api

package
v0.0.0-...-3154aec Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 28, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package api provides primitives to interact with the openapi HTTP API.

Code generated by github.com/oapi-codegen/oapi-codegen/v2 version v2.7.0 DO NOT EDIT.

Index

Constants

View Source 
const (
	BearerAuthScopes bearerAuthContextKey = "bearerAuth.Scopes"
)

Variables

This section is empty.

Functions

func GetSpec 

func GetSpec() (swagger *openapi3.T, err error)

GetSpec returns the OpenAPI specification corresponding to the generated code in this file. External references in the spec are resolved through PathToRawSpec; externally-referenced files must be embedded in their corresponding Go packages (via the import-mapping feature). URL-based external refs are not supported.

func GetSpecJSON 

func GetSpecJSON() ([]byte, error)

GetSpecJSON returns the raw JSON bytes of the embedded OpenAPI specification: decompressed but not unmarshaled. External references are not resolved here; the bytes are the spec exactly as embedded by codegen. The result is cached at package init time, so repeated calls are cheap.

func GetSwagger deprecated 

func GetSwagger() (*openapi3.T, error)

GetSwagger returns the OpenAPI specification corresponding to the generated code in this file.

Deprecated: GetSwagger predates kin-openapi renaming openapi3.Swagger to openapi3.T. Use GetSpec instead. This wrapper is retained for backwards compatibility.

func Handler 

func Handler(si ServerInterface) http.Handler

Handler creates http.Handler with routing matching OpenAPI spec.

func HandlerFromMux 

func HandlerFromMux(si ServerInterface, m ServeMux) http.Handler

HandlerFromMux creates http.Handler with routing matching OpenAPI spec based on the provided mux.

func HandlerFromMuxWithBaseURL 

func HandlerFromMuxWithBaseURL(si ServerInterface, m ServeMux, baseURL string) http.Handler

func HandlerWithOptions 

func HandlerWithOptions(si ServerInterface, options StdHTTPServerOptions) http.Handler

HandlerWithOptions creates http.Handler with additional options

func PathToRawSpec 

func PathToRawSpec(pathToFile string) map[string]func() ([]byte, error)

Constructs a synthetic filesystem for resolving external references when loading openapi specifications.

Types

type Action 

type Action struct {
	// Approval Approval gating for an action. When `required` is true, the runtime
	// holds the action-run HTTP response open while it queues an approval
	// request to the orchestrator; the response unblocks only when the user
	// approves (action runs normally) or denies (returns an
	// `approval_denied` failure envelope). The agent surfaces the approval
	// URL to the user via tool descriptions templated by `aileron-mcp`.
	Approval *ActionApprovalPolicy `json:"approval,omitempty"`

	// Body Markdown content following the closing `+++` delimiter. The first
	// paragraph (or a designated section) is surfaced to the LLM as the
	// function description when the action is exposed as a tool.
	Body *string `json:"body,omitempty"`

	// Enabled Whether the action is currently exposed to the LLM as a callable
	// tool. Sourced from the per-user overlay at
	// `~/.aileron/action-state.json`; absent overlay entries default to
	// `true`. Disabling does not uninstall the action — the manifest
	// file is left untouched. MCP servers must hide disabled actions
	// from `tools/list` and refuse calls against them.
	Enabled *bool               `json:"enabled,omitempty"`
	Execute []ActionExecuteStep `json:"execute"`

	// Inputs Declared call-time arguments. Per ADR-0003, inputs map directly
	// to the JSON Schema `parameters` object the LLM sees when
	// Aileron exposes the action as a tool.
	Inputs *[]ActionInput `json:"inputs,omitempty"`
	Match  ActionMatch    `json:"match"`

	// Name Bare local handle for the action (e.g. "ship-update").
	Name string `json:"name"`

	// Path Absolute path of the source file on disk.
	Path     *string        `json:"path,omitempty"`
	Requires ActionRequires `json:"requires"`

	// Source Fully-qualified URI of the template the action was installed from
	// (e.g. "hub://aileron/ship-update@1.0.0"). Provenance only — not
	// consulted at runtime.
	Source string `json:"source"`

	// Version Strict SemVer of the action manifest.
	Version string `json:"version"`
}

Action A user-installed action manifest. Per ADR-0001 and ADR-0003, an action is a single Markdown file with TOML frontmatter; the parsed frontmatter populates this object's structured fields and the Markdown content following the closing `+++` populates `body`.

type ActionApprovalDecision 

type ActionApprovalDecision struct {
	// Approved True to allow the action to run; false to deny.
	Approved bool `json:"approved"`

	// EditedPayload Kind-specific fields the user changed (or chose) before
	// approving. Omitted when the user approved without edits or
	// the kind doesn't support them. Consumers read kind-specific
	// keys:
	//
	//   - `kind=comms_draft` — `body` carries the edited reply
	//     bytes; the CommsServer dispatcher sends those rather
	//     than the agent's original draft.
	//   - `kind=shell` — `save_policy` carries `""` | `"project"`
	//     | `"user"`; the launch-side approval socket translates
	//     this into the `allow_once` / `allow_project` /
	//     `allow_user` wire string aileron-sh writes the new
	//     allow rule under.
	EditedPayload *map[string]interface{} `json:"edited_payload,omitempty"`

	// Reason Optional commentary from the user. Surfaced to the agent in
	// the deny path so it can recover gracefully (e.g. "wrong
	// recipient — I'll redraft").
	Reason *string `json:"reason,omitempty"`
}

ActionApprovalDecision defines model for ActionApprovalDecision.

type ActionApprovalListResponse 

type ActionApprovalListResponse struct {
	Items []PendingActionApproval `json:"items"`
}

ActionApprovalListResponse defines model for ActionApprovalListResponse.

type ActionApprovalPolicy 

type ActionApprovalPolicy struct {
	// Preview Optional `[approval.preview]` directive (ADR-0016). When present, the
	// runtime invokes the named connector op before showing the approval
	// prompt and renders the response alongside the gated call's inputs so
	// the user sees an authoritative summary of what they are approving
	// rather than agent-supplied hints.
	Preview *ActionApprovalPreviewPolicy `json:"preview,omitempty"`

