to a specific step instance.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Only agents belonging to your account can be queried.", + "description": "Fetch the AI assistant conversation history for a specific step of an agent.\n\nReturns past conversation turns (user inputs, AI responses, accept/decline status) ordered oldest first. Use `step_type` to filter by step type, and optionally `step_id` to narrow to a specific step instance.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be queried.", "operationId": "get_ai_conversation_history_api_agents__agent_id__ai_assistant_conversations_get", "parameters": [ { @@ -8109,7 +8156,7 @@ }, "/agents/{agent_id}/ai-assistant/generate-steps": { "post": { - "description": "Use the AI assistant to generate a full agent step workflow from a natural language description.\n\nProvide a description of what the agent should do, along with optional context (current steps, trigger type). The AI produces a complete set of agent steps.\nUse mode 'generate_full' for new workflows or 'modify_workflow' to refine existing ones.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Only agents belonging to your account can be used.", + "description": "Use the AI assistant to generate a full agent step workflow from a natural language description.\n\nProvide a description of what the agent should do, along with optional context (current steps, trigger type). The AI produces a complete set of agent steps.\nUse mode 'generate_full' for new workflows or 'modify_workflow' to refine existing ones.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used.", "operationId": "generate_agent_steps_api_agents__agent_id__ai_assistant_generate_steps_post", "parameters": [ { @@ -8165,7 +8212,7 @@ }, "/agents/{agent_id}/ai-assistant/step-config": { "post": { - "description": "Use the AI assistant to generate or refine a single step's configuration.\n\nProvide the step type, a natural language instruction, and optionally the current configuration. The AI will produce a proposed configuration along with an explanation. The suggestion is stored as a conversation turn that can be accepted or declined separately via the mark endpoint.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Only agents belonging to your account can be used.", + "description": "Use the AI assistant to generate or refine a single step's configuration.\n\nProvide the step type, a natural language instruction, and optionally the current configuration. The AI will produce a proposed configuration along with an explanation. The suggestion is stored as a conversation turn that can be accepted or declined separately via the mark endpoint.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used.", "operationId": "generate_step_config_api_agents__agent_id__ai_assistant_step_config_post", "parameters": [ { @@ -8221,7 +8268,7 @@ }, "/agents/{agent_id}/ai-assistant/{conversation_id}": { "patch": { - "description": "Accept or decline a proposed AI assistant configuration for a conversation turn.\n\nThis only updates the tracking status on the conversation record. To actually apply the proposed configuration, use the agent definition update endpoint separately.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). The conversation must belong to one of your agents.", + "description": "Accept or decline a proposed AI assistant configuration for a conversation turn.\n\nThis only updates the tracking status on the conversation record. To actually apply the proposed configuration, use the agent definition update endpoint separately.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. The conversation must belong to one of your agents.", "operationId": "mark_ai_suggestion_api_agents__agent_id__ai_assistant__conversation_id__patch", "parameters": [ { @@ -8290,7 +8337,7 @@ }, "/agents/{agent_id}/definition": { "get": { - "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", + "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access agents belonging to your account.", "operationId": "get_agent_definition_api_agents__agent_id__definition_get", "parameters": [ { @@ -8334,7 +8381,7 @@ ] }, "put": { - "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", + "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update agents belonging to your account.", "operationId": "update_agent_definition_api_agents__agent_id__definition_put", "parameters": [ { @@ -8826,7 +8873,7 @@ }, "/agents/{agent_id}/input-uploads/{upload_id}": { "get": { - "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "api_get_agent_input_upload_status_api_agents__agent_id__input_uploads__upload_id__get", "parameters": [ { @@ -8881,7 +8928,7 @@ }, "/agents/{agent_id}/runs": { "get": { - "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only list runs for agents in your account.", + "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only list runs for agents in your account.", "operationId": "list_agent_runs_api_agents__agent_id__runs_get", "parameters": [ { @@ -8970,7 +9017,7 @@ ] }, "post": { - "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "run_agent_api_agents__agent_id__runs_post", "parameters": [ { @@ -9026,7 +9073,7 @@ }, "/agents/{agent_id}/runs/stream": { "post": { - "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "run_streaming_agent_api_agents__agent_id__runs_stream_post", "parameters": [ { @@ -9145,7 +9192,7 @@ }, "/agents/{agent_id}/upload-input": { "post": { - "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "api_upload_agent_input_api_agents__agent_id__upload_input_post", "parameters": [ { @@ -9648,7 +9695,7 @@ }, "/alerts": { "get": { - "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association. Results are scoped to the authenticated account.", + "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires `X-API-Key` with user association. Results are scoped to the API key's account.", "operationId": "list_alerts_api_alerts_get", "parameters": [ { @@ -9806,7 +9853,7 @@ }, "/alerts/configs": { "get": { - "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "list_alert_configs_api_alerts_configs_get", "parameters": [ { @@ -9897,7 +9944,7 @@ ] }, "post": { - "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "create_alert_config_api_alerts_configs_post", "parameters": [ { @@ -9946,7 +9993,7 @@ }, "/alerts/configs/{config_id}": { "delete": { - "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "delete_alert_config_api_alerts_configs__config_id__delete", "parameters": [ { @@ -9983,7 +10030,7 @@ ] }, "get": { - "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "get_alert_config_api_alerts_configs__config_id__get", "parameters": [ { @@ -10029,7 +10076,7 @@ ] }, "patch": { - "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "update_alert_config_api_alerts_configs__config_id__patch", "parameters": [ { @@ -10087,7 +10134,7 @@ }, "/alerts/organization-preferences/list": { "get": { - "description": "List per-organization alert delivery preferences for the API key's associated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.\n- Only organizations where the user is an owner or administrator are included.", + "description": "List per-organization alert delivery preferences for the API key's associated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.\n- Only organizations where the user is an owner or administrator are included.", "operationId": "list_organization_preferences_api_alerts_organization_preferences_list_get", "parameters": [ { @@ -10155,7 +10202,7 @@ }, "/alerts/organization-preferences/{organization_id}/{alert_type}": { "patch": { - "description": "Update the API key user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.\n- Only owners and administrators can update preferences for an organization.", + "description": "Update the API key user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.\n- Only owners and administrators can update preferences for an organization.", "operationId": "update_organization_preference_api_alerts_organization_preferences__organization_id___alert_type__patch", "parameters": [ { @@ -10221,7 +10268,7 @@ }, "/alerts/{alert_id}": { "get": { - "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "get_alert_detail_api_alerts__alert_id__get", "parameters": [ { @@ -10269,7 +10316,7 @@ }, "/alerts/{alert_id}/comments": { "post": { - "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "add_alert_comment_api_alerts__alert_id__comments_post", "parameters": [ { @@ -10327,7 +10374,7 @@ }, "/alerts/{alert_id}/status": { "post": { - "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "change_alert_status_api_alerts__alert_id__status_post", "parameters": [ { @@ -10385,7 +10432,7 @@ }, "/alerts/{alert_id}/subscribe": { "post": { - "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "subscribe_to_alert_api_alerts__alert_id__subscribe_post", "parameters": [ { @@ -10433,7 +10480,7 @@ }, "/alerts/{alert_id}/unsubscribe": { "post": { - "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token) with user association.", + "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", "operationId": "unsubscribe_from_alert_api_alerts__alert_id__unsubscribe_post", "parameters": [ { @@ -10481,7 +10528,7 @@ }, "/contents/{source_connection_content_version}": { "delete": { - "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete content belonging to your account.", + "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only delete content belonging to your account.", "operationId": "delete_content_api_contents__source_connection_content_version__delete", "parameters": [ { @@ -10518,7 +10565,7 @@ ] }, "get": { - "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access content belonging to your account.", + "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access content belonging to your account.", "operationId": "get_content_detail_api_contents__source_connection_content_version__get", "parameters": [ { @@ -10638,7 +10685,7 @@ }, "/contents/{source_connection_content_version}/embeddings": { "get": { - "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access embeddings for content belonging to your account.", + "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access embeddings for content belonging to your account.", "operationId": "list_content_embeddings_api_contents__source_connection_content_version__embeddings_get", "parameters": [ { @@ -10704,7 +10751,7 @@ }, "/contents/{source_connection_content_version}/upload": { "post": { - "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only replace content belonging to your account.", + "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only replace content belonging to your account.", "operationId": "upload_file_to_content_api_contents__source_connection_content_version__upload_post", "parameters": [ { @@ -10970,7 +11017,7 @@ }, "/knowledge_bases": { "get": { - "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "list_knowledge_bases_api_knowledge_bases_get", "parameters": [ { @@ -11143,7 +11190,7 @@ ] }, "get": { - "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access knowledge bases belonging to your account.", + "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access knowledge bases belonging to your account.", "operationId": "get_knowledge_base_api_knowledge_bases__knowledge_base_id__get", "parameters": [ { @@ -11187,7 +11234,7 @@ ] }, "put": { - "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update knowledge bases belonging to your account.", + "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update knowledge bases belonging to your account.", "operationId": "update_knowledge_base_api_knowledge_bases__knowledge_base_id__put", "parameters": [ { @@ -11241,9 +11288,36 @@ ] } }, + "/me": { + "get": { + "description": "Returns the authenticated user's personal account ID and a list of organisations they belong to. Each organisation entry includes the organisation's own id, display name, and account_id. Useful for CLI tooling that needs to let the user pick an org context.", + "operationId": "get_me_api_me_get", + "parameters": [ + { + "$ref": "#/components/parameters/X-Account-Id" + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MeResponse" + } + } + }, + "description": "Successful Response" + } + }, + "summary": "Get current user identity", + "tags": [ + "identity" + ] + } + }, "/memory_banks": { "get": { - "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", "operationId": "list_memory_banks_api_memory_banks_get", "parameters": [ { @@ -11685,7 +11759,7 @@ ] }, "get": { - "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access memory banks belonging to your account.", + "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access memory banks belonging to your account.", "operationId": "get_memory_bank_api_memory_banks__memory_bank_id__get", "parameters": [ { @@ -12075,7 +12149,7 @@ }, "/models/alerts": { "get": { - "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Alerts are scoped to the authenticated account.", + "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires `X-API-Key`. Alerts are scoped to the API key's account.", "operationId": "list_alerts_api_models_alerts_get", "parameters": [ { @@ -12171,7 +12245,7 @@ }, "/models/alerts/mark-all-read": { "post": { - "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Scoped to the API key's account.", + "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. Scoped to the API key's account.", "operationId": "mark_all_read_api_models_alerts_mark_all_read_post", "parameters": [ { @@ -12191,7 +12265,7 @@ }, "/models/alerts/unread-count": { "get": { - "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Count is scoped to the authenticated account.", + "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires `X-API-Key`. Count is scoped to the API key's account.", "operationId": "get_alert_unread_count_api_models_alerts_unread_count_get", "parameters": [ { @@ -12220,7 +12294,7 @@ }, "/models/alerts/{alert_id}/read": { "patch": { - "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). The alert must belong to the API key's account.", + "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires `X-API-Key`. The alert must belong to the API key's account.", "operationId": "mark_read_api_models_alerts__alert_id__read_patch", "parameters": [ { @@ -12260,7 +12334,7 @@ }, "/models/{model_id}/recommendations": { "get": { - "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires `X-API-Key`.", "operationId": "get_recommendations_api_models__model_id__recommendations_get", "parameters": [ { @@ -12482,7 +12556,7 @@ }, "/solutions": { "get": { - "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.", + "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires `X-API-Key`. Results are scoped to the API key's account.", "operationId": "list_solutions_api_solutions_get", "parameters": [ { @@ -12587,7 +12661,7 @@ ] }, "post": { - "description": "Create a new solution for the API key's account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires authentication (API key or bearer token).", + "description": "Create a new solution for the API key's account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires `X-API-Key`.", "operationId": "create_solution_api_solutions_post", "parameters": [ { @@ -12634,7 +12708,7 @@ }, "/solutions/{solution_id}": { "delete": { - "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires authentication (API key or bearer token).", + "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires `X-API-Key`.", "operationId": "delete_solution_api_solutions__solution_id__delete", "parameters": [ { @@ -12672,7 +12746,7 @@ ] }, "get": { - "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information. Requires authentication (API key or bearer token).", + "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information. Requires `X-API-Key`.", "operationId": "get_solution_api_solutions__solution_id__get", "parameters": [ { @@ -12717,7 +12791,7 @@ ] }, "patch": { - "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged. Requires authentication (API key or bearer token).", + "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged. Requires `X-API-Key`.", "operationId": "update_solution_api_solutions__solution_id__patch", "parameters": [ { @@ -12774,7 +12848,7 @@ }, "/solutions/{solution_id}/agents": { "delete": { - "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires authentication (API key or bearer token).", + "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires `X-API-Key`.", "operationId": "unlink_agents_api_solutions__solution_id__agents_delete", "parameters": [ { @@ -12829,7 +12903,7 @@ ] }, "post": { - "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", "operationId": "link_agents_api_solutions__solution_id__agents_post", "parameters": [ { @@ -12886,7 +12960,7 @@ }, "/solutions/{solution_id}/ai-assistant/generate": { "post": { - "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", + "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`.\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", "operationId": "ai_assistant_generate_api_solutions__solution_id__ai_assistant_generate_post", "parameters": [ { @@ -12943,7 +13017,7 @@ }, "/solutions/{solution_id}/ai-assistant/knowledge-base": { "post": { - "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).", + "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`.", "operationId": "ai_assistant_knowledge_base_api_solutions__solution_id__ai_assistant_knowledge_base_post", "parameters": [ { @@ -13000,7 +13074,7 @@ }, "/solutions/{solution_id}/ai-assistant/source": { "post": { - "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires authentication (API key or bearer token).", + "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires `X-API-Key`.", "operationId": "ai_assistant_source_api_solutions__solution_id__ai_assistant_source_post", "parameters": [ { @@ -13057,7 +13131,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/accept": { "post": { - "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires authentication (API key or bearer token).", + "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires `X-API-Key`.", "operationId": "ai_assistant_accept_api_solutions__solution_id__ai_assistant__conversation_id__accept_post", "parameters": [ { @@ -13124,7 +13198,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/decline": { "post": { - "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires authentication (API key or bearer token).", + "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires `X-API-Key`.", "operationId": "ai_assistant_decline_api_solutions__solution_id__ai_assistant__conversation_id__decline_post", "parameters": [ { @@ -13174,7 +13248,7 @@ }, "/solutions/{solution_id}/conversations": { "get": { - "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires authentication (API key or bearer token).", + "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires `X-API-Key`.", "operationId": "list_conversations_api_solutions__solution_id__conversations_get", "parameters": [ { @@ -13223,7 +13297,7 @@ ] }, "post": { - "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires authentication (API key or bearer token).", + "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires `X-API-Key`.", "operationId": "add_conversation_turn_api_solutions__solution_id__conversations_post", "parameters": [ { @@ -13280,7 +13354,7 @@ }, "/solutions/{solution_id}/conversations/{conversation_id}": { "patch": { - "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires authentication (API key or bearer token).", + "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires `X-API-Key`.", "operationId": "mark_conversation_turn_api_solutions__solution_id__conversations__conversation_id__patch", "parameters": [ { @@ -13340,7 +13414,7 @@ }, "/solutions/{solution_id}/knowledge-bases": { "delete": { - "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", + "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`.", "operationId": "unlink_knowledge_bases_api_solutions__solution_id__knowledge_bases_delete", "parameters": [ { @@ -13395,7 +13469,7 @@ ] }, "post": { - "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", "operationId": "link_knowledge_bases_api_solutions__solution_id__knowledge_bases_post", "parameters": [ { @@ -13452,7 +13526,7 @@ }, "/solutions/{solution_id}/source-connections": { "delete": { - "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", + "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`.", "operationId": "unlink_source_connections_api_solutions__solution_id__source_connections_delete", "parameters": [ { @@ -13507,7 +13581,7 @@ ] }, "post": { - "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", "operationId": "link_source_connections_api_solutions__solution_id__source_connections_post", "parameters": [ { @@ -13614,7 +13688,7 @@ }, "/sources/": { "get": { - "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.