	// Required When true, `POST /v1/actions/{name}/run` blocks on user approval
	// before executing. Default false.
	Required *bool `json:"required,omitempty"`
}

ActionApprovalPolicy Approval gating for an action. When `required` is true, the runtime holds the action-run HTTP response open while it queues an approval request to the orchestrator; the response unblocks only when the user approves (action runs normally) or denies (returns an `approval_denied` failure envelope). The agent surfaces the approval URL to the user via tool descriptions templated by `aileron-mcp`.

type ActionApprovalPreview 

type ActionApprovalPreview struct {
	// Fields Rendered entries in the manifest's declared order. Omitted on
	// wholesale preview failure.
	Fields *[]ActionApprovalPreviewField `json:"fields,omitempty"`

	// Unavailable User-facing reason a wholesale preview failure occurred. Empty
	// on success (even when some individual fields had missing paths).
	Unavailable *string `json:"unavailable,omitempty"`
}

ActionApprovalPreview Rendered output of the action manifest's `[approval.preview]` directive (ADR-0016). Surfaced on the approval prompt so the user sees an authoritative summary of what they are approving rather than agent-supplied hints. Two terminal shapes:

  • On success, `fields` carries the rendered entries in the manifest's declared order. A field whose render path did not resolve in the preview response carries `missing=true` so the UI renders "n/a" rather than silently omitting the row.
  • On wholesale failure (HTTP non-2xx, timeout, sandbox denial, WASM trap), `unavailable` carries a short user-facing reason (e.g. "preview unavailable: timeout") and `fields` is omitted. The approval still proceeds; the user can decline based on the raw inputs plus the failure note.

type ActionApprovalPreviewField 

type ActionApprovalPreviewField struct {
	// Label User-facing key from the manifest's `render` table.
	Label string `json:"label"`

	// Missing True when the manifest's render path did not resolve in the
	// preview op's response. The UI surfaces these as "n/a" so the
	// user sees that the connector did not return the field, rather
	// than the field being silently absent.
	Missing *bool `json:"missing,omitempty"`

	// Multiline True when the manifest's `multiline` list named this field's
	// label. The approval surface renders the value as a scrollable
	// blockquote below the inline rows rather than as a single-line
	// `key: value` entry. Omitted (or false) for short fields.
	Multiline *bool `json:"multiline,omitempty"`

	// Value Resolved string. Empty when `missing=true`; the UI renders "n/a"
	// in that case.
	Value *string `json:"value,omitempty"`
}

ActionApprovalPreviewField One rendered entry on the approval prompt.

type ActionApprovalPreviewPolicy 

type ActionApprovalPreviewPolicy struct {
	// Args Inline argument table passed to the preview op. Values may
	// interpolate `${args.<name>}` against the gated action's
	// call-time inputs.
	Args *map[string]interface{} `json:"args,omitempty"`

	// Multiline Labels in `render` whose values are long-form content (email
	// bodies, commit messages, response payloads). The approval surface
	// renders these as scrollable blockquotes below the inline rows
	// rather than as single-line `key: value` entries. Optional; a
	// manifest that omits it renders all fields inline. Entries must
	// appear as keys in `render`; mismatches are rejected at manifest
	// load time.
	Multiline *[]string `json:"multiline,omitempty"`

	// Op Connector op the runtime calls before approval. Must live on the
	// same connector as the gated action's first execute step, must be
	// declared `idempotent = true` in at least one bundled action
	// manifest, and must not itself carry `[approval] required = true`
	// (no preview-of-preview recursion).
	Op string `json:"op"`

	// Render Map of user-facing labels to dotted JSON paths into the preview
	// op's response. Header-style arrays (e.g. Gmail's
	// `message.payload.headers`) use a shorthand: a path segment beyond
	// such an array is interpreted as "find the entry whose `name`
	// equals the segment, return its `value`". Paths that fail to
	// resolve at runtime surface as per-field "n/a" indicators on the
	// approval prompt; the approval still proceeds.
	Render map[string]string `json:"render"`
}

ActionApprovalPreviewPolicy Optional `[approval.preview]` directive (ADR-0016). When present, the runtime invokes the named connector op before showing the approval prompt and renders the response alongside the gated call's inputs so the user sees an authoritative summary of what they are approving rather than agent-supplied hints.

type ActionApprovalResult 

type ActionApprovalResult struct {
	// AuditId Audit log id; populated when `status = completed`.
	AuditId *string `json:"audit_id,omitempty"`

	// Failure Action-side failure envelope; populated when
	// `status = failed`. Same shape the synchronous path would
	// have returned as a 4xx/5xx body.
	Failure *FailureEnvelope `json:"failure,omitempty"`

	// Reason User's deny commentary; populated when `status = denied`.
	// May be empty if the user denied without a reason.
	Reason *string `json:"reason,omitempty"`

	// Result Action output payload; populated when `status = completed`.
	// Same shape as `ActionRunResponse.result`.
	Result *string `json:"result,omitempty"`

	// Status - `pending_approval` — the user has not yet decided.
	// - `awaiting_vault` — the user approved before the daemon
	//   restarted; the entry is replayed but the local vault is
	//   currently locked, so the executor is waiting for the
	//   user to unlock the vault before running the action.
	// - `running` — the user approved; the daemon is executing
	//   the action.
	// - `completed` — the action ran successfully; see `audit_id`
	//   and `result`.
	// - `denied` — the user denied the approval; see `reason`.
	// - `failed` — the action was approved but its execution
	//   errored; see `failure`. Also used at replay time when a
	//   `running` entry was found on disk (daemon crashed
	//   mid-execution; the runtime refuses to auto-rerun
	//   non-idempotent actions). In that case `reason` carries
	//   an explanatory message.
	Status ActionApprovalResultStatus `json:"status"`
}

ActionApprovalResult Current status and (when available) result of an action approval entry. Returned by `GET /v1/action-approvals/{id}/result`. The shape is discriminated on `status`: terminal statuses (`completed`, `denied`, `failed`) carry the relevant outcome fields; transient statuses (`pending_approval`, `awaiting_vault`, `running`) carry only `status`.

type ActionApprovalResultStatus 

type ActionApprovalResultStatus string

ActionApprovalResultStatus - `pending_approval` — the user has not yet decided.

  • `awaiting_vault` — the user approved before the daemon restarted; the entry is replayed but the local vault is currently locked, so the executor is waiting for the user to unlock the vault before running the action.
  • `running` — the user approved; the daemon is executing the action.
  • `completed` — the action ran successfully; see `audit_id` and `result`.
  • `denied` — the user denied the approval; see `reason`.
  • `failed` — the action was approved but its execution errored; see `failure`. Also used at replay time when a `running` entry was found on disk (daemon crashed mid-execution; the runtime refuses to auto-rerun non-idempotent actions). In that case `reason` carries an explanatory message.
const (
	ActionApprovalResultStatusAwaitingVault   ActionApprovalResultStatus = "awaiting_vault"
	ActionApprovalResultStatusCompleted       ActionApprovalResultStatus = "completed"
	ActionApprovalResultStatusDenied          ActionApprovalResultStatus = "denied"
	ActionApprovalResultStatusFailed          ActionApprovalResultStatus = "failed"
	ActionApprovalResultStatusPendingApproval ActionApprovalResultStatus = "pending_approval"
	ActionApprovalResultStatusRunning         ActionApprovalResultStatus = "running"
)

Defines values for ActionApprovalResultStatus.

func (ActionApprovalResultStatus) Valid 

func (e ActionApprovalResultStatus) Valid() bool

Valid indicates whether the value is a known member of the ActionApprovalResultStatus enum.

type ActionConnectorDep 

type ActionConnectorDep struct {
	// AlreadyInstalled True when an entry with this hash is already in the
	// cstore. The CLI renders this so the operator sees which
	// deps are new (will be installed) versus existing (no
	// change).
	AlreadyInstalled bool `json:"already_installed"`

	// Capabilities Subset of the connector's declared capabilities the
	// action will exercise. Empty means the action declared no
	// capability subset.
	Capabilities *[]string `json:"capabilities,omitempty"`

	// Fqn Connector FQN per ADR-0002.
	Fqn string `json:"fqn"`

	// Hash Connector content hash the action pins (`sha256:<hex>`).
	// The runtime verifies this before every connector
	// invocation per ADR-0004.
	Hash string `json:"hash"`

	// Version Strict SemVer pinned by the action.
	Version string `json:"version"`
}

ActionConnectorDep defines model for ActionConnectorDep.

type ActionExecuteStep 

type ActionExecuteStep struct {
	Connector  string                  `json:"connector"`
	Id         string                  `json:"id"`
	Idempotent *bool                   `json:"idempotent,omitempty"`
	Inputs     *map[string]interface{} `json:"inputs,omitempty"`
	Op         string                  `json:"op"`
}

ActionExecuteStep defines model for ActionExecuteStep.

type ActionInput 

type ActionInput struct {
	// Description Field-level prose surfaced to the LLM in the
	// `parameters.properties[name].description` slot.
	Description string `json:"description"`

	// ItemsType JSON Schema type of an array input's elements. Only meaningful
	// when `type` is `array`. When set, the LLM-facing tool schema
	// emits `"items": {"type": <items_type>}`. When unset on an array
	// input, the schema emits `"items": {}` (any) so MCP clients that
	// default missing-`items` to `string[]` projection do not silently
	// coerce object elements to strings.
	ItemsType *ActionInputItemsType `json:"items_type,omitempty"`

	// Name Argument identifier matching `^[a-z][a-z0-9_]*$`.
	Name string `json:"name"`

	// Required Defaults to true when omitted. Set false to mark the argument
	// as optional in the LLM-facing parameter schema.
	Required *bool `json:"required,omitempty"`

	// Type JSON Schema type. Scalar types (`string`, `integer`, `number`,
	// `boolean`) and structured types (`array`, `object`) are accepted.
	// Structured types are passed through to the LLM-facing tool-use
	// schema with optional shape constraints declared on adjacent
	// fields (`items_type` for arrays); the connector is responsible
	// for validating semantic shape at op time.
	Type ActionInputType `json:"type"`
}

ActionInput defines model for ActionInput.

type ActionInputItemsType 

type ActionInputItemsType string

ActionInputItemsType JSON Schema type of an array input's elements. Only meaningful when `type` is `array`. When set, the LLM-facing tool schema emits `"items": {"type": <items_type>}`. When unset on an array input, the schema emits `"items": {}` (any) so MCP clients that default missing-`items` to `string[]` projection do not silently coerce object elements to strings. 

const (
	ActionInputItemsTypeBoolean ActionInputItemsType = "boolean"
	ActionInputItemsTypeInteger ActionInputItemsType = "integer"
	ActionInputItemsTypeNumber  ActionInputItemsType = "number"
	ActionInputItemsTypeObject  ActionInputItemsType = "object"
	ActionInputItemsTypeString  ActionInputItemsType = "string"
)

Defines values for ActionInputItemsType.

func (ActionInputItemsType) Valid 

func (e ActionInputItemsType) Valid() bool

Valid indicates whether the value is a known member of the ActionInputItemsType enum.

type ActionInputType 

type ActionInputType string

ActionInputType JSON Schema type. Scalar types (`string`, `integer`, `number`, `boolean`) and structured types (`array`, `object`) are accepted. Structured types are passed through to the LLM-facing tool-use schema with optional shape constraints declared on adjacent fields (`items_type` for arrays); the connector is responsible for validating semantic shape at op time. 

const (
	ActionInputTypeArray   ActionInputType = "array"
	ActionInputTypeBoolean ActionInputType = "boolean"
	ActionInputTypeInteger ActionInputType = "integer"
	ActionInputTypeNumber  ActionInputType = "number"
	ActionInputTypeObject  ActionInputType = "object"
	ActionInputTypeString  ActionInputType = "string"
)