\n- The optional `account_id` query param is only allowed when it matches the API key's account.", + "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires `X-API-Key`. Results are scoped to the API key's account.\n- The optional `account_id` query param is only allowed when it matches the API key's account.", "operationId": "list_sources_api_sources__get", "parameters": [ { @@ -13759,7 +13833,7 @@ ] }, "get": { - "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access sources belonging to your account.", + "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access sources belonging to your account.", "operationId": "get_source_api_sources__source_connection_id__get", "parameters": [ { diff --git a/src/auth.ts b/src/auth.ts index 803b295..f0b9259 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -12,7 +12,7 @@ import type { FetchLike } from "./client"; /** Resolved SSO profile settings. */ export interface SsoProfile { - ssoAccountId: string; + ssoAccountId?: string | undefined; ssoRegion: string; ssoClientId: string; ssoDomain: string; @@ -37,6 +37,13 @@ const CONFIG_FILE = "config"; const EXPIRY_BUFFER_MS = 30_000; // 30 seconds const DEFAULT_API_KEY_HEADER = "x-api-key"; +/** Default SSO domain (production Cognito). Override with `SECLAI_SSO_DOMAIN` or config file. */ +export const DEFAULT_SSO_DOMAIN = "auth.seclai.com"; +/** Default SSO client ID (production public client). Override with `SECLAI_SSO_CLIENT_ID` or config file. */ +export const DEFAULT_SSO_CLIENT_ID = "4bgf8v9qmc5puivbaqon9n5lmr"; +/** Default SSO region. Override with `SECLAI_SSO_REGION` or config file. */ +export const DEFAULT_SSO_REGION = "us-west-2"; + // ─── Environment helpers ───────────────────────────────────────────────────── function getEnv(name: string): string | undefined { @@ -186,38 +193,39 @@ export async function resolveConfigDir(override?: string): Promise { /** * Load and resolve an SSO profile from the config file. * Non-default profiles inherit unset keys from `[default]`. + * All profiles fall back to built-in defaults and environment variable overrides. * * @param configDir - Resolved config directory path. * @param profileName - Profile name to look up (`"default"` or a named profile). - * @returns The resolved profile, or `null` if not found or incomplete. + * @returns The resolved profile. Always returns a valid profile using built-in defaults. */ export async function loadSsoProfile( configDir: string, profileName: string, -): Promise { +): Promise { const fs = await getFs(); const pathMod = await getPath(); - const configPath = pathMod.join(configDir, CONFIG_FILE); - if (!fs.existsSync(configPath)) return null; - - const content = fs.readFileSync(configPath, "utf-8"); - const sections = parseIni(content); + let merged: Record = {}; - const defaultSection = sections["default"] ?? {}; - const profileSection = profileName === "default" ? defaultSection : sections[profileName]; - - if (!profileSection) return null; + const configPath = pathMod.join(configDir, CONFIG_FILE); + if (fs.existsSync(configPath)) { + const content = fs.readFileSync(configPath, "utf-8"); + const sections = parseIni(content); - // Non-default profiles inherit from [default] - const merged = profileName === "default" ? profileSection : { ...defaultSection, ...profileSection }; + const defaultSection = sections["default"] ?? {}; + const profileSection = profileName === "default" ? defaultSection : sections[profileName]; - const ssoAccountId = merged["sso_account_id"]; - const ssoRegion = merged["sso_region"]; - const ssoClientId = merged["sso_client_id"]; - const ssoDomain = merged["sso_domain"]; + if (profileSection) { + merged = profileName === "default" ? profileSection : { ...defaultSection, ...profileSection }; + } + } - if (!ssoAccountId || !ssoRegion || !ssoClientId || !ssoDomain) return null; + // Environment variables override config file values + const ssoDomain = getEnv("SECLAI_SSO_DOMAIN") ?? merged["sso_domain"] ?? DEFAULT_SSO_DOMAIN; + const ssoClientId = getEnv("SECLAI_SSO_CLIENT_ID") ?? merged["sso_client_id"] ?? DEFAULT_SSO_CLIENT_ID; + const ssoRegion = getEnv("SECLAI_SSO_REGION") ?? merged["sso_region"] ?? DEFAULT_SSO_REGION; + const ssoAccountId = merged["sso_account_id"] || undefined; return { ssoAccountId, ssoRegion, ssoClientId, ssoDomain }; } @@ -491,19 +499,17 @@ export async function resolveCredentialChain( const profileName = opts.profile ?? getEnv("SECLAI_PROFILE") ?? "default"; const ssoProfile = await loadSsoProfile(configDir, profileName); - if (ssoProfile) { - return { - mode: "sso", - apiKeyHeader, - accountId: opts.accountId ?? ssoProfile.ssoAccountId, - ssoProfile, - configDir, - autoRefresh: opts.autoRefresh !== false, - fetcher: opts.fetch, - }; - } + return { + mode: "sso", + apiKeyHeader, + accountId: opts.accountId ?? ssoProfile.ssoAccountId, + ssoProfile, + configDir, + autoRefresh: opts.autoRefresh !== false, + fetcher: opts.fetch, + }; } catch { - // Config dir not found or profile not configured — fall through + // Config dir not found — fall through } // 6. Nothing found diff --git a/src/client.ts b/src/client.ts index 2a53ca6..eb1b9c1 100644 --- a/src/client.ts +++ b/src/client.ts @@ -171,7 +171,11 @@ function getEnv(name: string): string | undefined { } function buildURL(baseUrl: string, path: string, query?: Record): URL { - const url = new URL(path, baseUrl); + // Ensure baseUrl ends with "/" so new URL() preserves its path component. + const base = baseUrl.endsWith("/") ? baseUrl : `${baseUrl}/`; + // Strip leading "/" from path so it's treated as relative to base. + const relative = path.startsWith("/") ? path.slice(1) : path; + const url = new URL(relative, base); if (query) { for (const [key, value] of Object.entries(query)) { if (value === undefined || value === null) continue; diff --git a/src/index.ts b/src/index.ts index feacfdb..8e0abdc 100644 --- a/src/index.ts +++ b/src/index.ts @@ -26,6 +26,14 @@ export { type SsoCacheEntry, type AuthState, type CredentialChainOptions, + DEFAULT_SSO_DOMAIN, + DEFAULT_SSO_CLIENT_ID, + DEFAULT_SSO_REGION, + loadSsoProfile, + readSsoCache, + writeSsoCache, + deleteSsoCache, + isTokenValid, } from "./auth"; export { diff --git a/src/openapi.ts b/src/openapi.ts index d687c43..00c64ae 100644 --- a/src/openapi.ts +++ b/src/openapi.ts @@ -16,7 +16,7 @@ export interface paths { * @description List agents for the account with pagination. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ get: operations["list_agents_api_agents_get"]; put?: never; @@ -33,7 +33,7 @@ export interface paths { * Templates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline` * * Auth & scoping: - * - Requires authentication (API key or bearer token). Agent is created in the API key's account. + * - Requires `X-API-Key`. Agent is created in the API key's account. */ post: operations["create_agent_api_agents_post"]; delete?: never; @@ -199,7 +199,7 @@ export interface paths { * Agent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Searches only within your account's traces. + * - Requires `X-API-Key`. Searches only within your account's traces. */ post: operations["search_agent_runs_api_agents_runs_search_post"]; delete?: never; @@ -222,7 +222,7 @@ export interface paths { * The response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access runs belonging to your account. + * - Requires `X-API-Key`. You can only access runs belonging to your account. */ get: operations["get_agent_run_api_agents_runs__run_id__get"]; put?: never; @@ -234,7 +234,7 @@ export interface paths { * If the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only cancel runs belonging to your account. + * - Requires `X-API-Key`. You can only cancel runs belonging to your account. */ delete: operations["delete_agent_run_api_agents_runs__run_id__delete"]; options?: never; @@ -254,7 +254,7 @@ export interface paths { * @description Fetch an agent's metadata (name, description, trigger type, timestamps). * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access agents belonging to your account. + * - Requires `X-API-Key`. You can only access agents belonging to your account. */ get: operations["get_agent_metadata_api_agents__agent_id__get"]; /** @@ -268,7 +268,7 @@ export interface paths { * At least one field must be provided. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only update agents belonging to your account. + * - Requires `X-API-Key`. You can only update agents belonging to your account. */ put: operations["update_agent_api_agents__agent_id__put"]; post?: never; @@ -277,7 +277,7 @@ export interface paths { * @description Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only delete agents belonging to your account. + * - Requires `X-API-Key`. You can only delete agents belonging to your account. */ delete: operations["delete_agent_api_agents__agent_id__delete"]; options?: never; @@ -299,7 +299,7 @@ export interface paths { * Returns past conversation turns (user inputs, AI responses, accept/decline status) ordered oldest first. Use `step_type` to filter by step type, and optionally `step_id` to narrow to a specific step instance. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Only agents belonging to your account can be queried. + * - Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be queried. */ get: operations["get_ai_conversation_history_api_agents__agent_id__ai_assistant_conversations_get"]; put?: never; @@ -327,7 +327,7 @@ export interface paths { * Use mode 'generate_full' for new workflows or 'modify_workflow' to refine existing ones. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Only agents belonging to your account can be used. + * - Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used. */ post: operations["generate_agent_steps_api_agents__agent_id__ai_assistant_generate_steps_post"]; delete?: never; @@ -352,7 +352,7 @@ export interface paths { * Provide the step type, a natural language instruction, and optionally the current configuration. The AI will produce a proposed configuration along with an explanation. The suggestion is stored as a conversation turn that can be accepted or declined separately via the mark endpoint. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Only agents belonging to your account can be used. + * - Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used. */ post: operations["generate_step_config_api_agents__agent_id__ai_assistant_step_config_post"]; delete?: never; @@ -381,7 +381,7 @@ export interface paths { * This only updates the tracking status on the conversation record. To actually apply the proposed configuration, use the agent definition update endpoint separately. * * Auth & scoping: - * - Requires authentication (API key or bearer token). The conversation must belong to one of your agents. + * - Requires a user-scoped `X-API-Key`. The conversation must belong to one of your agents. */ patch: operations["mark_ai_suggestion_api_agents__agent_id__ai_assistant__conversation_id__patch"]; trace?: never; @@ -422,7 +422,7 @@ export interface paths { * - `text`: Static text literal * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access agents belonging to your account. + * - Requires `X-API-Key`. You can only access agents belonging to your account. */ get: operations["get_agent_definition_api_agents__agent_id__definition_get"]; /** @@ -436,7 +436,7 @@ export interface paths { * **Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1–10). Best practice: place a `gate` step before the retry to make retries conditional. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only update agents belonging to your account. + * - Requires `X-API-Key`. You can only update agents belonging to your account. */ put: operations["update_agent_definition_api_agents__agent_id__definition_put"]; post?: never; @@ -560,7 +560,7 @@ export interface paths { * Possible `status` values: `processing`, `ready`, `failed`. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ get: operations["api_get_agent_input_upload_status_api_agents__agent_id__input_uploads__upload_id__get"]; put?: never; @@ -590,7 +590,7 @@ export interface paths { * - This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only list runs for agents in your account. + * - Requires `X-API-Key`. You can only list runs for agents in your account. */ get: operations["list_agent_runs_api_agents__agent_id__runs_get"]; put?: never; @@ -615,7 +615,7 @@ export interface paths { * - Use `include_step_outputs=true` to include per-step outputs, timing, and credits. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ post: operations["run_agent_api_agents__agent_id__runs_post"]; delete?: never; @@ -653,7 +653,7 @@ export interface paths { * - On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ post: operations["run_streaming_agent_api_agents__agent_id__runs_stream_post"]; delete?: never; @@ -707,7 +707,7 @@ export interface paths { * After uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ post: operations["api_upload_agent_input_api_agents__agent_id__upload_input_post"]; delete?: never; @@ -932,7 +932,7 @@ export interface paths { * - `time_from` / `time_to`: ISO 8601 date range * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. Results are scoped to the API key's account. + * - Requires `X-API-Key` with user association. Results are scoped to the API key's account. */ get: operations["list_alerts_api_alerts_get"]; put?: never; @@ -963,7 +963,7 @@ export interface paths { * Credits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ get: operations["list_alert_configs_api_alerts_configs_get"]; put?: never; @@ -977,7 +977,7 @@ export interface paths { * Distribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ post: operations["create_alert_config_api_alerts_configs_post"]; delete?: never; @@ -1000,7 +1000,7 @@ export interface paths { * Returns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ get: operations["get_alert_config_api_alerts_configs__config_id__get"]; put?: never; @@ -1010,7 +1010,7 @@ export interface paths { * @description Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ delete: operations["delete_alert_config_api_alerts_configs__config_id__delete"]; options?: never; @@ -1020,7 +1020,7 @@ export interface paths { * @description Update an alert configuration. Only provided fields are updated. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ patch: operations["update_alert_config_api_alerts_configs__config_id__patch"]; trace?: never; @@ -1039,7 +1039,7 @@ export interface paths { * By default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. * - Only organizations where the user is an owner or administrator are included. */ get: operations["list_organization_preferences_api_alerts_organization_preferences_list_get"]; @@ -1071,7 +1071,7 @@ export interface paths { * Setting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. * - Only owners and administrators can update preferences for an organization. */ patch: operations["update_organization_preference_api_alerts_organization_preferences__organization_id___alert_type__patch"]; @@ -1089,7 +1089,7 @@ export interface paths { * @description Get full alert detail including history, comments, and subscribers. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ get: operations["get_alert_detail_api_alerts__alert_id__get"]; put?: never; @@ -1114,7 +1114,7 @@ export interface paths { * @description Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ post: operations["add_alert_comment_api_alerts__alert_id__comments_post"]; delete?: never; @@ -1137,7 +1137,7 @@ export interface paths { * @description Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ post: operations["change_alert_status_api_alerts__alert_id__status_post"]; delete?: never; @@ -1160,7 +1160,7 @@ export interface paths { * @description Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ post: operations["subscribe_to_alert_api_alerts__alert_id__subscribe_post"]; delete?: never; @@ -1183,7 +1183,7 @@ export interface paths { * @description Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert. * * Auth & scoping: - * - Requires authentication (API key or bearer token) with user association. + * - Requires `X-API-Key` with user association. */ post: operations["unsubscribe_from_alert_api_alerts__alert_id__unsubscribe_post"]; delete?: never; @@ -1211,7 +1211,7 @@ export interface paths { * - `start` and `end` control the character range returned in `text_content` so clients can page through large documents. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access content belonging to your account. + * - Requires `X-API-Key`. You can only access content belonging to your account. */ get: operations["get_content_detail_api_contents__source_connection_content_version__get"]; /** @@ -1243,7 +1243,7 @@ export interface paths { * Use this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only delete content belonging to your account. + * - Requires `X-API-Key`. You can only delete content belonging to your account. */ delete: operations["delete_content_api_contents__source_connection_content_version__delete"]; options?: never; @@ -1265,7 +1265,7 @@ export interface paths { * Embeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access embeddings for content belonging to your account. + * - Requires `X-API-Key`. You can only access embeddings for content belonging to your account. */ get: operations["list_content_embeddings_api_contents__source_connection_content_version__embeddings_get"]; put?: never; @@ -1334,7 +1334,7 @@ export interface paths { * - For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only replace content belonging to your account. + * - Requires `X-API-Key`. You can only replace content belonging to your account. */ post: operations["upload_file_to_content_api_contents__source_connection_content_version__upload_post"]; delete?: never; @@ -1443,7 +1443,7 @@ export interface paths { * @description List knowledge bases for the account. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ get: operations["list_knowledge_bases_api_knowledge_bases_get"]; put?: never; @@ -1472,7 +1472,7 @@ export interface paths { * @description Fetch a knowledge base by ID. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access knowledge bases belonging to your account. + * - Requires `X-API-Key`. You can only access knowledge bases belonging to your account. */ get: operations["get_knowledge_base_api_knowledge_bases__knowledge_base_id__get"]; /** @@ -1480,7 +1480,7 @@ export interface paths { * @description Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only update knowledge bases belonging to your account. + * - Requires `X-API-Key`. You can only update knowledge bases belonging to your account. */ put: operations["update_knowledge_base_api_knowledge_bases__knowledge_base_id__put"]; post?: never; @@ -1496,6 +1496,26 @@ export interface paths { patch?: never; trace?: never; }; + "/me": { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + /** + * Get current user identity + * @description Returns the authenticated user's personal account ID and a list of organisations they belong to. Each organisation entry includes the organisation's own id, display name, and account_id. Useful for CLI tooling that needs to let the user pick an org context. + */ + get: operations["get_me_api_me_get"]; + put?: never; + post?: never; + delete?: never; + options?: never; + head?: never; + patch?: never; + trace?: never; + }; "/memory_banks": { parameters: { query?: never; @@ -1508,7 +1528,7 @@ export interface paths { * @description List memory banks for the account. * * Auth & scoping: - * - Requires authentication (API key or bearer token). All resources are scoped to the API key's account. + * - Requires `X-API-Key`. All resources are scoped to the API key's account. */ get: operations["list_memory_banks_api_memory_banks_get"]; put?: never; @@ -1645,7 +1665,7 @@ export interface paths { * @description Fetch a memory bank by ID. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access memory banks belonging to your account. + * - Requires `X-API-Key`. You can only access memory banks belonging to your account. */ get: operations["get_memory_bank_api_memory_banks__memory_bank_id__get"]; /** @@ -1788,7 +1808,7 @@ export interface paths { * Returns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Alerts are scoped to the API key's account. + * - Requires `X-API-Key`. Alerts are scoped to the API key's account. */ get: operations["list_alerts_api_models_alerts_get"]; put?: never; @@ -1813,7 +1833,7 @@ export interface paths { * @description Mark all model lifecycle alerts as read for the account. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Scoped to the API key's account. + * - Requires `X-API-Key`. Scoped to the API key's account. */ post: operations["mark_all_read_api_models_alerts_mark_all_read_post"]; delete?: never; @@ -1836,7 +1856,7 @@ export interface paths { * Useful for badge indicators in UIs and dashboards. * * Auth & scoping: - * - Requires authentication (API key or bearer token). Count is scoped to the API key's account. + * - Requires `X-API-Key`. Count is scoped to the API key's account. */ get: operations["get_alert_unread_count_api_models_alerts_unread_count_get"]; put?: never; @@ -1865,7 +1885,7 @@ export interface paths { * @description Mark a single model lifecycle alert as read (dismissed). * * Auth & scoping: - * - Requires authentication (API key or bearer token). The alert must belong to the API key's account. + * - Requires `X-API-Key`. The alert must belong to the API key's account. */ patch: operations["mark_read_api_models_alerts__alert_id__read_patch"]; trace?: never; @@ -1884,7 +1904,7 @@ export interface paths { * Returns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives. * * Auth & scoping: - * - Requires authentication (API key or bearer token). + * - Requires `X-API-Key`. */ get: operations["get_recommendations_api_models__model_id__recommendations_get"]; put?: never; @@ -1934,7 +1954,7 @@ export interface paths { * - Filtering: `search` to filter by solution name (case-insensitive partial match). * * Auth & scoping: - * - Requires authentication (API key or bearer token). Results are scoped to the API key's account. + * - Requires `X-API-Key`. Results are scoped to the API key's account. */ get: operations["list_solutions_api_solutions_get"]; put?: never; @@ -1942,7 +1962,7 @@ export interface paths { * Create a solution * @description Create a new solution for the API key's account. * - * A *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires authentication (API key or bearer token). + * A *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires `X-API-Key`. */ post: operations["create_solution_api_solutions_post"]; delete?: never; @@ -1962,7 +1982,7 @@ export interface paths { * Get a solution * @description Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections. * - * Returns the full solution detail with nested resource information. Requires authentication (API key or bearer token). + * Returns the full solution detail with nested resource information. Requires `X-API-Key`. */ get: operations["get_solution_api_solutions__solution_id__get"]; put?: never; @@ -1971,7 +1991,7 @@ export interface paths { * Delete a solution * @description Delete a solution by its ID. * - * This permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires authentication (API key or bearer token). + * This permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires `X-API-Key`. */ delete: operations["delete_solution_api_solutions__solution_id__delete"]; options?: never; @@ -1980,7 +2000,7 @@ export interface paths { * Update a solution * @description Update an existing solution's name or description. * - * Pass the fields you wish to change in the request body. Fields not included remain unchanged. Requires authentication (API key or bearer token). + * Pass the fields you wish to change in the request body. Fields not included remain unchanged. Requires `X-API-Key`. */ patch: operations["update_solution_api_solutions__solution_id__patch"]; trace?: never; @@ -1998,14 +2018,14 @@ export interface paths { * Link agents * @description Link one or more agents to a solution by their IDs. * - * Pass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. */ post: operations["link_agents_api_solutions__solution_id__agents_post"]; /** * Unlink agents * @description Unlink one or more agents from a solution by their IDs. * - * Pass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires `X-API-Key`. */ delete: operations["unlink_agents_api_solutions__solution_id__agents_delete"]; options?: never; @@ -2026,7 +2046,7 @@ export interface paths { * Generate solution plan * @description Generate a comprehensive solution management plan via the solution AI assistant. * - * This is the most powerful assistant — it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token). + * This is the most powerful assistant — it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`. * * Supports SSE streaming when `Accept: text/event-stream` is set. */ @@ -2050,7 +2070,7 @@ export interface paths { * Generate knowledge base plan * @description Generate a knowledge base plan via the KB AI assistant. * - * Describe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token). + * Describe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`. */ post: operations["ai_assistant_knowledge_base_api_solutions__solution_id__ai_assistant_knowledge_base_post"]; delete?: never; @@ -2072,7 +2092,7 @@ export interface paths { * Generate source plan * @description Generate a content source plan via the source AI assistant. * - * Describe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires authentication (API key or bearer token). + * Describe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires `X-API-Key`. */ post: operations["ai_assistant_source_api_solutions__solution_id__ai_assistant_source_post"]; delete?: never; @@ -2094,7 +2114,7 @@ export interface paths { * Accept plan * @description Accept and execute a proposed plan generated by one of the AI assistant endpoints. * - * Executes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires authentication (API key or bearer token). + * Executes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires `X-API-Key`. */ post: operations["ai_assistant_accept_api_solutions__solution_id__ai_assistant__conversation_id__accept_post"]; delete?: never; @@ -2116,7 +2136,7 @@ export interface paths { * Decline plan * @description Decline a proposed plan generated by one of the AI assistant endpoints. * - * Marks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires authentication (API key or bearer token). + * Marks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires `X-API-Key`. */ post: operations["ai_assistant_decline_api_solutions__solution_id__ai_assistant__conversation_id__decline_post"]; delete?: never; @@ -2136,7 +2156,7 @@ export interface paths { * List conversations * @description List AI assistant conversation history for a solution. * - * Returns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires authentication (API key or bearer token). + * Returns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires `X-API-Key`. */ get: operations["list_conversations_api_solutions__solution_id__conversations_get"]; put?: never; @@ -2144,7 +2164,7 @@ export interface paths { * Add conversation turn * @description Add a conversation turn to a solution's AI assistant history. * - * Records a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires authentication (API key or bearer token). + * Records a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires `X-API-Key`. */ post: operations["add_conversation_turn_api_solutions__solution_id__conversations_post"]; delete?: never; @@ -2170,7 +2190,7 @@ export interface paths { * Mark conversation turn * @description Mark a conversation turn as accepted or declined. * - * Updates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires authentication (API key or bearer token). + * Updates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires `X-API-Key`. */ patch: operations["mark_conversation_turn_api_solutions__solution_id__conversations__conversation_id__patch"]; trace?: never; @@ -2188,14 +2208,14 @@ export interface paths { * Link knowledge bases * @description Link one or more knowledge bases to a solution by their IDs. * - * Pass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. */ post: operations["link_knowledge_bases_api_solutions__solution_id__knowledge_bases_post"]; /** * Unlink knowledge bases * @description Unlink one or more knowledge bases from a solution by their IDs. * - * Pass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`. */ delete: operations["unlink_knowledge_bases_api_solutions__solution_id__knowledge_bases_delete"]; options?: never; @@ -2216,14 +2236,14 @@ export interface paths { * Link source connections * @description Link one or more source connections to a solution by their IDs. * - * Pass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. */ post: operations["link_source_connections_api_solutions__solution_id__source_connections_post"]; /** * Unlink source connections * @description Unlink one or more source connections from a solution by their IDs. * - * Pass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token). + * Pass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`. */ delete: operations["unlink_source_connections_api_solutions__solution_id__source_connections_delete"]; options?: never; @@ -2273,7 +2293,7 @@ export interface paths { * - Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc). * * Auth & scoping: - * - Requires authentication (API key or bearer token). Results are scoped to the API key's account. + * - Requires `X-API-Key`. Results are scoped to the API key's account. * - The optional `account_id` query param is only allowed when it matches the API key's account. */ get: operations["list_sources_api_sources__get"]; @@ -2297,7 +2317,7 @@ export interface paths { * @description Fetch a content source by ID. * * Auth & scoping: - * - Requires authentication (API key or bearer token). You can only access sources belonging to your account. + * - Requires `X-API-Key`. You can only access sources belonging to your account. */ get: operations["get_source_api_sources__source_connection_id__get"]; /** @@ -4281,6 +4301,16 @@ export interface components { */ accepted: boolean; }; + /** MeResponse */ + MeResponse: { + /** + * Account Id + * Format: uuid + */ + account_id: string; + /** Organizations */ + organizations: components["schemas"]["OrganizationInfoResponse"][]; + }; /** * MemoryBankAiAssistantResponse * @description Response from the memory bank AI assistant. @@ -4490,6 +4520,21 @@ export interface components { /** Total */ total: number; }; + /** OrganizationInfoResponse */ + OrganizationInfoResponse: { + /** + * Account Id + * Format: uuid + */ + account_id: string; + /** + * Id + * Format: uuid + */ + id: string; + /** Name */ + name: string; + }; /** * PaginationResponse * @description Pagination information. @@ -6213,7 +6258,7 @@ export interface components { }; responses: never; parameters: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id": string; }; requestBodies: never; @@ -6231,7 +6276,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -6263,7 +6308,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -6306,7 +6351,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6340,7 +6385,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6372,7 +6417,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6414,7 +6459,7 @@ export interface operations { started_after?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6455,7 +6500,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6489,7 +6534,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6527,7 +6572,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6565,7 +6610,7 @@ export interface operations { end_date?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -6597,7 +6642,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -6636,7 +6681,7 @@ export interface operations { include_step_outputs?: boolean; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6670,7 +6715,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6704,7 +6749,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6738,7 +6783,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6776,7 +6821,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6817,7 +6862,7 @@ export interface operations { offset?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6851,7 +6896,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6889,7 +6934,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6927,7 +6972,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -6968,7 +7013,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7002,7 +7047,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7040,7 +7085,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7074,7 +7119,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7112,7 +7157,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7158,7 +7203,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7199,7 +7244,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7233,7 +7278,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7275,7 +7320,7 @@ export interface operations { status?: components["schemas"]["PendingProcessingCompletedFailedStatus"] | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7309,7 +7354,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7347,7 +7392,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7403,7 +7448,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7438,7 +7483,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7472,7 +7517,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7508,7 +7553,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7544,7 +7589,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7585,7 +7630,7 @@ export interface operations { offset?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7617,7 +7662,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7657,7 +7702,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7693,7 +7738,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7729,7 +7774,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7767,7 +7812,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7814,7 +7859,7 @@ export interface operations { time_to?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7855,7 +7900,7 @@ export interface operations { scope?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7889,7 +7934,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -7927,7 +7972,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7963,7 +8008,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -7995,7 +8040,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8040,7 +8085,7 @@ export interface operations { include_defaults?: boolean; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8072,7 +8117,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8111,7 +8156,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8147,7 +8192,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8187,7 +8232,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8227,7 +8272,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8263,7 +8308,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8302,7 +8347,7 @@ export interface operations { end?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8336,7 +8381,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8374,7 +8419,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8409,7 +8454,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8443,7 +8488,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8481,7 +8526,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8534,7 +8579,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8573,7 +8618,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8621,7 +8666,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8676,7 +8721,7 @@ export interface operations { order?: string; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8708,7 +8753,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8751,7 +8796,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8785,7 +8830,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8823,7 +8868,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -8851,6 +8896,29 @@ export interface operations { }; }; }; + get_me_api_me_get: { + parameters: { + query?: never; + header?: { + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ + "X-Account-Id"?: components["parameters"]["X-Account-Id"]; + }; + path?: never; + cookie?: never; + }; + requestBody?: never; + responses: { + /** @description Successful Response */ + 200: { + headers: { + [name: string]: unknown; + }; + content: { + "application/json": components["schemas"]["MeResponse"]; + }; + }; + }; + }; list_memory_banks_api_memory_banks_get: { parameters: { query?: { @@ -8866,7 +8934,7 @@ export interface operations { type?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8898,7 +8966,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8934,7 +9002,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -8982,7 +9050,7 @@ export interface operations { offset?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9014,7 +9082,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9054,7 +9122,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9079,7 +9147,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9115,7 +9183,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9149,7 +9217,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9187,7 +9255,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9219,7 +9287,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9255,7 +9323,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9291,7 +9359,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9327,7 +9395,7 @@ export interface operations { end_date?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9363,7 +9431,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9410,7 +9478,7 @@ export interface operations { offset?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9444,7 +9512,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9465,7 +9533,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9490,7 +9558,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9533,7 +9601,7 @@ export interface operations { min_output_tokens?: number | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9576,7 +9644,7 @@ export interface operations { entity_type?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9621,7 +9689,7 @@ export interface operations { search?