Defines values for ActionInputType.

func (ActionInputType) Valid 

func (e ActionInputType) Valid() bool

Valid indicates whether the value is a known member of the ActionInputType enum.

type ActionIntent 

type ActionIntent struct {
	// Domain Carries action-type-specific fields. Exactly one field must be populated,
	// corresponding to the prefix of ActionIntent.type:
	//   - git.* → git
	//   - deploy.* → deploy
	//   - cloud.* → cloud
	//   - email.* → email
	//   - calendar.* → calendar
	//   - payment.* → payment
	//   - procurement.* → procurement
	// The server rejects requests where the populated domain field does not
	// match the action type prefix.
	Domain        *DomainAction           `json:"domain,omitempty"`
	Justification *string                 `json:"justification,omitempty"`
	Metadata      *map[string]interface{} `json:"metadata,omitempty"`
	Summary       string                  `json:"summary"`
	Target        *ActionTarget           `json:"target,omitempty"`
	Type          string                  `json:"type"`
}

ActionIntent defines model for ActionIntent.

type ActionListResponse 

type ActionListResponse struct {
	Items      *[]Action          `json:"items,omitempty"`
	LoadErrors *[]ActionLoadError `json:"load_errors,omitempty"`
}

ActionListResponse defines model for ActionListResponse.

type ActionLoadError 

type ActionLoadError struct {
	// Boundary Which layer produced the error (always "action" for load failures).
	Boundary *string `json:"boundary,omitempty"`

	// Class Canonical failure class (e.g. parse_error, validation_error).
	Class string `json:"class"`

	// File Absolute path of the offending file.
	File string `json:"file"`

	// Line Line within the file where the error was detected; 0 when unknown.
	Line    *int   `json:"line,omitempty"`
	Message string `json:"message"`
}

ActionLoadError A structured error describing a single file in the actions directory that failed to parse or validate, per ADR-0010. Loading is non-fatal — files that load successfully appear in `items`; failed files appear here so callers can surface a precise message.

type ActionMatch 

type ActionMatch struct {
	// Intent Canonical phrase the runtime matches against agent intent.
	Intent string `json:"intent"`
}

ActionMatch defines model for ActionMatch.

type ActionPatchRequest 

type ActionPatchRequest struct {
	// Enabled When set, replaces the action's enabled flag in the overlay
	// (see [Action.enabled]). Omit to leave the current value
	// untouched.
	Enabled *bool `json:"enabled,omitempty"`
}

ActionPatchRequest Partial update to an installed action's user-controlled overlay state. Every field is optional; only fields present in the request body are applied, so callers can update one preference without having to repeat the others.

type ActionPreview 

type ActionPreview struct {
	// AlreadyInstalled True when an action with this name is already installed
	// and its hash matches. The CLI uses this to short-circuit
	// past the consent prompt.
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// ConnectorDeps One entry per `[[requires.connectors]]` in the action's
	// manifest, in declaration order.
	ConnectorDeps []ActionConnectorDep `json:"connector_deps"`

	// Existing Set when an action with the same `name` is already
	// installed but its bytes differ from the previewed
	// manifest (typically a different version). Mutually
	// exclusive with `already_installed = true`. The CLI uses
	// this to render an upgrade prompt instead of treating
	// the install as fresh — the operator sees the installed
	// version side-by-side with the requested version and can
	// choose to overwrite.
	Existing *InstalledActionRef `json:"existing,omitempty"`

	// Fqn Canonical FQN of the previewed action.
	Fqn string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the fetched action manifest.
	// Same value the install endpoint will record.
	Hash string `json:"hash"`

	// Intent Action's `[match] intent` — the canonical natural-language
	// phrase the runtime matches against agent requests. Used in
	// the consent prompt so the operator knows when this action
	// will fire. Optional.
	Intent *string `json:"intent,omitempty"`

	// Name Action name from the manifest's `name = "<name>"` field —
	// the slug under `~/.aileron/actions/<name>.md`.
	Name string `json:"name"`

	// SignatureStatus Action signatures are optional in v1 — manifests without a
	// signature surface as `unsigned` rather than as an error.
	// Operators see this in the consent prompt and decide
	// whether to proceed.
	SignatureStatus *ActionPreviewSignatureStatus `json:"signature_status,omitempty"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ActionPreview defines model for ActionPreview.

type ActionPreviewSignatureStatus 

type ActionPreviewSignatureStatus string

ActionPreviewSignatureStatus Action signatures are optional in v1 — manifests without a signature surface as `unsigned` rather than as an error. Operators see this in the consent prompt and decide whether to proceed. 

const (
	ActionPreviewSignatureStatusUnsigned ActionPreviewSignatureStatus = "unsigned"
	ActionPreviewSignatureStatusVerified ActionPreviewSignatureStatus = "verified"
)

Defines values for ActionPreviewSignatureStatus.

func (ActionPreviewSignatureStatus) Valid 

func (e ActionPreviewSignatureStatus) Valid() bool

Valid indicates whether the value is a known member of the ActionPreviewSignatureStatus enum.

type ActionRequires 

type ActionRequires struct {
	Connectors *[]ActionRequiresConnector `json:"connectors,omitempty"`
}

ActionRequires defines model for ActionRequires.

type ActionRequiresConnector 

type ActionRequiresConnector struct {
	// Capabilities The action's declared subset of operations on the connector. Per
	// ADR-0003, calls outside this subset are denied at the action
	// boundary even when the connector permits the operation.
	Capabilities []string `json:"capabilities"`

	// Hash Content hash of the connector binary plus its manifest.
	Hash string `json:"hash"`

	// Name Connector FQN per ADR-0002 (e.g. "github://aileron/slack").
	Name string `json:"name"`

	// Version Pinned SemVer of the connector.
	Version string `json:"version"`
}

ActionRequiresConnector defines model for ActionRequiresConnector.

type ActionRunPendingResponse 

type ActionRunPendingResponse struct {
	// ApprovalId Opaque server-minted id for the pending approval entry.
	// The agent passes this to the `check_action_status` MCP
	// tool (or to `GET /v1/action-approvals/{id}/result`) to
	// learn the outcome.
	ApprovalId string `json:"approval_id"`

	// Message Human-readable instruction the agent should surface to the
	// user verbatim. Names the approval, the review URL, and the
	// `aileron open approval <id>` shell command alternative.
	Message string `json:"message"`

	// ReviewUrl Deep link to the webapp's approvals page anchored at this
	// approval (`<webapp>/approvals?focus=<id>`). Empty when the
	// daemon has no webapp URL configured.
	ReviewUrl *string `json:"review_url,omitempty"`

	// Status Discriminator. Always `pending_approval` for this shape;
	// included so the agent's MCP wrapper can branch without
	// inspecting the HTTP status code.
	Status ActionRunPendingResponseStatus `json:"status"`
}

ActionRunPendingResponse Response body for the 202 case of `POST /v1/actions/{name}/run`: the action's manifest declared `[approval] required = true`, so the daemon registered a pending approval and a background executor instead of running the action inline. The agent is expected to surface `message` to the user verbatim so they learn where to approve.

type ActionRunPendingResponseStatus 

type ActionRunPendingResponseStatus string

ActionRunPendingResponseStatus Discriminator. Always `pending_approval` for this shape; included so the agent's MCP wrapper can branch without inspecting the HTTP status code. 

const (
	ActionRunPendingResponseStatusPendingApproval ActionRunPendingResponseStatus = "pending_approval"
)

Defines values for ActionRunPendingResponseStatus.

func (ActionRunPendingResponseStatus) Valid 

func (e ActionRunPendingResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the ActionRunPendingResponseStatus enum.

type ActionRunRequest 

type ActionRunRequest struct {
	// Args Per-call arguments matching the action's declared inputs.
	Args *map[string]interface{} `json:"args,omitempty"`
}

ActionRunRequest Arguments for synchronously executing an installed action. The `args` map is passed to the action's executor after validation against the action's declared `inputs`.

type ActionRunResponse 

type ActionRunResponse struct {
	// AuditId Audit log ID for this execution per ADR-0010. Always present
	// so callers can cross-reference into the audit log.
	AuditId string `json:"audit_id"`

	// Result Action output payload — the same Content the LLM observes
	// as a tool result when the action runs through the gateway's
	// intercept path. Typically a JSON document; may be plain
	// prose for actions whose output is naturally a sentence.
	Result *string `json:"result,omitempty"`
}

ActionRunResponse Successful result from synchronously executing an action. Action-side failures are returned as a 4xx/5xx FailureEnvelope instead of this shape, so a 200 response always carries a successful payload.

type ActionTarget 

type ActionTarget struct {
	DisplayName *string          `json:"display_name,omitempty"`
	Id          *string          `json:"id,omitempty"`
	Kind        ActionTargetKind `json:"kind"`
}

ActionTarget defines model for ActionTarget.

type ActionTargetKind 

type ActionTargetKind string

ActionTargetKind defines model for ActionTarget.Kind. 

const (
	ActionTargetKindApi            ActionTargetKind = "api"
	ActionTargetKindCalendar       ActionTargetKind = "calendar"
	ActionTargetKindCloudResource  ActionTargetKind = "cloud_resource"
	ActionTargetKindCustom         ActionTargetKind = "custom"
	ActionTargetKindEmailRecipient ActionTargetKind = "email_recipient"
	ActionTargetKindEnvironment    ActionTargetKind = "environment"
	ActionTargetKindRepository     ActionTargetKind = "repository"
	ActionTargetKindSecret         ActionTargetKind = "secret"
	ActionTargetKindTicket         ActionTargetKind = "ticket"
	ActionTargetKindVendor         ActionTargetKind = "vendor"
)

Defines values for ActionTargetKind.

func (ActionTargetKind) Valid 

func (e ActionTargetKind) Valid() bool

Valid indicates whether the value is a known member of the ActionTargetKind enum.

type ActorRef 

type ActorRef struct {
	DisplayName *string      `json:"display_name,omitempty"`
	Id          string       `json:"id"`
	Type        ActorRefType `json:"type"`
}

ActorRef defines model for ActorRef.

type ActorRefType 

type ActorRefType string

ActorRefType defines model for ActorRef.Type. 

const (
	Agent            ActorRefType = "agent"
	ConnectorRuntime ActorRefType = "connector_runtime"
	Human            ActorRefType = "human"
	Service          ActorRefType = "service"
)

Defines values for ActorRefType.

func (ActorRefType) Valid 

func (e ActorRefType) Valid() bool

Valid indicates whether the value is a known member of the ActorRefType enum.

type AnalyticsSummary 

type AnalyticsSummary struct {
	ApprovalLatencyMs *struct {
		P50 *int `json:"p50,omitempty"`
		P95 *int `json:"p95,omitempty"`
	} `json:"approval_latency_ms,omitempty"`
	ByRiskLevel *map[string]int `json:"by_risk_level,omitempty"`
	Spend       *struct {
		Currency        *string `json:"currency,omitempty"`
		TotalMinorUnits *int    `json:"total_minor_units,omitempty"`
	} `json:"spend,omitempty"`
	Totals *struct {
		ApprovalsGranted    *int `json:"approvals_granted,omitempty"`
		ApprovalsRequested  *int `json:"approvals_requested,omitempty"`
		Denials             *int `json:"denials,omitempty"`
		ExecutionsFailed    *int `json:"executions_failed,omitempty"`
		ExecutionsSucceeded *int `json:"executions_succeeded,omitempty"`
		Intents             *int `json:"intents,omitempty"`
	} `json:"totals,omitempty"`
}

AnalyticsSummary defines model for AnalyticsSummary.