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9653,7 +9721,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -9689,7 +9757,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9723,7 +9791,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9755,7 +9823,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9793,7 +9861,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9831,7 +9899,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9869,7 +9937,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9907,7 +9975,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9945,7 +10013,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -9983,7 +10051,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10022,7 +10090,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10055,7 +10123,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10089,7 +10157,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10127,7 +10195,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10164,7 +10232,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10202,7 +10270,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10240,7 +10308,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10278,7 +10346,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10316,7 +10384,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -10370,7 +10438,7 @@ export interface operations { account_id?: string | null; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path?: never; @@ -10402,7 +10470,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10436,7 +10504,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10474,7 +10542,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10512,7 +10580,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10544,7 +10612,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10578,7 +10646,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10623,7 +10691,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10660,7 +10728,7 @@ export interface operations { limit?: number; }; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10694,7 +10762,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10732,7 +10800,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10770,7 +10838,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10805,7 +10873,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10838,7 +10906,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10873,7 +10941,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { @@ -10908,7 +10976,7 @@ export interface operations { parameters: { query?: never; header?: { - /** @description Target a different organization account. When omitted, the user's default account is used. For API key authentication the key's account is always used; the header is accepted but has no effect. */ + /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ "X-Account-Id"?: components["parameters"]["X-Account-Id"]; }; path: { diff --git a/tests/client.test.ts b/tests/client.test.ts index 43cdb4c..c0b4bf7 100644 --- a/tests/client.test.ts +++ b/tests/client.test.ts @@ -106,7 +106,7 @@ describe("Configuration & Auth", () => { p.env.SECLAI_CONFIG_DIR = "/nonexistent-seclai-dir"; } const client = new Seclai({ fetch: makeFetch(() => new Response("ok")) }); - await expect(client.request("GET", "/test")).rejects.toThrow(/[Mm]issing credentials/); + await expect(client.request("GET", "/test")).rejects.toThrow(/SSO token expired|[Mm]issing credentials/); if (p?.env) { if (prev === undefined) delete p.env.SECLAI_API_KEY; else p.env.SECLAI_API_KEY = prev; From b3d12e98c157f42786890d188f8460a8708789d4 Mon Sep 17 00:00:00 2001 From: Kim Burgaard Date: Fri, 27 Mar 2026 14:55:15 -0700 Subject: [PATCH 2/3] Addressed review comments --- README.md | 7 +- openapi/seclai.openapi.json | 133 +++++++++++++++++----------------- src/auth.ts | 3 + src/index.ts | 16 +++++ src/openapi.ts | 137 ++++++++++++++++++------------------ tests/client.test.ts | 15 +++- 6 files changed, 168 insertions(+), 143 deletions(-) diff --git a/README.md b/README.md index 2332fbd..dddb417 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Credentials are resolved via a chain (first match wins): 1. Explicit `apiKey` option 2. Explicit `accessToken` option (string or `() => string | Promise`) 3. `SECLAI_API_KEY` environment variable -4. SSO — cached tokens from `~/.seclai/sso/cache/` (always available as fallback) +4. SSO — cached tokens from `~/.seclai/sso/cache/` (requires a prior `seclai auth login`) ```ts // API key @@ -84,10 +84,11 @@ const client = new Seclai(); #### SSO authentication SSO is the default fallback when no explicit credentials are provided. The SDK -includes built-in production SSO defaults, so no configuration is needed: +includes built-in production SSO defaults, so `seclai configure sso` is not +required. You only need to log in once to populate the token cache: ```bash -npx @seclai/cli auth login # authenticate via browser — works immediately +npx @seclai/cli auth login # authenticate via browser — no prior setup needed ``` To customize SSO settings (e.g. for a staging environment), use `seclai configure sso` diff --git a/openapi/seclai.openapi.json b/openapi/seclai.openapi.json index 39566f3..5ad33f3 100644 --- a/openapi/seclai.openapi.json +++ b/openapi/seclai.openapi.json @@ -7125,7 +7125,7 @@ "paths": { "/agents": { "get": { - "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "list_agents_api_agents_get", "parameters": [ { @@ -7187,7 +7187,7 @@ ] }, "post": { - "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires `X-API-Key`. Agent is created in the API key's account.", + "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Agent is created in the authenticated account.", "operationId": "create_agent_api_agents_post", "parameters": [ { @@ -7768,7 +7768,7 @@ }, "/agents/runs/search": { "post": { - "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires `X-API-Key`. Searches only within your account's traces.", + "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Searches only within your account's traces.", "operationId": "search_agent_runs_api_agents_runs_search_post", "parameters": [ { @@ -7815,7 +7815,7 @@ }, "/agents/runs/{run_id}": { "delete": { - "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only cancel runs belonging to your account.", + "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only cancel runs belonging to your account.", "operationId": "delete_agent_run_api_agents_runs__run_id__delete", "parameters": [ { @@ -7859,7 +7859,7 @@ ] }, "get": { - "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access runs belonging to your account.", + "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access runs belonging to your account.", "operationId": "get_agent_run_api_agents_runs__run_id__get", "parameters": [ { @@ -7917,7 +7917,7 @@ }, "/agents/{agent_id}": { "delete": { - "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only delete agents belonging to your account.", + "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete agents belonging to your account.", "operationId": "delete_agent_api_agents__agent_id__delete", "parameters": [ { @@ -7954,7 +7954,7 @@ ] }, "get": { - "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access agents belonging to your account.", + "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", "operationId": "get_agent_metadata_api_agents__agent_id__get", "parameters": [ { @@ -7998,7 +7998,7 @@ ] }, "put": { - "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update agents belonging to your account.", + "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", "operationId": "update_agent_api_agents__agent_id__put", "parameters": [ { @@ -8337,7 +8337,7 @@ }, "/agents/{agent_id}/definition": { "get": { - "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access agents belonging to your account.", + "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", "operationId": "get_agent_definition_api_agents__agent_id__definition_get", "parameters": [ { @@ -8381,7 +8381,7 @@ ] }, "put": { - "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update agents belonging to your account.", + "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", "operationId": "update_agent_definition_api_agents__agent_id__definition_put", "parameters": [ { @@ -8873,7 +8873,7 @@ }, "/agents/{agent_id}/input-uploads/{upload_id}": { "get": { - "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "api_get_agent_input_upload_status_api_agents__agent_id__input_uploads__upload_id__get", "parameters": [ { @@ -8928,7 +8928,7 @@ }, "/agents/{agent_id}/runs": { "get": { - "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only list runs for agents in your account.", + "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only list runs for agents in your account.", "operationId": "list_agent_runs_api_agents__agent_id__runs_get", "parameters": [ { @@ -9017,7 +9017,7 @@ ] }, "post": { - "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "run_agent_api_agents__agent_id__runs_post", "parameters": [ { @@ -9073,7 +9073,7 @@ }, "/agents/{agent_id}/runs/stream": { "post": { - "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "run_streaming_agent_api_agents__agent_id__runs_stream_post", "parameters": [ { @@ -9192,7 +9192,7 @@ }, "/agents/{agent_id}/upload-input": { "post": { - "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "api_upload_agent_input_api_agents__agent_id__upload_input_post", "parameters": [ { @@ -9695,7 +9695,7 @@ }, "/alerts": { "get": { - "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires `X-API-Key` with user association. Results are scoped to the API key's account.", + "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.", "operationId": "list_alerts_api_alerts_get", "parameters": [ { @@ -9853,7 +9853,7 @@ }, "/alerts/configs": { "get": { - "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "list_alert_configs_api_alerts_configs_get", "parameters": [ { @@ -9944,7 +9944,7 @@ ] }, "post": { - "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "create_alert_config_api_alerts_configs_post", "parameters": [ { @@ -9993,7 +9993,7 @@ }, "/alerts/configs/{config_id}": { "delete": { - "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "delete_alert_config_api_alerts_configs__config_id__delete", "parameters": [ { @@ -10030,7 +10030,7 @@ ] }, "get": { - "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "get_alert_config_api_alerts_configs__config_id__get", "parameters": [ { @@ -10076,7 +10076,7 @@ ] }, "patch": { - "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "update_alert_config_api_alerts_configs__config_id__patch", "parameters": [ { @@ -10134,7 +10134,7 @@ }, "/alerts/organization-preferences/list": { "get": { - "description": "List per-organization alert delivery preferences for the API key's associated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.\n- Only organizations where the user is an owner or administrator are included.", + "description": "List per-organization alert delivery preferences for the API key's associated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).\n- Only organizations where the user is an owner or administrator are included.", "operationId": "list_organization_preferences_api_alerts_organization_preferences_list_get", "parameters": [ { @@ -10202,7 +10202,7 @@ }, "/alerts/organization-preferences/{organization_id}/{alert_type}": { "patch": { - "description": "Update the API key user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.\n- Only owners and administrators can update preferences for an organization.", + "description": "Update the API key user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).\n- Only owners and administrators can update preferences for an organization.", "operationId": "update_organization_preference_api_alerts_organization_preferences__organization_id___alert_type__patch", "parameters": [ { @@ -10268,7 +10268,7 @@ }, "/alerts/{alert_id}": { "get": { - "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "get_alert_detail_api_alerts__alert_id__get", "parameters": [ { @@ -10316,7 +10316,7 @@ }, "/alerts/{alert_id}/comments": { "post": { - "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "add_alert_comment_api_alerts__alert_id__comments_post", "parameters": [ { @@ -10374,7 +10374,7 @@ }, "/alerts/{alert_id}/status": { "post": { - "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "change_alert_status_api_alerts__alert_id__status_post", "parameters": [ { @@ -10432,7 +10432,7 @@ }, "/alerts/{alert_id}/subscribe": { "post": { - "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "subscribe_to_alert_api_alerts__alert_id__subscribe_post", "parameters": [ { @@ -10480,7 +10480,7 @@ }, "/alerts/{alert_id}/unsubscribe": { "post": { - "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires `X-API-Key` with user association.", + "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "unsubscribe_from_alert_api_alerts__alert_id__unsubscribe_post", "parameters": [ { @@ -10528,7 +10528,7 @@ }, "/contents/{source_connection_content_version}": { "delete": { - "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only delete content belonging to your account.", + "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete content belonging to your account.", "operationId": "delete_content_api_contents__source_connection_content_version__delete", "parameters": [ { @@ -10565,7 +10565,7 @@ ] }, "get": { - "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access content belonging to your account.", + "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access content belonging to your account.", "operationId": "get_content_detail_api_contents__source_connection_content_version__get", "parameters": [ { @@ -10685,7 +10685,7 @@ }, "/contents/{source_connection_content_version}/embeddings": { "get": { - "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access embeddings for content belonging to your account.", + "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access embeddings for content belonging to your account.", "operationId": "list_content_embeddings_api_contents__source_connection_content_version__embeddings_get", "parameters": [ { @@ -10751,7 +10751,7 @@ }, "/contents/{source_connection_content_version}/upload": { "post": { - "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only replace content belonging to your account.", + "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only replace content belonging to your account.", "operationId": "upload_file_to_content_api_contents__source_connection_content_version__upload_post", "parameters": [ { @@ -11017,7 +11017,7 @@ }, "/knowledge_bases": { "get": { - "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "list_knowledge_bases_api_knowledge_bases_get", "parameters": [ { @@ -11190,7 +11190,7 @@ ] }, "get": { - "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access knowledge bases belonging to your account.", + "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access knowledge bases belonging to your account.", "operationId": "get_knowledge_base_api_knowledge_bases__knowledge_base_id__get", "parameters": [ { @@ -11234,7 +11234,7 @@ ] }, "put": { - "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only update knowledge bases belonging to your account.", + "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update knowledge bases belonging to your account.", "operationId": "update_knowledge_base_api_knowledge_bases__knowledge_base_id__put", "parameters": [ { @@ -11290,13 +11290,8 @@ }, "/me": { "get": { - "description": "Returns the authenticated user's personal account ID and a list of organisations they belong to. Each organisation entry includes the organisation's own id, display name, and account_id. Useful for CLI tooling that needs to let the user pick an org context.", + "description": "Returns the authenticated user's personal account ID and a list of organizations they belong to. Each organization entry includes the organization's own id, name, and account_id. Useful for CLI tooling that needs to let the user pick an organization context.", "operationId": "get_me_api_me_get", - "parameters": [ - { - "$ref": "#/components/parameters/X-Account-Id" - } - ], "responses": { "200": { "content": { @@ -11317,7 +11312,7 @@ }, "/memory_banks": { "get": { - "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. All resources are scoped to the API key's account.", + "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", "operationId": "list_memory_banks_api_memory_banks_get", "parameters": [ { @@ -11759,7 +11754,7 @@ ] }, "get": { - "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access memory banks belonging to your account.", + "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access memory banks belonging to your account.", "operationId": "get_memory_bank_api_memory_banks__memory_bank_id__get", "parameters": [ { @@ -12149,7 +12144,7 @@ }, "/models/alerts": { "get": { - "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires `X-API-Key`. Alerts are scoped to the API key's account.", + "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Alerts are scoped to the authenticated account.", "operationId": "list_alerts_api_models_alerts_get", "parameters": [ { @@ -12245,7 +12240,7 @@ }, "/models/alerts/mark-all-read": { "post": { - "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires `X-API-Key`. Scoped to the API key's account.", + "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Scoped to the authenticated account.", "operationId": "mark_all_read_api_models_alerts_mark_all_read_post", "parameters": [ { @@ -12265,7 +12260,7 @@ }, "/models/alerts/unread-count": { "get": { - "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires `X-API-Key`. Count is scoped to the API key's account.", + "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Count is scoped to the authenticated account.", "operationId": "get_alert_unread_count_api_models_alerts_unread_count_get", "parameters": [ { @@ -12294,7 +12289,7 @@ }, "/models/alerts/{alert_id}/read": { "patch": { - "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires `X-API-Key`. The alert must belong to the API key's account.", + "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). The alert must belong to the authenticated account.", "operationId": "mark_read_api_models_alerts__alert_id__read_patch", "parameters": [ { @@ -12334,7 +12329,7 @@ }, "/models/{model_id}/recommendations": { "get": { - "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires `X-API-Key`.", + "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", "operationId": "get_recommendations_api_models__model_id__recommendations_get", "parameters": [ { @@ -12556,7 +12551,7 @@ }, "/solutions": { "get": { - "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires `X-API-Key`. Results are scoped to the API key's account.", + "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.", "operationId": "list_solutions_api_solutions_get", "parameters": [ { @@ -12661,7 +12656,7 @@ ] }, "post": { - "description": "Create a new solution for the API key's account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires `X-API-Key`.", + "description": "Create a new solution for the authenticated account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires authentication (API key or bearer token).", "operationId": "create_solution_api_solutions_post", "parameters": [ { @@ -12708,7 +12703,7 @@ }, "/solutions/{solution_id}": { "delete": { - "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires `X-API-Key`.", + "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires authentication (API key or bearer token).", "operationId": "delete_solution_api_solutions__solution_id__delete", "parameters": [ { @@ -12746,7 +12741,7 @@ ] }, "get": { - "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information. Requires `X-API-Key`.", + "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information. Requires authentication (API key or bearer token).", "operationId": "get_solution_api_solutions__solution_id__get", "parameters": [ { @@ -12791,7 +12786,7 @@ ] }, "patch": { - "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged. Requires `X-API-Key`.", + "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged. Requires authentication (API key or bearer token).", "operationId": "update_solution_api_solutions__solution_id__patch", "parameters": [ { @@ -12848,7 +12843,7 @@ }, "/solutions/{solution_id}/agents": { "delete": { - "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires `X-API-Key`.", + "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires authentication (API key or bearer token).", "operationId": "unlink_agents_api_solutions__solution_id__agents_delete", "parameters": [ { @@ -12903,7 +12898,7 @@ ] }, "post": { - "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", + "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", "operationId": "link_agents_api_solutions__solution_id__agents_post", "parameters": [ { @@ -12960,7 +12955,7 @@ }, "/solutions/{solution_id}/ai-assistant/generate": { "post": { - "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`.\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", + "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", "operationId": "ai_assistant_generate_api_solutions__solution_id__ai_assistant_generate_post", "parameters": [ { @@ -13017,7 +13012,7 @@ }, "/solutions/{solution_id}/ai-assistant/knowledge-base": { "post": { - "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`.", + "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).", "operationId": "ai_assistant_knowledge_base_api_solutions__solution_id__ai_assistant_knowledge_base_post", "parameters": [ { @@ -13074,7 +13069,7 @@ }, "/solutions/{solution_id}/ai-assistant/source": { "post": { - "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires `X-API-Key`.", + "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires authentication (API key or bearer token).", "operationId": "ai_assistant_source_api_solutions__solution_id__ai_assistant_source_post", "parameters": [ { @@ -13131,7 +13126,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/accept": { "post": { - "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires `X-API-Key`.", + "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires authentication (API key or bearer token).", "operationId": "ai_assistant_accept_api_solutions__solution_id__ai_assistant__conversation_id__accept_post", "parameters": [ { @@ -13198,7 +13193,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/decline": { "post": { - "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires `X-API-Key`.", + "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires authentication (API key or bearer token).", "operationId": "ai_assistant_decline_api_solutions__solution_id__ai_assistant__conversation_id__decline_post", "parameters": [ { @@ -13248,7 +13243,7 @@ }, "/solutions/{solution_id}/conversations": { "get": { - "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires `X-API-Key`.", + "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires authentication (API key or bearer token).", "operationId": "list_conversations_api_solutions__solution_id__conversations_get", "parameters": [ { @@ -13297,7 +13292,7 @@ ] }, "post": { - "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires `X-API-Key`.", + "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires authentication (API key or bearer token).", "operationId": "add_conversation_turn_api_solutions__solution_id__conversations_post", "parameters": [ { @@ -13354,7 +13349,7 @@ }, "/solutions/{solution_id}/conversations/{conversation_id}": { "patch": { - "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires `X-API-Key`.", + "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires authentication (API key or bearer token).", "operationId": "mark_conversation_turn_api_solutions__solution_id__conversations__conversation_id__patch", "parameters": [ { @@ -13414,7 +13409,7 @@ }, "/solutions/{solution_id}/knowledge-bases": { "delete": { - "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`.", + "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", "operationId": "unlink_knowledge_bases_api_solutions__solution_id__knowledge_bases_delete", "parameters": [ { @@ -13469,7 +13464,7 @@ ] }, "post": { - "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", + "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", "operationId": "link_knowledge_bases_api_solutions__solution_id__knowledge_bases_post", "parameters": [ { @@ -13526,7 +13521,7 @@ }, "/solutions/{solution_id}/source-connections": { "delete": { - "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`.", + "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", "operationId": "unlink_source_connections_api_solutions__solution_id__source_connections_delete", "parameters": [ { @@ -13581,7 +13576,7 @@ ] }, "post": { - "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`.", + "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", "operationId": "link_source_connections_api_solutions__solution_id__source_connections_post", "parameters": [ { @@ -13688,7 +13683,7 @@ }, "/sources/": { "get": { - "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires `X-API-Key`. Results are scoped to the API key's account.