type AnthropicMessage 

type AnthropicMessage struct {
	// Content String or array of content blocks (`text`, `tool_use`,
	// `tool_result`, `image`, ...). Shape follows Anthropic's
	// Messages contract.
	Content              interface{}            `json:"content"`
	Role                 AnthropicMessageRole   `json:"role"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

AnthropicMessage defines model for AnthropicMessage.

func (AnthropicMessage) Get 

func (a AnthropicMessage) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for AnthropicMessage. Returns the specified element and whether it was found

func (AnthropicMessage) MarshalJSON 

func (a AnthropicMessage) MarshalJSON() ([]byte, error)

Override default JSON handling for AnthropicMessage to handle AdditionalProperties

func (*AnthropicMessage) Set 

func (a *AnthropicMessage) Set(fieldName string, value interface{})

Setter for additional properties for AnthropicMessage

func (*AnthropicMessage) UnmarshalJSON 

func (a *AnthropicMessage) UnmarshalJSON(b []byte) error

Override default JSON handling for AnthropicMessage to handle AdditionalProperties

type AnthropicMessageRole 

type AnthropicMessageRole string

AnthropicMessageRole defines model for AnthropicMessage.Role. 

const (
	AnthropicMessageRoleAssistant AnthropicMessageRole = "assistant"
	AnthropicMessageRoleUser      AnthropicMessageRole = "user"
)

Defines values for AnthropicMessageRole.

func (AnthropicMessageRole) Valid 

func (e AnthropicMessageRole) Valid() bool

Valid indicates whether the value is a known member of the AnthropicMessageRole enum.

type AnthropicTool 

type AnthropicTool struct {
	Description *string `json:"description,omitempty"`

	// InputSchema JSON Schema for the tool's input.
	InputSchema          *map[string]interface{} `json:"input_schema,omitempty"`
	Name                 string                  `json:"name"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

AnthropicTool defines model for AnthropicTool.

func (AnthropicTool) Get 

func (a AnthropicTool) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for AnthropicTool. Returns the specified element and whether it was found

func (AnthropicTool) MarshalJSON 

func (a AnthropicTool) MarshalJSON() ([]byte, error)

Override default JSON handling for AnthropicTool to handle AdditionalProperties

func (*AnthropicTool) Set 

func (a *AnthropicTool) Set(fieldName string, value interface{})

Setter for additional properties for AnthropicTool

func (*AnthropicTool) UnmarshalJSON 

func (a *AnthropicTool) UnmarshalJSON(b []byte) error

Override default JSON handling for AnthropicTool to handle AdditionalProperties

type AppendEvidenceRequest 

type AppendEvidenceRequest struct {
	Evidence []EvidenceItem `json:"evidence"`
}

AppendEvidenceRequest defines model for AppendEvidenceRequest.

type AppendIntentEvidenceJSONRequestBody 

type AppendIntentEvidenceJSONRequestBody = AppendEvidenceRequest

AppendIntentEvidenceJSONRequestBody defines body for AppendIntentEvidence for application/json ContentType.

type Approval 

type Approval struct {
	ApprovalId     string                  `json:"approval_id"`
	Approvers      []ApprovalActor         `json:"approvers"`
	EditableBounds *map[string]interface{} `json:"editable_bounds,omitempty"`
	ExpiresAt      *time.Time              `json:"expires_at,omitempty"`
	IntentId       string                  `json:"intent_id"`
	Rationale      *string                 `json:"rationale,omitempty"`
	RequestedAt    time.Time               `json:"requested_at"`
	ResolvedAt     *time.Time              `json:"resolved_at,omitempty"`
	Status         ApprovalStatus          `json:"status"`
	WorkspaceId    *string                 `json:"workspace_id,omitempty"`
}

Approval defines model for Approval.

type ApprovalActionResponse 

type ApprovalActionResponse struct {
	ApprovalId       string         `json:"approval_id"`
	ExecutionGrantId *string        `json:"execution_grant_id,omitempty"`
	IntentStatus     *IntentStatus  `json:"intent_status,omitempty"`
	Status           ApprovalStatus `json:"status"`
}

ApprovalActionResponse defines model for ApprovalActionResponse.

type ApprovalActor 

type ApprovalActor struct {
	DisplayName *string              `json:"display_name,omitempty"`
	PrincipalId string               `json:"principal_id"`
	Role        *string              `json:"role,omitempty"`
	Status      *ApprovalActorStatus `json:"status,omitempty"`
}

ApprovalActor defines model for ApprovalActor.

type ApprovalActorStatus 

type ApprovalActorStatus string

ApprovalActorStatus defines model for ApprovalActor.Status. 

const (
	ApprovalActorStatusApproved  ApprovalActorStatus = "approved"
	ApprovalActorStatusDelegated ApprovalActorStatus = "delegated"
	ApprovalActorStatusDenied    ApprovalActorStatus = "denied"
	ApprovalActorStatusPending   ApprovalActorStatus = "pending"
)

Defines values for ApprovalActorStatus.

func (ApprovalActorStatus) Valid 

func (e ApprovalActorStatus) Valid() bool

Valid indicates whether the value is a known member of the ApprovalActorStatus enum.

type ApprovalId 

type ApprovalId = string

ApprovalId defines model for ApprovalId.

type ApprovalListResponse 

type ApprovalListResponse struct {
	Items      *[]Approval `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

ApprovalListResponse defines model for ApprovalListResponse.

type ApprovalRequirement 

type ApprovalRequirement struct {
	ApproverGroupId *string                  `json:"approver_group_id,omitempty"`
	Mode            *ApprovalRequirementMode `json:"mode,omitempty"`
	QuorumCount     *int                     `json:"quorum_count,omitempty"`
}

ApprovalRequirement defines model for ApprovalRequirement.

type ApprovalRequirementMode 

type ApprovalRequirementMode string

ApprovalRequirementMode defines model for ApprovalRequirement.Mode. 

const (
	AllOfGroup ApprovalRequirementMode = "all_of_group"
	AnyOfGroup ApprovalRequirementMode = "any_of_group"
	Quorum     ApprovalRequirementMode = "quorum"
	Single     ApprovalRequirementMode = "single"
)

Defines values for ApprovalRequirementMode.

func (ApprovalRequirementMode) Valid 

func (e ApprovalRequirementMode) Valid() bool

Valid indicates whether the value is a known member of the ApprovalRequirementMode enum.

type ApprovalStatus 

type ApprovalStatus string

ApprovalStatus defines model for ApprovalStatus. 

const (
	ApprovalStatusApproved  ApprovalStatus = "approved"
	ApprovalStatusCancelled ApprovalStatus = "cancelled"
	ApprovalStatusDelegated ApprovalStatus = "delegated"
	ApprovalStatusDenied    ApprovalStatus = "denied"
	ApprovalStatusExpired   ApprovalStatus = "expired"
	ApprovalStatusModified  ApprovalStatus = "modified"
	ApprovalStatusPending   ApprovalStatus = "pending"
)

Defines values for ApprovalStatus.

func (ApprovalStatus) Valid 

func (e ApprovalStatus) Valid() bool

Valid indicates whether the value is a known member of the ApprovalStatus enum.

type ApproveRequest 

type ApproveRequest struct {
	ApproveOnce         *bool   `json:"approve_once,omitempty"`
	Comment             *string `json:"comment,omitempty"`
	StepUpAuthAssertion *string `json:"step_up_auth_assertion,omitempty"`
}

ApproveRequest defines model for ApproveRequest.

type ApproveRequestJSONRequestBody 

type ApproveRequestJSONRequestBody = ApproveRequest

ApproveRequestJSONRequestBody defines body for ApproveRequest for application/json ContentType.

type AttachmentRef 

type AttachmentRef struct {
	MimeType   *string `json:"mime_type,omitempty"`
	Name       *string `json:"name,omitempty"`
	StorageRef *string `json:"storage_ref,omitempty"`
	Url        *string `json:"url,omitempty"`
}

AttachmentRef defines model for AttachmentRef.

type AuditEvent 

type AuditEvent struct {
	Actor struct {
		// Id Stable identifier within the actor type.
		Id string `json:"id"`

		// Type Actor kind (`human`, `agent`, `connector_runtime`, etc.)
		Type string `json:"type"`
	} `json:"actor"`

	// AuditId Stable id minted by the recorder. For failures, also
	// stamped onto the `FailureEnvelope.error.audit_id` so the
	// envelope returned to the caller is a working back-reference.
	AuditId string `json:"audit_id"`

	// EventType Discriminator for the payload shape (e.g.
	// `execution.failed`, `action.installed`, `binding.created`).
	EventType string `json:"event_type"`

	// Payload Event-shaped payload. For failures, contains
	// `class`/`boundary`/`retriable`/`message`/`details`. For
	// success events, contains the event-specific fields the
	// recorder set (e.g. `name`, `connector_fqn`, `kind` for a
	// binding event).
	Payload map[string]interface{} `json:"payload"`

	// Timestamp When the event was recorded; RFC 3339, UTC.
	Timestamp time.Time `json:"timestamp"`
}

AuditEvent A single audit-log entry. Shape is stable across the events the ADR-0010 recorder emits (failures, action installs, binding lifecycle). Specific keys inside `payload` depend on `event_type` and are documented in the recorder.

type AuditListResponse 

type AuditListResponse struct {
	Events []AuditEvent `json:"events"`
}

AuditListResponse Response shape for `GET /v1/audit`. `events` is ordered newest-first; truncation to `limit` is applied after filtering.

type BadRequest 

type BadRequest = Error

BadRequest Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type Binding 

type Binding struct {
	// Account Human-readable account label derived from credential metadata when available.
	Account *string `json:"account,omitempty"`

	// ConnectorFqn FQN of the connector this binding was created for.
	ConnectorFqn string    `json:"connector_fqn"`
	CreatedAt    time.Time `json:"created_at"`

	// GrantedScopes OAuth scope strings the provider confirmed on the most
	// recent successful handshake. Empty for non-OAuth kinds and
	// for OAuth bindings created before scope tracking landed
	// (those are migration-marked `stale` on first
	// install-after-upgrade).
	GrantedScopes *[]string `json:"granted_scopes,omitempty"`

	// Identity User-chosen handle distinguishing variants of the same kind+service (e.g. `work`, `personal`).
	Identity string `json:"identity"`

	// Kind Credential kind (e.g. `api_key`, `oauth2`). Matches the connector manifest's `[capabilities.credential].kind`.
	Kind string `json:"kind"`

	// LastRefreshedAt Reserved for OAuth refresh tracking (#388); always null for `api_key`.
	LastRefreshedAt *time.Time `json:"last_refreshed_at,omitempty"`

	// LastUsedAt Last time the runtime resolved this binding for an action invocation.
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`

	// MissingScopes Scope strings the current connector manifest demands but
	// this binding's recorded grant lacks. Populated when
	// `stale_reason == "scope_drift"` and empty otherwise. The
	// webapp/CLI render this so the user can see what
	// reauthorization will unlock.
	MissingScopes *[]string `json:"missing_scopes,omitempty"`

	// Name Full binding name in `<kind>/<service>/<identity>` form.
	Name string `json:"name"`

	// RefreshTokenPresent Reserved for OAuth refresh tracking (#388); always false for `api_key`.
	RefreshTokenPresent *bool `json:"refresh_token_present,omitempty"`

	// Scope Optional scope string copied from the connector manifest at setup time.
	Scope *string `json:"scope,omitempty"`

	// Service Service identifier (e.g. `slack`, `linear`).
	Service string `json:"service"`

	// StaleReason Populated when `status == "stale"`. `scope_drift` means the
	// connector manifest declares a scope this binding lacks;
	// `no_grant_record` means the binding predates scope tracking
	// and was migration-marked on the first install-after-upgrade.
	StaleReason *BindingStaleReason `json:"stale_reason,omitempty"`

	// Status Coarse health flag. `stale` is set by drift detection at
	// connector-install time when the manifest's OAuth scope set
	// demands a scope the binding's recorded grant does not have,
	// or when a pre-existing binding has no recorded grant.
	Status *BindingStatus `json:"status,omitempty"`
}