\n- The optional `account_id` query param is only allowed when it matches the API key's account.", + "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.\n- The optional `account_id` query param is only allowed when it matches the authenticated account.", "operationId": "list_sources_api_sources__get", "parameters": [ { @@ -13833,7 +13828,7 @@ ] }, "get": { - "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires `X-API-Key`. You can only access sources belonging to your account.", + "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access sources belonging to your account.", "operationId": "get_source_api_sources__source_connection_id__get", "parameters": [ { diff --git a/src/auth.ts b/src/auth.ts index f0b9259..47aaf8f 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -195,6 +195,9 @@ export async function resolveConfigDir(override?: string): Promise { * Non-default profiles inherit unset keys from `[default]`. * All profiles fall back to built-in defaults and environment variable overrides. * + * **Node.js only** — this function uses `node:fs` and `node:path` internally + * and will throw in browser/edge-worker runtimes. + * * @param configDir - Resolved config directory path. * @param profileName - Profile name to look up (`"default"` or a named profile). * @returns The resolved profile. Always returns a valid profile using built-in defaults. diff --git a/src/index.ts b/src/index.ts index 8e0abdc..9914cb9 100644 --- a/src/index.ts +++ b/src/index.ts @@ -29,9 +29,25 @@ export { DEFAULT_SSO_DOMAIN, DEFAULT_SSO_CLIENT_ID, DEFAULT_SSO_REGION, + /** + * Load an SSO profile from the config file. + * **Node.js only** — uses `node:fs` and `node:path`. + */ loadSsoProfile, + /** + * Read a cached SSO token from disk. + * **Node.js only** — uses `node:fs` and `node:path`. + */ readSsoCache, + /** + * Write a cached SSO token to disk atomically. + * **Node.js only** — uses `node:fs` and `node:path`. + */ writeSsoCache, + /** + * Delete a cached SSO token file. + * **Node.js only** — uses `node:fs` and `node:path`. + */ deleteSsoCache, isTokenValid, } from "./auth"; diff --git a/src/openapi.ts b/src/openapi.ts index 00c64ae..96504b6 100644 --- a/src/openapi.ts +++ b/src/openapi.ts @@ -16,7 +16,7 @@ export interface paths { * @description List agents for the account with pagination. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ get: operations["list_agents_api_agents_get"]; put?: never; @@ -33,7 +33,7 @@ export interface paths { * Templates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline` * * Auth & scoping: - * - Requires `X-API-Key`. Agent is created in the API key's account. + * - Requires authentication (API key or bearer token). Agent is created in the authenticated account. */ post: operations["create_agent_api_agents_post"]; delete?: never; @@ -199,7 +199,7 @@ export interface paths { * Agent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed. * * Auth & scoping: - * - Requires `X-API-Key`. Searches only within your account's traces. + * - Requires authentication (API key or bearer token). Searches only within your account's traces. */ post: operations["search_agent_runs_api_agents_runs_search_post"]; delete?: never; @@ -222,7 +222,7 @@ export interface paths { * The response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access runs belonging to your account. + * - Requires authentication (API key or bearer token). You can only access runs belonging to your account. */ get: operations["get_agent_run_api_agents_runs__run_id__get"]; put?: never; @@ -234,7 +234,7 @@ export interface paths { * If the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected. * * Auth & scoping: - * - Requires `X-API-Key`. You can only cancel runs belonging to your account. + * - Requires authentication (API key or bearer token). You can only cancel runs belonging to your account. */ delete: operations["delete_agent_run_api_agents_runs__run_id__delete"]; options?: never; @@ -254,7 +254,7 @@ export interface paths { * @description Fetch an agent's metadata (name, description, trigger type, timestamps). * * Auth & scoping: - * - Requires `X-API-Key`. You can only access agents belonging to your account. + * - Requires authentication (API key or bearer token). You can only access agents belonging to your account. */ get: operations["get_agent_metadata_api_agents__agent_id__get"]; /** @@ -268,7 +268,7 @@ export interface paths { * At least one field must be provided. * * Auth & scoping: - * - Requires `X-API-Key`. You can only update agents belonging to your account. + * - Requires authentication (API key or bearer token). You can only update agents belonging to your account. */ put: operations["update_agent_api_agents__agent_id__put"]; post?: never; @@ -277,7 +277,7 @@ export interface paths { * @description Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API. * * Auth & scoping: - * - Requires `X-API-Key`. You can only delete agents belonging to your account. + * - Requires authentication (API key or bearer token). You can only delete agents belonging to your account. */ delete: operations["delete_agent_api_agents__agent_id__delete"]; options?: never; @@ -422,7 +422,7 @@ export interface paths { * - `text`: Static text literal * * Auth & scoping: - * - Requires `X-API-Key`. You can only access agents belonging to your account. + * - Requires authentication (API key or bearer token). You can only access agents belonging to your account. */ get: operations["get_agent_definition_api_agents__agent_id__definition_get"]; /** @@ -436,7 +436,7 @@ export interface paths { * **Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1–10). Best practice: place a `gate` step before the retry to make retries conditional. * * Auth & scoping: - * - Requires `X-API-Key`. You can only update agents belonging to your account. + * - Requires authentication (API key or bearer token). You can only update agents belonging to your account. */ put: operations["update_agent_definition_api_agents__agent_id__definition_put"]; post?: never; @@ -560,7 +560,7 @@ export interface paths { * Possible `status` values: `processing`, `ready`, `failed`. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ get: operations["api_get_agent_input_upload_status_api_agents__agent_id__input_uploads__upload_id__get"]; put?: never; @@ -590,7 +590,7 @@ export interface paths { * - This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`. * * Auth & scoping: - * - Requires `X-API-Key`. You can only list runs for agents in your account. + * - Requires authentication (API key or bearer token). You can only list runs for agents in your account. */ get: operations["list_agent_runs_api_agents__agent_id__runs_get"]; put?: never; @@ -615,7 +615,7 @@ export interface paths { * - Use `include_step_outputs=true` to include per-step outputs, timing, and credits. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ post: operations["run_agent_api_agents__agent_id__runs_post"]; delete?: never; @@ -653,7 +653,7 @@ export interface paths { * - On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ post: operations["run_streaming_agent_api_agents__agent_id__runs_stream_post"]; delete?: never; @@ -707,7 +707,7 @@ export interface paths { * After uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ post: operations["api_upload_agent_input_api_agents__agent_id__upload_input_post"]; delete?: never; @@ -932,7 +932,7 @@ export interface paths { * - `time_from` / `time_to`: ISO 8601 date range * * Auth & scoping: - * - Requires `X-API-Key` with user association. Results are scoped to the API key's account. + * - Requires authentication (API key or bearer token). Results are scoped to the authenticated account. */ get: operations["list_alerts_api_alerts_get"]; put?: never; @@ -963,7 +963,7 @@ export interface paths { * Credits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ get: operations["list_alert_configs_api_alerts_configs_get"]; put?: never; @@ -977,7 +977,7 @@ export interface paths { * Distribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ post: operations["create_alert_config_api_alerts_configs_post"]; delete?: never; @@ -1000,7 +1000,7 @@ export interface paths { * Returns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ get: operations["get_alert_config_api_alerts_configs__config_id__get"]; put?: never; @@ -1010,7 +1010,7 @@ export interface paths { * @description Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ delete: operations["delete_alert_config_api_alerts_configs__config_id__delete"]; options?: never; @@ -1020,7 +1020,7 @@ export interface paths { * @description Update an alert configuration. Only provided fields are updated. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ patch: operations["update_alert_config_api_alerts_configs__config_id__patch"]; trace?: never; @@ -1039,7 +1039,7 @@ export interface paths { * By default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). * - Only organizations where the user is an owner or administrator are included. */ get: operations["list_organization_preferences_api_alerts_organization_preferences_list_get"]; @@ -1071,7 +1071,7 @@ export interface paths { * Setting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). * - Only owners and administrators can update preferences for an organization. */ patch: operations["update_organization_preference_api_alerts_organization_preferences__organization_id___alert_type__patch"]; @@ -1089,7 +1089,7 @@ export interface paths { * @description Get full alert detail including history, comments, and subscribers. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ get: operations["get_alert_detail_api_alerts__alert_id__get"]; put?: never; @@ -1114,7 +1114,7 @@ export interface paths { * @description Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ post: operations["add_alert_comment_api_alerts__alert_id__comments_post"]; delete?: never; @@ -1137,7 +1137,7 @@ export interface paths { * @description Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ post: operations["change_alert_status_api_alerts__alert_id__status_post"]; delete?: never; @@ -1160,7 +1160,7 @@ export interface paths { * @description Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ post: operations["subscribe_to_alert_api_alerts__alert_id__subscribe_post"]; delete?: never; @@ -1183,7 +1183,7 @@ export interface paths { * @description Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert. * * Auth & scoping: - * - Requires `X-API-Key` with user association. + * - Requires authentication (API key or bearer token). */ post: operations["unsubscribe_from_alert_api_alerts__alert_id__unsubscribe_post"]; delete?: never; @@ -1211,7 +1211,7 @@ export interface paths { * - `start` and `end` control the character range returned in `text_content` so clients can page through large documents. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access content belonging to your account. + * - Requires authentication (API key or bearer token). You can only access content belonging to your account. */ get: operations["get_content_detail_api_contents__source_connection_content_version__get"]; /** @@ -1243,7 +1243,7 @@ export interface paths { * Use this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item. * * Auth & scoping: - * - Requires `X-API-Key`. You can only delete content belonging to your account. + * - Requires authentication (API key or bearer token). You can only delete content belonging to your account. */ delete: operations["delete_content_api_contents__source_connection_content_version__delete"]; options?: never; @@ -1265,7 +1265,7 @@ export interface paths { * Embeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access embeddings for content belonging to your account. + * - Requires authentication (API key or bearer token). You can only access embeddings for content belonging to your account. */ get: operations["list_content_embeddings_api_contents__source_connection_content_version__embeddings_get"]; put?: never; @@ -1334,7 +1334,7 @@ export interface paths { * - For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`. * * Auth & scoping: - * - Requires `X-API-Key`. You can only replace content belonging to your account. + * - Requires authentication (API key or bearer token). You can only replace content belonging to your account. */ post: operations["upload_file_to_content_api_contents__source_connection_content_version__upload_post"]; delete?: never; @@ -1443,7 +1443,7 @@ export interface paths { * @description List knowledge bases for the account. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ get: operations["list_knowledge_bases_api_knowledge_bases_get"]; put?: never; @@ -1472,7 +1472,7 @@ export interface paths { * @description Fetch a knowledge base by ID. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access knowledge bases belonging to your account. + * - Requires authentication (API key or bearer token). You can only access knowledge bases belonging to your account. */ get: operations["get_knowledge_base_api_knowledge_bases__knowledge_base_id__get"]; /** @@ -1480,7 +1480,7 @@ export interface paths { * @description Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged. * * Auth & scoping: - * - Requires `X-API-Key`. You can only update knowledge bases belonging to your account. + * - Requires authentication (API key or bearer token). You can only update knowledge bases belonging to your account. */ put: operations["update_knowledge_base_api_knowledge_bases__knowledge_base_id__put"]; post?: never; @@ -1505,7 +1505,7 @@ export interface paths { }; /** * Get current user identity - * @description Returns the authenticated user's personal account ID and a list of organisations they belong to. Each organisation entry includes the organisation's own id, display name, and account_id. Useful for CLI tooling that needs to let the user pick an org context. + * @description Returns the authenticated user's personal account ID and a list of organizations they belong to. Each organization entry includes the organization's own id, name, and account_id. Useful for CLI tooling that needs to let the user pick an organization context. */ get: operations["get_me_api_me_get"]; put?: never; @@ -1528,7 +1528,7 @@ export interface paths { * @description List memory banks for the account. * * Auth & scoping: - * - Requires `X-API-Key`. All resources are scoped to the API key's account. + * - Requires authentication (API key or bearer token). All resources are scoped to the authenticated account. */ get: operations["list_memory_banks_api_memory_banks_get"]; put?: never; @@ -1665,7 +1665,7 @@ export interface paths { * @description Fetch a memory bank by ID. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access memory banks belonging to your account. + * - Requires authentication (API key or bearer token). You can only access memory banks belonging to your account. */ get: operations["get_memory_bank_api_memory_banks__memory_bank_id__get"]; /** @@ -1808,7 +1808,7 @@ export interface paths { * Returns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination. * * Auth & scoping: - * - Requires `X-API-Key`. Alerts are scoped to the API key's account. + * - Requires authentication (API key or bearer token). Alerts are scoped to the authenticated account. */ get: operations["list_alerts_api_models_alerts_get"]; put?: never; @@ -1833,7 +1833,7 @@ export interface paths { * @description Mark all model lifecycle alerts as read for the account. * * Auth & scoping: - * - Requires `X-API-Key`. Scoped to the API key's account. + * - Requires authentication (API key or bearer token). Scoped to the authenticated account. */ post: operations["mark_all_read_api_models_alerts_mark_all_read_post"]; delete?: never; @@ -1856,7 +1856,7 @@ export interface paths { * Useful for badge indicators in UIs and dashboards. * * Auth & scoping: - * - Requires `X-API-Key`. Count is scoped to the API key's account. + * - Requires authentication (API key or bearer token). Count is scoped to the authenticated account. */ get: operations["get_alert_unread_count_api_models_alerts_unread_count_get"]; put?: never; @@ -1885,7 +1885,7 @@ export interface paths { * @description Mark a single model lifecycle alert as read (dismissed). * * Auth & scoping: - * - Requires `X-API-Key`. The alert must belong to the API key's account. + * - Requires authentication (API key or bearer token). The alert must belong to the authenticated account. */ patch: operations["mark_read_api_models_alerts__alert_id__read_patch"]; trace?: never; @@ -1904,7 +1904,7 @@ export interface paths { * Returns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives. * * Auth & scoping: - * - Requires `X-API-Key`. + * - Requires authentication (API key or bearer token). */ get: operations["get_recommendations_api_models__model_id__recommendations_get"]; put?: never; @@ -1954,15 +1954,15 @@ export interface paths { * - Filtering: `search` to filter by solution name (case-insensitive partial match). * * Auth & scoping: - * - Requires `X-API-Key`. Results are scoped to the API key's account. + * - Requires authentication (API key or bearer token). Results are scoped to the authenticated account. */ get: operations["list_solutions_api_solutions_get"]; put?: never; /** * Create a solution - * @description Create a new solution for the API key's account. + * @description Create a new solution for the authenticated account. * - * A *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires `X-API-Key`. + * A *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires authentication (API key or bearer token). */ post: operations["create_solution_api_solutions_post"]; delete?: never; @@ -1982,7 +1982,7 @@ export interface paths { * Get a solution * @description Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections. * - * Returns the full solution detail with nested resource information. Requires `X-API-Key`. + * Returns the full solution detail with nested resource information. Requires authentication (API key or bearer token). */ get: operations["get_solution_api_solutions__solution_id__get"]; put?: never; @@ -1991,7 +1991,7 @@ export interface paths { * Delete a solution * @description Delete a solution by its ID. * - * This permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires `X-API-Key`. + * This permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires authentication (API key or bearer token). */ delete: operations["delete_solution_api_solutions__solution_id__delete"]; options?: never; @@ -2000,7 +2000,7 @@ export interface paths { * Update a solution * @description Update an existing solution's name or description. * - * Pass the fields you wish to change in the request body. Fields not included remain unchanged. Requires `X-API-Key`. + * Pass the fields you wish to change in the request body. Fields not included remain unchanged. Requires authentication (API key or bearer token). */ patch: operations["update_solution_api_solutions__solution_id__patch"]; trace?: never; @@ -2018,14 +2018,14 @@ export interface paths { * Link agents * @description Link one or more agents to a solution by their IDs. * - * Pass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). */ post: operations["link_agents_api_solutions__solution_id__agents_post"]; /** * Unlink agents * @description Unlink one or more agents from a solution by their IDs. * - * Pass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires authentication (API key or bearer token). */ delete: operations["unlink_agents_api_solutions__solution_id__agents_delete"]; options?: never; @@ -2046,7 +2046,7 @@ export interface paths { * Generate solution plan * @description Generate a comprehensive solution management plan via the solution AI assistant. * - * This is the most powerful assistant — it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`. + * This is the most powerful assistant — it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token). * * Supports SSE streaming when `Accept: text/event-stream` is set. */ @@ -2070,7 +2070,7 @@ export interface paths { * Generate knowledge base plan * @description Generate a knowledge base plan via the KB AI assistant. * - * Describe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires `X-API-Key`. + * Describe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token). */ post: operations["ai_assistant_knowledge_base_api_solutions__solution_id__ai_assistant_knowledge_base_post"]; delete?: never; @@ -2092,7 +2092,7 @@ export interface paths { * Generate source plan * @description Generate a content source plan via the source AI assistant. * - * Describe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires `X-API-Key`. + * Describe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires authentication (API key or bearer token). */ post: operations["ai_assistant_source_api_solutions__solution_id__ai_assistant_source_post"]; delete?: never; @@ -2114,7 +2114,7 @@ export interface paths { * Accept plan * @description Accept and execute a proposed plan generated by one of the AI assistant endpoints. * - * Executes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires `X-API-Key`. + * Executes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires authentication (API key or bearer token). */ post: operations["ai_assistant_accept_api_solutions__solution_id__ai_assistant__conversation_id__accept_post"]; delete?: never; @@ -2136,7 +2136,7 @@ export interface paths { * Decline plan * @description Decline a proposed plan generated by one of the AI assistant endpoints. * - * Marks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires `X-API-Key`. + * Marks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires authentication (API key or bearer token). */ post: operations["ai_assistant_decline_api_solutions__solution_id__ai_assistant__conversation_id__decline_post"]; delete?: never; @@ -2156,7 +2156,7 @@ export interface paths { * List conversations * @description List AI assistant conversation history for a solution. * - * Returns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires `X-API-Key`. + * Returns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires authentication (API key or bearer token). */ get: operations["list_conversations_api_solutions__solution_id__conversations_get"]; put?: never; @@ -2164,7 +2164,7 @@ export interface paths { * Add conversation turn * @description Add a conversation turn to a solution's AI assistant history. * - * Records a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires `X-API-Key`. + * Records a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires authentication (API key or bearer token). */ post: operations["add_conversation_turn_api_solutions__solution_id__conversations_post"]; delete?: never; @@ -2190,7 +2190,7 @@ export interface paths { * Mark conversation turn * @description Mark a conversation turn as accepted or declined. * - * Updates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires `X-API-Key`. + * Updates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires authentication (API key or bearer token). */ patch: operations["mark_conversation_turn_api_solutions__solution_id__conversations__conversation_id__patch"]; trace?: never; @@ -2208,14 +2208,14 @@ export interface paths { * Link knowledge bases * @description Link one or more knowledge bases to a solution by their IDs. * - * Pass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). */ post: operations["link_knowledge_bases_api_solutions__solution_id__knowledge_bases_post"]; /** * Unlink knowledge bases * @description Unlink one or more knowledge bases from a solution by their IDs. * - * Pass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token). */ delete: operations["unlink_knowledge_bases_api_solutions__solution_id__knowledge_bases_delete"]; options?: never; @@ -2236,14 +2236,14 @@ export interface paths { * Link source connections * @description Link one or more source connections to a solution by their IDs. * - * Pass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token). */ post: operations["link_source_connections_api_solutions__solution_id__source_connections_post"]; /** * Unlink source connections * @description Unlink one or more source connections from a solution by their IDs. * - * Pass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires `X-API-Key`. + * Pass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token). */ delete: operations["unlink_source_connections_api_solutions__solution_id__source_connections_delete"]; options?: never; @@ -2293,8 +2293,8 @@ export interface paths { * - Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc). * * Auth & scoping: - * - Requires `X-API-Key`. Results are scoped to the API key's account. - * - The optional `account_id` query param is only allowed when it matches the API key's account. + * - Requires authentication (API key or bearer token). Results are scoped to the authenticated account. + * - The optional `account_id` query param is only allowed when it matches the authenticated account. */ get: operations["list_sources_api_sources__get"]; put?: never; @@ -2317,7 +2317,7 @@ export interface paths { * @description Fetch a content source by ID. * * Auth & scoping: - * - Requires `X-API-Key`. You can only access sources belonging to your account. + * - Requires authentication (API key or bearer token). You can only access sources belonging to your account. */ get: operations["get_source_api_sources__source_connection_id__get"]; /** @@ -8899,10 +8899,7 @@ export interface operations { get_me_api_me_get: { parameters: { query?: never; - header?: { - /** @description Target a different organization account (OAuth only). When omitted, the user's default account is used. Ignored for API key authentication — the key's account is always used. */ - "X-Account-Id"?: components["parameters"]["X-Account-Id"]; - }; + header?: never; path?: never; cookie?: never; }; diff --git a/tests/client.test.ts b/tests/client.test.ts index c0b4bf7..b2326fc 100644 --- a/tests/client.test.ts +++ b/tests/client.test.ts @@ -106,7 +106,7 @@ describe("Configuration & Auth", () => { p.env.SECLAI_CONFIG_DIR = "/nonexistent-seclai-dir"; } const client = new Seclai({ fetch: makeFetch(() => new Response("ok")) }); - await expect(client.request("GET", "/test")).rejects.toThrow(/SSO token expired|[Mm]issing credentials/); + await expect(client.request("GET", "/test")).rejects.toThrow(/SSO token expired/); if (p?.env) { if (prev === undefined) delete p.env.SECLAI_API_KEY; else p.env.SECLAI_API_KEY = prev; @@ -142,6 +142,19 @@ describe("Configuration & Auth", () => { else p.env.SECLAI_API_URL = prev; } }); + + test("preserves path prefix in baseUrl", async () => { + const client = new Seclai({ + apiKey: "k", + baseUrl: "https://proxy.example.invalid/v1/api", + fetch: makeFetch((req) => { + const u = new URL(req.url); + expect(u.pathname).toBe("/v1/api/agents"); + return jsonResponse([]); + }), + }); + await client.request("GET", "/agents"); + }); }); // ───────────────────────────────────────────────────────────────────────────── From f1ca5e21e33e3013ee90fb1ef36b87b83d2b0f59 Mon Sep 17 00:00:00 2001 From: Kim Burgaard Date: Fri, 27 Mar 2026 15:25:09 -0700 Subject: [PATCH 3/3] Updated API spec --- openapi/seclai.openapi.json | 177 ++++++++++++++++++------------------ 1 file changed, 91 insertions(+), 86 deletions(-) diff --git a/openapi/seclai.openapi.json b/openapi/seclai.openapi.json index 5ad33f3..a20fe19 100644 --- a/openapi/seclai.openapi.json +++ b/openapi/seclai.openapi.json @@ -7125,7 +7125,7 @@ "paths": { "/agents": { "get": { - "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List agents for the account with pagination.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "list_agents_api_agents_get", "parameters": [ { @@ -7187,7 +7187,7 @@ ] }, "post": { - "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Agent is created in the authenticated account.", + "description": "Create a new agent.\n\nTrigger types:\n- `dynamic_input`: triggered via API with user-provided input\n- `template_input`: triggered via API with a predefined template\n- `schedule`: triggered on a schedule\n- `new_content`: triggered when new content arrives\n\nTemplates: `blank`, `retrieval_example`, `simple_qa`, `summarizer`, `json_extractor`, `content_change_notifier`, `scheduled_report`, `webhook_pipeline`\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Agent is created in the caller's account.", "operationId": "create_agent_api_agents_post", "parameters": [ { @@ -7768,7 +7768,7 @@ }, "/agents/runs/search": { "post": { - "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Searches only within your account's traces.", + "description": "Search agent traces using semantic similarity.\n\nFinds step-run outputs that are most semantically similar to the query.\nResults include the matching text, agent/step metadata, and a similarity score.\n\nAgent traces are automatically indexed when runs complete. The first 7 days of storage are free; extended retention is billed.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Searches only within your account's traces.", "operationId": "search_agent_runs_api_agents_runs_search_post", "parameters": [ { @@ -7815,7 +7815,7 @@ }, "/agents/runs/{run_id}": { "delete": { - "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only cancel runs belonging to your account.", + "description": "Cancel a running agent run.\n\nIf the run is already in a terminal state (`completed` or `failed`), cancellation will be rejected.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only cancel runs belonging to your account.", "operationId": "delete_agent_run_api_agents_runs__run_id__delete", "parameters": [ { @@ -7859,7 +7859,7 @@ ] }, "get": { - "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access runs belonging to your account.", + "description": "Fetch the latest snapshot for an agent run created by `POST /agents/{agent_id}/runs` or `POST /agents/{agent_id}/runs/stream`.\n\nThe response includes `status`, `error_count`, and `output` once the run completes. Use `include_step_outputs=true` to include per-step outputs, timing, durations, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access runs belonging to your account.", "operationId": "get_agent_run_api_agents_runs__run_id__get", "parameters": [ { @@ -7917,7 +7917,7 @@ }, "/agents/{agent_id}": { "delete": { - "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete agents belonging to your account.", + "description": "Soft-delete an agent. The agent will no longer appear in listings or be accessible via the API.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only delete agents belonging to your account.", "operationId": "delete_agent_api_agents__agent_id__delete", "parameters": [ { @@ -7954,7 +7954,7 @@ ] }, "get": { - "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", + "description": "Fetch an agent's metadata (name, description, trigger type, timestamps).\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access agents belonging to your account.", "operationId": "get_agent_metadata_api_agents__agent_id__get", "parameters": [ { @@ -7998,7 +7998,7 @@ ] }, "put": { - "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", + "description": "Update an agent's name, description, evaluation settings, and model lifecycle settings.\n\nEvaluation settings: `evaluation_mode` ('output_expectation', 'eval_and_retry', 'sample_and_flag'), `default_evaluation_tier` ('fast', 'balanced', 'thorough'), `max_retries`, `retry_on_failure`, `sampling_config`.\n\nModel lifecycle settings: `prompt_model_auto_upgrade_strategy` ('none', 'early_adopter', 'middle_of_road', 'cautious_adopter'), `prompt_model_auto_rollback_enabled`, `prompt_model_auto_rollback_triggers` (list of 'agent_eval_fail', 'governance_flag', 'governance_block', 'agent_run_failed').\n\nAt least one field must be provided.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only update agents belonging to your account.", "operationId": "update_agent_api_agents__agent_id__put", "parameters": [ { @@ -8054,7 +8054,7 @@ }, "/agents/{agent_id}/ai-assistant/conversations": { "get": { - "description": "Fetch the AI assistant conversation history for a specific step of an agent.\n\nReturns past conversation turns (user inputs, AI responses, accept/decline status) ordered oldest first. Use `step_type` to filter by step type, and optionally `step_id` to narrow to a specific step instance.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be queried.", + "description": "Fetch the AI assistant conversation history for a specific step of an agent.\n\nReturns past conversation turns (user inputs, AI responses, accept/decline status) ordered oldest first. Use `step_type` to filter by step type, and optionally `step_id` to narrow to a specific step instance.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Only agents belonging to your account can be queried.", "operationId": "get_ai_conversation_history_api_agents__agent_id__ai_assistant_conversations_get", "parameters": [ { @@ -8156,7 +8156,7 @@ }, "/agents/{agent_id}/ai-assistant/generate-steps": { "post": { - "description": "Use the AI assistant to generate a full agent step workflow from a natural language description.\n\nProvide a description of what the agent should do, along with optional context (current steps, trigger type). The AI produces a complete set of agent steps.\nUse mode 'generate_full' for new workflows or 'modify_workflow' to refine existing ones.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used.", + "description": "Use the AI assistant to generate a full agent step workflow from a natural language description.\n\nProvide a description of what the agent should do, along with optional context (current steps, trigger type). The AI produces a complete set of agent steps.\nUse mode 'generate_full' for new workflows or 'modify_workflow' to refine existing ones.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Only agents belonging to your account can be used.", "operationId": "generate_agent_steps_api_agents__agent_id__ai_assistant_generate_steps_post", "parameters": [ { @@ -8212,7 +8212,7 @@ }, "/agents/{agent_id}/ai-assistant/step-config": { "post": { - "description": "Use the AI assistant to generate or refine a single step's configuration.\n\nProvide the step type, a natural language instruction, and optionally the current configuration. The AI will produce a proposed configuration along with an explanation. The suggestion is stored as a conversation turn that can be accepted or declined separately via the mark endpoint.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. Only agents belonging to your account can be used.", + "description": "Use the AI assistant to generate or refine a single step's configuration.\n\nProvide the step type, a natural language instruction, and optionally the current configuration. The AI will produce a proposed configuration along with an explanation. The suggestion is stored as a conversation turn that can be accepted or declined separately via the mark endpoint.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Only agents belonging to your account can be used.", "operationId": "generate_step_config_api_agents__agent_id__ai_assistant_step_config_post", "parameters": [ { @@ -8268,7 +8268,7 @@ }, "/agents/{agent_id}/ai-assistant/{conversation_id}": { "patch": { - "description": "Accept or decline a proposed AI assistant configuration for a conversation turn.\n\nThis only updates the tracking status on the conversation record. To actually apply the proposed configuration, use the agent definition update endpoint separately.\n\nAuth & scoping:\n- Requires a user-scoped `X-API-Key`. The conversation must belong to one of your agents.", + "description": "Accept or decline a proposed AI assistant configuration for a conversation turn.\n\nThis only updates the tracking status on the conversation record. To actually apply the proposed configuration, use the agent definition update endpoint separately.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. The conversation must belong to one of your agents.", "operationId": "mark_ai_suggestion_api_agents__agent_id__ai_assistant__conversation_id__patch", "parameters": [ { @@ -8337,7 +8337,7 @@ }, "/agents/{agent_id}/definition": { "get": { - "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access agents belonging to your account.", + "description": "Fetch the current agent definition from the main branch.\n\nThe response includes `change_id` which must be provided when updating the definition (optimistic locking).\n\nThe definition contains the agent's step workflow. Available step types:\n- `prompt_call`: Call an LLM with a prompt template\n- `retrieval`: Search a knowledge base\n- `transform`: Reshape data with a Liquid template\n- `gate`: Evaluate conditions, stop or continue child execution\n- `retry`: Re-execute from a target ancestor step (for quality-control loops; pair with a `gate` step for conditional retrying. Fields: `target_step_id` (ancestor step ID), `max_retries` (1\u201310))\n- `evaluate_step`: Score a selected previous step output and emit JSON with `score`, `passed`, and `pass_threshold` (fields: `target_step_id`, `evaluation_prompt`, `pass_threshold`, optional `evaluation_tier`, optional `expectation_config`)\n- `insight`: Progressively read and analyze large input\n- `extract_json` / `extract_html` / `extract_xml`: Extract structured data\n- `send_email`: Send email with step output\n- `webhook_call`: POST data to an external URL\n- `write_aws_s3_object`: Write output to S3\n- `call_agent`: Invoke another agent\n- `write_metadata`: Write a value to content metadata (for filtering/gates; content-triggered agents only. Fields: `metadata_key`, `content`)\n- `write_content_attachment`: Write a file-backed attachment to content (optionally indexed for retrieval; content-triggered agents only. Fields: `attachment_key`, `content`, `content_type`, `indexed`)\n- `load_content_attachment`: Load a previously written attachment (content-triggered agents only. Fields: `attachment_key`)\n- `load_content`: Load the full text body of a source document (typically used with content-triggered agents; can also load by explicit `content_version_id`. Fields: `content_version_id` optional)\n- `display_result`: Show output to the user\n- `join`: Merge parallel branches\n- `combinator`: Combine multiple inputs\n- `text`: Static text literal\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access agents belonging to your account.", "operationId": "get_agent_definition_api_agents__agent_id__definition_get", "parameters": [ { @@ -8381,7 +8381,7 @@ ] }, "put": { - "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update agents belonging to your account.", + "description": "Update the agent's definition on the main branch.\n\nUses **optimistic locking**: provide `expected_change_id` from the last `GET /api/agents/{agent_id}/definition`. Returns `409 Conflict` if the definition was modified since your last read.\n\nThe definition contains the agent's step workflow. Step types include `prompt_call`, `retrieval`, `transform`, `gate`, `retry`, `evaluate_step`, `insight`, `extract_json`, `extract_html`, `extract_xml`, `send_email`, `webhook_call`, `write_aws_s3_object`, `call_agent`, `write_metadata`, `write_content_attachment`, `load_content_attachment`, `load_content`, `display_result`, `join`, `combinator`, and `text`. Non-composite step types (`display_result`, `join`, `retry`, `evaluate_step`) cannot contain child steps.\n\n**Retry steps** re-execute from a target ancestor step for quality-control loops. Configure with `target_step_id` (ancestor step ID) and `max_retries` (1\u201310). Best practice: place a `gate` step before the retry to make retries conditional.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only update agents belonging to your account.", "operationId": "update_agent_definition_api_agents__agent_id__definition_put", "parameters": [ { @@ -8873,7 +8873,7 @@ }, "/agents/{agent_id}/input-uploads/{upload_id}": { "get": { - "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Poll the processing status of a file upload created via `POST /agents/{agent_id}/upload-input`.\n\nPossible `status` values: `processing`, `ready`, `failed`.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "api_get_agent_input_upload_status_api_agents__agent_id__input_uploads__upload_id__get", "parameters": [ { @@ -8928,7 +8928,7 @@ }, "/agents/{agent_id}/runs": { "get": { - "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only list runs for agents in your account.", + "description": "List runs for a specific agent (most recent first), with pagination.\n\nTypical use cases:\n- Build a traces UI for an agent.\n- Debug recent executions and inspect terminal statuses.\n\nNotes:\n- This endpoint returns a summary list. Fetch full details with `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only list runs for agents in your account.", "operationId": "list_agent_runs_api_agents__agent_id__runs_get", "parameters": [ { @@ -9017,7 +9017,7 @@ ] }, "post": { - "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Start an agent run.\n\nAn *agent* is an automated workflow that can monitor content from your sources, process it with AI, and trigger actions. This endpoint creates a new run and returns a `run_id` you can poll to retrieve status and output.\n\nWhen to use:\n- Use this endpoint for request/response style integrations where polling is acceptable.\n- Use `POST /agents/{agent_id}/runs/stream` if you need real-time progress via SSE.\n\nKey fields:\n- `input`: text input for agents with a `dynamic_input` trigger.\n- `input_upload_id`: alternatively, reference a file previously uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n- `priority`: set true for latency-sensitive, user-facing work.\n- `metadata`: a JSON object that becomes available to agent steps for string substitution.\n\nAfter starting:\n- Poll `GET /agents/runs/{run_id}` until `status` is `completed` or `failed`.\n- Use `include_step_outputs=true` to include per-step outputs, timing, and credits.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "run_agent_api_agents__agent_id__runs_post", "parameters": [ { @@ -9073,7 +9073,7 @@ }, "/agents/{agent_id}/runs/stream": { "post": { - "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Start a **priority** agent run and stream run events using Server-Sent Events (SSE).\n\nThis is the best option for interactive UIs where you want progress updates as the run executes.\n\nHow it works:\n- The first `init` event contains an `AgentRunResponse` snapshot, including the `run_id`.\n- Subsequent events are forwarded from the run event stream (status changes, step events, etc).\n- The final `done` event contains the terminal snapshot (including `output` and `credits` when available).\n\nInput options (for `dynamic_input` triggers):\n- `input`: text input passed directly.\n- `input_upload_id`: reference a file uploaded via `POST /agents/{agent_id}/upload-input` (mutually exclusive with `input`).\n\nClient guidance:\n- Keep the connection open and handle keepalive comments.\n- On `timeout` or `error`, the payload includes `run_id` so clients can resume by polling `GET /agents/runs/{run_id}`.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "run_streaming_agent_api_agents__agent_id__runs_stream_post", "parameters": [ { @@ -9192,7 +9192,7 @@ }, "/agents/{agent_id}/upload-input": { "post": { - "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "Upload a file to use as input for a `dynamic_input` agent run.\n\nSupports the same file types as content source uploads: text, PDF, DOCX, audio, video, images, etc. Text and document files are processed synchronously; audio/video are submitted for asynchronous transcription.\n\n**Size limit:** 200 MB per file.\n\n**Supported extensions:** txt, html, md, csv, xml, json, pdf, msg, docx, doc, pptx, ppt, xlsx, xls, zip, epub, png, jpg, gif, bmp, tiff, webp, mp3, wav, m4a, flac, ogg, mp4, mov, avi.\n\nAfter uploading, poll `GET /agents/{agent_id}/input-uploads/{upload_id}` until `status` is `ready`, then pass `input_upload_id` to `POST /agents/{agent_id}/runs`.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "api_upload_agent_input_api_agents__agent_id__upload_input_post", "parameters": [ { @@ -9238,7 +9238,7 @@ }, "/ai-assistant/feedback": { "post": { - "description": "Submit thumbs-up/down feedback on any AI assistant interaction. Negative feedback with a comment is analyzed for concerning issues.\n\nAuth: requires ``X-API-Key``.", + "description": "Submit thumbs-up/down feedback on any AI assistant interaction. Negative feedback with a comment is analyzed for concerning issues.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_feedback_api_ai_assistant_feedback_post", "parameters": [ { @@ -9285,7 +9285,7 @@ }, "/ai-assistant/knowledge-base": { "post": { - "description": "Generate a knowledge base creation/modification plan without requiring an existing solution. May also propose prerequisite source creation actions.\n\nAuth: requires ``X-API-Key``.", + "description": "Generate a knowledge base creation/modification plan without requiring an existing solution. May also propose prerequisite source creation actions.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_knowledge_base_api_ai_assistant_knowledge_base_post", "parameters": [ { @@ -9332,7 +9332,7 @@ }, "/ai-assistant/memory-bank": { "post": { - "description": "Generate a memory bank configuration suggestion via the AI assistant. The AI proposes name, type, mode, compaction prompt, and retention settings.\n\nAuth: requires ``X-API-Key``.", + "description": "Generate a memory bank configuration suggestion via the AI assistant. The AI proposes name, type, mode, compaction prompt, and retention settings.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_memory_bank_api_ai_assistant_memory_bank_post", "parameters": [ { @@ -9379,7 +9379,7 @@ }, "/ai-assistant/memory-bank/last-conversation": { "get": { - "description": "Fetch the most recent memory bank AI assistant conversation turns for the authenticated user. Returns turns in oldest-first order with a total count for pagination via limit/offset query parameters.\n\nAuth: requires ``X-API-Key``.", + "description": "Fetch the most recent memory bank AI assistant conversation turns for the authenticated user. Returns turns in oldest-first order with a total count for pagination via limit/offset query parameters.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_memory_bank_history_api_ai_assistant_memory_bank_last_conversation_get", "parameters": [ { @@ -9443,7 +9443,7 @@ }, "/ai-assistant/memory-bank/{conversation_id}": { "patch": { - "description": "Update the acceptance status of a memory bank AI assistant conversation turn. Set ``accepted`` to true to accept the proposed configuration, or false to decline it. The accepted status is recorded for audit purposes.\n\nAuth: requires ``X-API-Key``.", + "description": "Update the acceptance status of a memory bank AI assistant conversation turn. Set ``accepted`` to true to accept the proposed configuration, or false to decline it. The accepted status is recorded for audit purposes.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_memory_bank_accept_api_ai_assistant_memory_bank__conversation_id__patch", "parameters": [ { @@ -9504,7 +9504,7 @@ }, "/ai-assistant/solution": { "post": { - "description": "Generate a complete solution plan covering sources, knowledge bases, and agents without requiring an existing solution. Supports SSE streaming when ``Accept: text/event-stream`` is set.\n\nAuth: requires ``X-API-Key``.", + "description": "Generate a complete solution plan covering sources, knowledge bases, and agents without requiring an existing solution. Supports SSE streaming when ``Accept: text/event-stream`` is set.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_solution_api_ai_assistant_solution_post", "parameters": [ { @@ -9551,7 +9551,7 @@ }, "/ai-assistant/source": { "post": { - "description": "Generate a content source creation/modification plan without requiring an existing solution. The AI proposes actions for the user to review before any changes are made.\n\nAuth: requires ``X-API-Key``.", + "description": "Generate a content source creation/modification plan without requiring an existing solution. The AI proposes actions for the user to review before any changes are made.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_source_api_ai_assistant_source_post", "parameters": [ { @@ -9598,7 +9598,7 @@ }, "/ai-assistant/{conversation_id}/accept": { "post": { - "description": "Accept and execute a previously proposed standalone plan. If the plan contains destructive actions (deletions), ``confirm_deletions`` must be set to true.\n\nAuth: requires ``X-API-Key``.", + "description": "Accept and execute a previously proposed standalone plan. If the plan contains destructive actions (deletions), ``confirm_deletions`` must be set to true.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_accept_api_ai_assistant__conversation_id__accept_post", "parameters": [ { @@ -9655,7 +9655,7 @@ }, "/ai-assistant/{conversation_id}/decline": { "post": { - "description": "Decline a previously proposed standalone plan. No resources are modified. The conversation is marked as declined.\n\nAuth: requires ``X-API-Key``.", + "description": "Decline a previously proposed standalone plan. No resources are modified. The conversation is marked as declined.\n\nAuth: requires ``X-API-Key`` header or OAuth Bearer token.", "operationId": "api_ai_decline_api_ai_assistant__conversation_id__decline_post", "parameters": [ { @@ -9695,7 +9695,7 @@ }, "/alerts": { "get": { - "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.", + "description": "List alerts for the account with optional filters.\n\nFilters:\n- `status`: triggered, acknowledged, resolved, dismissed\n- `agent_id`: filter by agent\n- `source_connection_id`: filter by source\n- `time_from` / `time_to`: ISO 8601 date range\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Results are scoped to the caller's account.", "operationId": "list_alerts_api_alerts_get", "parameters": [ { @@ -9853,7 +9853,7 @@ }, "/alerts/configs": { "get": { - "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "List alert configurations.\n\nFilters:\n- `agent_id`: list configs for a specific agent\n- `source_connection_id`: list configs for a specific source\n- Neither: list account-level agent alert configs\n- `scope=source`: list account-level source alert configs\n\nCredits alerts (`credits_low_threshold`, `credits_runout_prediction`, `credits_usage_spike`) are account-level alert configs. They are evaluated by the credits alert sweep and default-enabled configs may be auto-created for active accounts at runtime.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "list_alert_configs_api_alerts_configs_get", "parameters": [ { @@ -9944,7 +9944,7 @@ ] }, "post": { - "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Create a new alert configuration.\n\nAgent alert types: run_failed, consecutive_failures, error_rate_spike, run_burst, slow_run, credits_low_threshold, credits_runout_prediction, credits_usage_spike, non_manual_eval_failed, non_manual_eval_flagged, governance_flagged, governance_blocked, model_newer_available, model_deprecated, model_sunset.\nSource alert types: pull_failed, consecutive_pull_failures, pull_error_rate_spike.\n\nDistribution types: owner, owner_admins, selected_members. Organization accounts are normalized to owner_admins.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "create_alert_config_api_alerts_configs_post", "parameters": [ { @@ -9993,7 +9993,7 @@ }, "/alerts/configs/{config_id}": { "delete": { - "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Delete an alert configuration. This permanently removes the config and stops any future alerts of this type from being triggered.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "delete_alert_config_api_alerts_configs__config_id__delete", "parameters": [ { @@ -10030,7 +10030,7 @@ ] }, "get": { - "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Get a specific alert configuration by ID.\n\nReturns all fields including type, enabled state, threshold, cooldown, distribution type, and recipient list.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "get_alert_config_api_alerts_configs__config_id__get", "parameters": [ { @@ -10076,7 +10076,7 @@ ] }, "patch": { - "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Update an alert configuration. Only provided fields are updated.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "update_alert_config_api_alerts_configs__config_id__patch", "parameters": [ { @@ -10134,7 +10134,7 @@ }, "/alerts/organization-preferences/list": { "get": { - "description": "List per-organization alert delivery preferences for the API key's associated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).\n- Only organizations where the user is an owner or administrator are included.", + "description": "List per-organization alert delivery preferences for the authenticated user.\n\nBy default, only explicit override rows are returned. Set `include_defaults=true` to return the effective subscribed state for every alert type in every organization the user can manage.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.\n- Only organizations where the user is an owner or administrator are included.", "operationId": "list_organization_preferences_api_alerts_organization_preferences_list_get", "parameters": [ { @@ -10202,7 +10202,7 @@ }, "/alerts/organization-preferences/{organization_id}/{alert_type}": { "patch": { - "description": "Update the API key user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).\n- Only owners and administrators can update preferences for an organization.", + "description": "Update the authenticated user's personal delivery preference for one alert type in one organization.\n\nSetting `subscribed=false` stores an explicit opt-out override. Setting `subscribed=true` removes the override and restores the default subscribed behavior.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.\n- Only owners and administrators can update preferences for an organization.", "operationId": "update_organization_preference_api_alerts_organization_preferences__organization_id___alert_type__patch", "parameters": [ { @@ -10268,7 +10268,7 @@ }, "/alerts/{alert_id}": { "get": { - "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Get full alert detail including history, comments, and subscribers.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "get_alert_detail_api_alerts__alert_id__get", "parameters": [ { @@ -10316,7 +10316,7 @@ }, "/alerts/{alert_id}/comments": { "post": { - "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Add a comment to an alert. Comments are visible to all subscribers and are included in the alert detail response.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "add_alert_comment_api_alerts__alert_id__comments_post", "parameters": [ { @@ -10374,7 +10374,7 @@ }, "/alerts/{alert_id}/status": { "post": { - "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Change the status of an alert. Valid statuses: triggered, acknowledged, resolved, dismissed.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "change_alert_status_api_alerts__alert_id__status_post", "parameters": [ { @@ -10432,7 +10432,7 @@ }, "/alerts/{alert_id}/subscribe": { "post": { - "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Subscribe the current user to an alert. Subscribed users receive email notifications when the alert status changes or new comments are added.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "subscribe_to_alert_api_alerts__alert_id__subscribe_post", "parameters": [ { @@ -10480,7 +10480,7 @@ }, "/alerts/{alert_id}/unsubscribe": { "post": { - "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Unsubscribe the current user from an alert. The user will no longer receive email notifications for status changes or new comments on this alert.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "unsubscribe_from_alert_api_alerts__alert_id__unsubscribe_post", "parameters": [ { @@ -10528,7 +10528,7 @@ }, "/contents/{source_connection_content_version}": { "delete": { - "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only delete content belonging to your account.", + "description": "Delete a content item (a `SourceConnectionContentVersion`).\n\nUse this to remove an uploaded or indexed item from your account. Deleting content can affect agents and knowledge base workflows that reference this item.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only delete content belonging to your account.", "operationId": "delete_content_api_contents__source_connection_content_version__delete", "parameters": [ { @@ -10565,7 +10565,7 @@ ] }, "get": { - "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access content belonging to your account.", + "description": "Get detailed information about a specific content item (a `SourceConnectionContentVersion`).\n\nThis is useful when you want to:\n- Inspect the extracted text for debugging or review.\n- Display content details in a UI.\n\nText range:\n- `start` and `end` control the character range returned in `text_content` so clients can page through large documents.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access content belonging to your account.", "operationId": "get_content_detail_api_contents__source_connection_content_version__get", "parameters": [ { @@ -10685,7 +10685,7 @@ }, "/contents/{source_connection_content_version}/embeddings": { "get": { - "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access embeddings for content belonging to your account.", + "description": "List the embeddings (chunk vectors) for a content item, with pagination.\n\nEmbeddings are used for semantic search and retrieval in knowledge base workflows. This endpoint is primarily useful for debugging chunking, indexing, and vector contents.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access embeddings for content belonging to your account.", "operationId": "list_content_embeddings_api_contents__source_connection_content_version__embeddings_get", "parameters": [ { @@ -10751,7 +10751,7 @@ }, "/contents/{source_connection_content_version}/upload": { "post": { - "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only replace content belonging to your account.", + "description": "Upload a new file and replace the content backing an existing `SourceConnectionContentVersion`.\n\nThis behaves like a source file upload, but it targets an existing content version ID. This is useful when you want to correct or update an uploaded document while keeping references stable.\n\n**Maximum file size:** 209715200 bytes.\n\n**Supported MIME types:**\n- `application/epub+zip`\n- `application/json`\n- `application/msword`\n- `application/pdf`\n- `application/vnd.ms-excel`\n- `application/vnd.ms-outlook`\n- `application/vnd.ms-powerpoint`\n- `application/vnd.openxmlformats-officedocument.presentationml.presentation`\n- `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`\n- `application/vnd.openxmlformats-officedocument.wordprocessingml.document`\n- `application/xml`\n- `application/zip`\n- `audio/flac`\n- `audio/mp4`\n- `audio/mpeg`\n- `audio/ogg`\n- `audio/wav`\n- `image/bmp`\n- `image/gif`\n- `image/jpeg`\n- `image/png`\n- `image/tiff`\n- `image/webp`\n- `text/csv`\n- `text/html`\n- `text/markdown`\n- `text/plain`\n- `text/x-markdown`\n- `text/xml`\n- `video/mp4`\n- `video/quicktime`\n- `video/x-msvideo`\n\nNotes:\n- If the uploaded file's content type is `application/octet-stream`, the server attempts to infer the type from the file extension.\n- Use `metadata` to attach an arbitrary JSON object of metadata (for example `metadata={\"category\":\"docs\"}`).\n- `title` is a convenience field and is merged into the metadata as `metadata.title` (it does not override an existing `metadata.title`).\n- For backwards compatibility, you can also pass form fields named `metadata_` (for example `metadata_author=...`). These override keys from `metadata`.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only replace content belonging to your account.", "operationId": "upload_file_to_content_api_contents__source_connection_content_version__upload_post", "parameters": [ { @@ -10807,7 +10807,7 @@ }, "/governance/ai-assistant": { "post": { - "description": "Send a natural-language request to the governance AI assistant to generate a plan of policy changes. Returns a conversation with proposed actions that can be accepted or declined.\n\nAuth: requires `X-API-Key` with governance access.", + "description": "Send a natural-language request to the governance AI assistant to generate a plan of policy changes. Returns a conversation with proposed actions that can be accepted or declined.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token with governance access.", "operationId": "governance_ai_generate_api_governance_ai_assistant_post", "parameters": [ { @@ -10860,7 +10860,7 @@ }, "/governance/ai-assistant/conversations": { "get": { - "description": "Return recent governance AI assistant conversations for the account, ordered by most recent first.\n\nAuth: requires `X-API-Key` with governance access.", + "description": "Return recent governance AI assistant conversations for the account, ordered by most recent first.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token with governance access.", "operationId": "list_governance_ai_conversations_api_governance_ai_assistant_conversations_get", "parameters": [ { @@ -10918,7 +10918,7 @@ }, "/governance/ai-assistant/{conversation_id}/accept": { "post": { - "description": "Execute the proposed policy changes from a governance AI assistant conversation. Each action is applied in order and results are returned.\n\nAuth: requires `X-API-Key` with governance access.", + "description": "Execute the proposed policy changes from a governance AI assistant conversation. Each action is applied in order and results are returned.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token with governance access.", "operationId": "governance_ai_accept_api_governance_ai_assistant__conversation_id__accept_post", "parameters": [ { @@ -10971,7 +10971,7 @@ }, "/governance/ai-assistant/{conversation_id}/decline": { "post": { - "description": "Reject a previously proposed governance AI assistant plan without applying any changes. The conversation is marked as declined and no policy modifications are made.\n\nAuth: requires `X-API-Key` with governance access.", + "description": "Reject a previously proposed governance AI assistant plan without applying any changes. The conversation is marked as declined and no policy modifications are made.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token with governance access.", "operationId": "governance_ai_decline_api_governance_ai_assistant__conversation_id__decline_post", "parameters": [ { @@ -11017,7 +11017,7 @@ }, "/knowledge_bases": { "get": { - "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List knowledge bases for the account.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "list_knowledge_bases_api_knowledge_bases_get", "parameters": [ { @@ -11190,7 +11190,7 @@ ] }, "get": { - "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access knowledge bases belonging to your account.", + "description": "Fetch a knowledge base by ID.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access knowledge bases belonging to your account.", "operationId": "get_knowledge_base_api_knowledge_bases__knowledge_base_id__get", "parameters": [ { @@ -11234,7 +11234,7 @@ ] }, "put": { - "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only update knowledge bases belonging to your account.", + "description": "Update a knowledge base's configuration. Only provided fields are changed; omitted fields are left unchanged.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only update knowledge bases belonging to your account.", "operationId": "update_knowledge_base_api_knowledge_bases__knowledge_base_id__put", "parameters": [ { @@ -11290,8 +11290,13 @@ }, "/me": { "get": { - "description": "Returns the authenticated user's personal account ID and a list of organizations they belong to. Each organization entry includes the organization's own id, name, and account_id. Useful for CLI tooling that needs to let the user pick an organization context.", + "description": "Returns the authenticated user's personal account ID and a list of organisations they belong to. Each organisation entry includes the organisation's own id, display name, and account_id. Useful for CLI tooling that needs to let the user pick an org context.", "operationId": "get_me_api_me_get", + "parameters": [ + { + "$ref": "#/components/parameters/X-Account-Id" + } + ], "responses": { "200": { "content": { @@ -11312,7 +11317,7 @@ }, "/memory_banks": { "get": { - "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). All resources are scoped to the authenticated account.", + "description": "List memory banks for the account.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. All resources are scoped to the caller's account.", "operationId": "list_memory_banks_api_memory_banks_get", "parameters": [ { @@ -11463,7 +11468,7 @@ }, "/memory_banks/ai-assistant": { "post": { - "description": "Generate a memory bank configuration suggestion via the AI assistant. The AI proposes name, type, mode, compaction prompt, and retention settings based on the user's description.\n\nAuth: requires `X-API-Key`.", + "description": "Generate a memory bank configuration suggestion via the AI assistant. The AI proposes name, type, mode, compaction prompt, and retention settings based on the user's description.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token.", "operationId": "memory_bank_ai_generate_api_memory_banks_ai_assistant_post", "parameters": [ { @@ -11513,7 +11518,7 @@ }, "/memory_banks/ai-assistant/last-conversation": { "get": { - "description": "Fetch the most recent memory bank AI assistant conversation turns for the current user. Supports pagination via limit/offset.\n\nAuth: requires `X-API-Key`.", + "description": "Fetch the most recent memory bank AI assistant conversation turns for the current user. Supports pagination via limit/offset.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token.", "operationId": "memory_bank_ai_last_conversation_api_memory_banks_ai_assistant_last_conversation_get", "parameters": [ { @@ -11577,7 +11582,7 @@ }, "/memory_banks/ai-assistant/{conversation_id}": { "patch": { - "description": "Update the acceptance status of a memory bank AI assistant conversation turn. Set ``accepted`` to true to accept the proposed configuration, or false to decline it. The accepted status is recorded for audit purposes.\n\nAuth: requires `X-API-Key`.", + "description": "Update the acceptance status of a memory bank AI assistant conversation turn. Set ``accepted`` to true to accept the proposed configuration, or false to decline it. The accepted status is recorded for audit purposes.\n\nAuth: requires `X-API-Key` header or OAuth Bearer token.", "operationId": "memory_bank_ai_accept_api_memory_banks_ai_assistant__conversation_id__patch", "parameters": [ { @@ -11754,7 +11759,7 @@ ] }, "get": { - "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access memory banks belonging to your account.", + "description": "Fetch a memory bank by ID.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access memory banks belonging to your account.", "operationId": "get_memory_bank_api_memory_banks__memory_bank_id__get", "parameters": [ { @@ -12144,7 +12149,7 @@ }, "/models/alerts": { "get": { - "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Alerts are scoped to the authenticated account.", + "description": "List model lifecycle alerts for the account.\n\nReturns in-app notifications about model deprecations, sunsets, and newer model availability. Supports filtering by agent, unread-only, and pagination.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Alerts are scoped to the caller's account.", "operationId": "list_alerts_api_models_alerts_get", "parameters": [ { @@ -12240,7 +12245,7 @@ }, "/models/alerts/mark-all-read": { "post": { - "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Scoped to the authenticated account.", + "description": "Mark all model lifecycle alerts as read for the account.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Scoped to the caller's account.", "operationId": "mark_all_read_api_models_alerts_mark_all_read_post", "parameters": [ { @@ -12260,7 +12265,7 @@ }, "/models/alerts/unread-count": { "get": { - "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Count is scoped to the authenticated account.", + "description": "Get the count of unread model lifecycle alerts.\n\nUseful for badge indicators in UIs and dashboards.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Count is scoped to the caller's account.", "operationId": "get_alert_unread_count_api_models_alerts_unread_count_get", "parameters": [ { @@ -12289,7 +12294,7 @@ }, "/models/alerts/{alert_id}/read": { "patch": { - "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). The alert must belong to the authenticated account.", + "description": "Mark a single model lifecycle alert as read (dismissed).\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. The alert must belong to the caller's account.", "operationId": "mark_read_api_models_alerts__alert_id__read_patch", "parameters": [ { @@ -12329,7 +12334,7 @@ }, "/models/{model_id}/recommendations": { "get": { - "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token).", + "description": "Get replacement/upgrade recommendations for a model.\n\nReturns a designated successor (if any), same-family upgrades, and cross-provider/cross-family alternatives.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token.", "operationId": "get_recommendations_api_models__model_id__recommendations_get", "parameters": [ { @@ -12551,7 +12556,7 @@ }, "/solutions": { "get": { - "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.", + "description": "List solutions for your account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Use solutions to organise related resources and leverage AI assistants for automated setup.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n- Filtering: `search` to filter by solution name (case-insensitive partial match).\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Results are scoped to the caller's account.", "operationId": "list_solutions_api_solutions_get", "parameters": [ { @@ -12656,7 +12661,7 @@ ] }, "post": { - "description": "Create a new solution for the authenticated account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body. Requires authentication (API key or bearer token).", + "description": "Create a new solution for the caller's account.\n\nA *solution* groups agents, knowledge bases, and content sources into a cohesive unit. Provide a `name` and optional `description` in the request body.", "operationId": "create_solution_api_solutions_post", "parameters": [ { @@ -12703,7 +12708,7 @@ }, "/solutions/{solution_id}": { "delete": { - "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted. Requires authentication (API key or bearer token).", + "description": "Delete a solution by its ID.\n\nThis permanently removes the solution and all its resource associations (agent links, knowledge base links, source connection links). The underlying resources themselves are not deleted.", "operationId": "delete_solution_api_solutions__solution_id__delete", "parameters": [ { @@ -12741,7 +12746,7 @@ ] }, "get": { - "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information. Requires authentication (API key or bearer token).", + "description": "Retrieve a solution by its ID, including all linked agents, knowledge bases, and source connections.\n\nReturns the full solution detail with nested resource information.", "operationId": "get_solution_api_solutions__solution_id__get", "parameters": [ { @@ -12786,7 +12791,7 @@ ] }, "patch": { - "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged. Requires authentication (API key or bearer token).", + "description": "Update an existing solution's name or description.\n\nPass the fields you wish to change in the request body. Fields not included remain unchanged.", "operationId": "update_solution_api_solutions__solution_id__patch", "parameters": [ { @@ -12843,7 +12848,7 @@ }, "/solutions/{solution_id}/agents": { "delete": { - "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources. Requires authentication (API key or bearer token).", + "description": "Unlink one or more agents from a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs to remove. Agents not currently linked are silently ignored. Returns the updated solution with remaining linked resources.", "operationId": "unlink_agents_api_solutions__solution_id__agents_delete", "parameters": [ { @@ -12898,7 +12903,7 @@ ] }, "post": { - "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more agents to a solution by their IDs.\n\nPass a JSON body with an `ids` array of agent UUIDs. Already-linked agents are silently ignored. Returns the updated solution with all linked resources.", "operationId": "link_agents_api_solutions__solution_id__agents_post", "parameters": [ { @@ -12955,7 +12960,7 @@ }, "/solutions/{solution_id}/ai-assistant/generate": { "post": { - "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", + "description": "Generate a comprehensive solution management plan via the solution AI assistant.\n\nThis is the most powerful assistant \u2014 it can propose changes across sources, knowledge bases, and agents. Describe your goal in natural language and the assistant will create a multi-step plan. Review the proposed actions and use the accept or decline endpoint.\n\nSupports SSE streaming when `Accept: text/event-stream` is set.", "operationId": "ai_assistant_generate_api_solutions__solution_id__ai_assistant_generate_post", "parameters": [ { @@ -13012,7 +13017,7 @@ }, "/solutions/{solution_id}/ai-assistant/knowledge-base": { "post": { - "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint. Requires authentication (API key or bearer token).", + "description": "Generate a knowledge base plan via the KB AI assistant.\n\nDescribe what knowledge bases you need in natural language and the assistant will propose a plan with create, update, or delete actions. The assistant may also propose creating new sources if needed. Review the proposed actions and use the accept or decline endpoint.", "operationId": "ai_assistant_knowledge_base_api_solutions__solution_id__ai_assistant_knowledge_base_post", "parameters": [ { @@ -13069,7 +13074,7 @@ }, "/solutions/{solution_id}/ai-assistant/source": { "post": { - "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan. Requires authentication (API key or bearer token).", + "description": "Generate a content source plan via the source AI assistant.\n\nDescribe what sources you need in natural language and the assistant will propose a plan with create, update, or delete actions. Review the proposed actions and use the accept or decline endpoint to execute or discard the plan.", "operationId": "ai_assistant_source_api_solutions__solution_id__ai_assistant_source_post", "parameters": [ { @@ -13126,7 +13131,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/accept": { "post": { - "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status. Requires authentication (API key or bearer token).", + "description": "Accept and execute a proposed plan generated by one of the AI assistant endpoints.\n\nExecutes all proposed actions in the plan and returns the results of each action. If the plan contains destructive actions (e.g. deletions), you must set `confirm_deletions` to `true` in the request body. Returns a summary of executed actions with success/failure status.", "operationId": "ai_assistant_accept_api_solutions__solution_id__ai_assistant__conversation_id__accept_post", "parameters": [ { @@ -13193,7 +13198,7 @@ }, "/solutions/{solution_id}/ai-assistant/{conversation_id}/decline": { "post": { - "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed. Requires authentication (API key or bearer token).", + "description": "Decline a proposed plan generated by one of the AI assistant endpoints.\n\nMarks the conversation as declined without executing any actions. The conversation history is preserved for reference. You can generate a new plan afterwards if needed.", "operationId": "ai_assistant_decline_api_solutions__solution_id__ai_assistant__conversation_id__decline_post", "parameters": [ { @@ -13243,7 +13248,7 @@ }, "/solutions/{solution_id}/conversations": { "get": { - "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status. Requires authentication (API key or bearer token).", + "description": "List AI assistant conversation history for a solution.\n\nReturns all conversation turns for the given solution, including user inputs, AI responses, proposed actions, and acceptance status.", "operationId": "list_conversations_api_solutions__solution_id__conversations_get", "parameters": [ { @@ -13292,7 +13297,7 @@ ] }, "post": { - "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions. Requires authentication (API key or bearer token).", + "description": "Add a conversation turn to a solution's AI assistant history.\n\nRecords a user input and optional AI response and actions taken. This is typically called internally by AI assistant endpoints, but can also be used to manually log interactions.", "operationId": "add_conversation_turn_api_solutions__solution_id__conversations_post", "parameters": [ { @@ -13349,7 +13354,7 @@ }, "/solutions/{solution_id}/conversations/{conversation_id}": { "patch": { - "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user. Requires authentication (API key or bearer token).", + "description": "Mark a conversation turn as accepted or declined.\n\nUpdates the `accepted` field on an existing conversation turn. Use this after reviewing a proposed plan to record whether it was accepted or declined by the user.", "operationId": "mark_conversation_turn_api_solutions__solution_id__conversations__conversation_id__patch", "parameters": [ { @@ -13409,7 +13414,7 @@ }, "/solutions/{solution_id}/knowledge-bases": { "delete": { - "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", + "description": "Unlink one or more knowledge bases from a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs to remove. Knowledge bases not currently linked are silently ignored. Returns the updated solution.", "operationId": "unlink_knowledge_bases_api_solutions__solution_id__knowledge_bases_delete", "parameters": [ { @@ -13464,7 +13469,7 @@ ] }, "post": { - "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more knowledge bases to a solution by their IDs.\n\nPass a JSON body with an `ids` array of knowledge base UUIDs. Already-linked knowledge bases are silently ignored. Returns the updated solution with all linked resources.", "operationId": "link_knowledge_bases_api_solutions__solution_id__knowledge_bases_post", "parameters": [ { @@ -13521,7 +13526,7 @@ }, "/solutions/{solution_id}/source-connections": { "delete": { - "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution. Requires authentication (API key or bearer token).", + "description": "Unlink one or more source connections from a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs to remove. Sources not currently linked are silently ignored. Returns the updated solution.", "operationId": "unlink_source_connections_api_solutions__solution_id__source_connections_delete", "parameters": [ { @@ -13576,7 +13581,7 @@ ] }, "post": { - "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources. Requires authentication (API key or bearer token).", + "description": "Link one or more source connections to a solution by their IDs.\n\nPass a JSON body with an `ids` array of source connection UUIDs. Already-linked sources are silently ignored. Returns the updated solution with all linked resources.", "operationId": "link_source_connections_api_solutions__solution_id__source_connections_post", "parameters": [ { @@ -13683,7 +13688,7 @@ }, "/sources/": { "get": { - "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). Results are scoped to the authenticated account.\n- The optional `account_id` query param is only allowed when it matches the authenticated account.", + "description": "List content sources for your account.\n\nA *source* is where Seclai pulls or receives content from (for example RSS feeds, websites, file uploads, or custom indexes). Sources are the inputs that power your agents and knowledge base workflows.\n\nParameters:\n- Pagination: `page` and `limit`.\n- Sorting: `sort` (created_at/updated_at/name) and `order` (asc/desc).\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. Results are scoped to the caller's account.\n- The optional `account_id` query param is only allowed when it matches the caller's account.", "operationId": "list_sources_api_sources__get", "parameters": [ { @@ -13739,7 +13744,7 @@ } }, { - "description": "List sources for the given account. Defaults to the api key's account.", + "description": "List sources for the given account. Defaults to the caller's account.", "in": "query", "name": "account_id", "required": false, @@ -13752,7 +13757,7 @@ "type": "null" } ], - "description": "List sources for the given account. Defaults to the api key's account.", + "description": "List sources for the given account. Defaults to the caller's account.", "title": "Account Id" } }, @@ -13828,7 +13833,7 @@ ] }, "get": { - "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires authentication (API key or bearer token). You can only access sources belonging to your account.", + "description": "Fetch a content source by ID.\n\nAuth & scoping:\n- Requires `X-API-Key` header or OAuth Bearer token. You can only access sources belonging to your account.", "operationId": "get_source_api_sources__source_connection_id__get", "parameters": [ {