Binding A capability binding mapping a connector's declared credential capability to a concrete vault entry, per ADR-0006. The same `name` string is the vault path the runtime resolves at credential-mediation time.

type BindingListResponse 

type BindingListResponse struct {
	Items []Binding `json:"items"`
}

BindingListResponse defines model for BindingListResponse.

type BindingName 

type BindingName = string

BindingName defines model for BindingName.

type BindingSetupRequest 

type BindingSetupRequest struct {
	Bindings []struct {
		// Account Optional human-readable account label.
		Account *string `json:"account,omitempty"`

		// Identity User-chosen handle for this binding. Combined with the
		// connector's declared kind and service to form the
		// full binding name `<kind>/<service>/<identity>`.
		Identity string `json:"identity"`

		// Service Optional service override. Defaults to the service
		// segment derived from the connector FQN's host.
		Service *string `json:"service,omitempty"`

		// Source Per-binding credential source. v1 supports only `api_key`. Setting
		// `kind: oauth2` returns a structured `400` referencing #388.
		Source BindingSource `json:"source"`
	} `json:"bindings"`

	// ConnectorFqn Fully-qualified connector name (e.g. `github://aileron/slack`).
	// The connector must already be installed.
	ConnectorFqn string `json:"connector_fqn"`

	// SkipExisting When true (default), bindings whose name already exists are
	// skipped silently and reported in the response's `skipped`
	// list. When false, the entire request fails with `409 Conflict`
	// on the first existing binding.
	SkipExisting *bool `json:"skip_existing,omitempty"`
}

BindingSetupRequest defines model for BindingSetupRequest.

type BindingSetupResponse 

type BindingSetupResponse struct {
	Created []Binding `json:"created"`

	// Skipped Names of bindings that already existed (only populated when `skip_existing` was true).
	Skipped *[]string `json:"skipped,omitempty"`
}

BindingSetupResponse defines model for BindingSetupResponse.

type BindingSource 

type BindingSource struct {
	// Kind Credential kind. Must match the connector manifest's declared
	// `[capabilities.credential].kind` for the requested capability.
	Kind BindingSourceKind `json:"kind"`

	// Value Raw credential bytes (e.g. the API key). Required when `kind`
	// is `api_key`. The runtime stores this encrypted in the vault.
	Value *string `json:"value,omitempty"`
}

BindingSource Per-binding credential source. v1 supports only `api_key`. Setting `kind: oauth2` returns a structured `400` referencing #388.

type BindingSourceKind 

type BindingSourceKind string

BindingSourceKind Credential kind. Must match the connector manifest's declared `[capabilities.credential].kind` for the requested capability. 

const (
	BindingSourceKindApiKey BindingSourceKind = "api_key"
	BindingSourceKindOauth2 BindingSourceKind = "oauth2"
)

Defines values for BindingSourceKind.

func (BindingSourceKind) Valid 

func (e BindingSourceKind) Valid() bool

Valid indicates whether the value is a known member of the BindingSourceKind enum.

type BindingStaleReason 

type BindingStaleReason string

BindingStaleReason Populated when `status == "stale"`. `scope_drift` means the connector manifest declares a scope this binding lacks; `no_grant_record` means the binding predates scope tracking and was migration-marked on the first install-after-upgrade. 

const (
	BindingStaleReasonNoGrantRecord BindingStaleReason = "no_grant_record"
	BindingStaleReasonScopeDrift    BindingStaleReason = "scope_drift"
)

Defines values for BindingStaleReason.

func (BindingStaleReason) Valid 

func (e BindingStaleReason) Valid() bool

Valid indicates whether the value is a known member of the BindingStaleReason enum.

type BindingStatus 

type BindingStatus string

BindingStatus Coarse health flag. `stale` is set by drift detection at connector-install time when the manifest's OAuth scope set demands a scope the binding's recorded grant does not have, or when a pre-existing binding has no recorded grant. 

const (
	BindingStatusActive  BindingStatus = "active"
	BindingStatusRevoked BindingStatus = "revoked"
	BindingStatusStale   BindingStatus = "stale"
)

Defines values for BindingStatus.

func (BindingStatus) Valid 

func (e BindingStatus) Valid() bool

Valid indicates whether the value is a known member of the BindingStatus enum.

type CalendarAction 

type CalendarAction struct {
	Attendees      *[]CalendarAttendee           `json:"attendees,omitempty"`
	CalendarId     *string                       `json:"calendar_id,omitempty"`
	ConferenceType *CalendarActionConferenceType `json:"conference_type,omitempty"`
	Description    *string                       `json:"description,omitempty"`
	EndTime        *time.Time                    `json:"end_time,omitempty"`
	Location       *string                       `json:"location,omitempty"`
	Provider       *CalendarActionProvider       `json:"provider,omitempty"`
	StartTime      *time.Time                    `json:"start_time,omitempty"`
	Timezone       *string                       `json:"timezone,omitempty"`
	Title          *string                       `json:"title,omitempty"`
	Visibility     *CalendarActionVisibility     `json:"visibility,omitempty"`
}

CalendarAction defines model for CalendarAction.

type CalendarActionConferenceType 

type CalendarActionConferenceType string

CalendarActionConferenceType defines model for CalendarAction.ConferenceType. 

const (
	CalendarActionConferenceTypeCustom     CalendarActionConferenceType = "custom"
	CalendarActionConferenceTypeGoogleMeet CalendarActionConferenceType = "google_meet"
	CalendarActionConferenceTypeNone       CalendarActionConferenceType = "none"
	CalendarActionConferenceTypeTeams      CalendarActionConferenceType = "teams"
	CalendarActionConferenceTypeZoom       CalendarActionConferenceType = "zoom"
)

Defines values for CalendarActionConferenceType.

func (CalendarActionConferenceType) Valid 

func (e CalendarActionConferenceType) Valid() bool

Valid indicates whether the value is a known member of the CalendarActionConferenceType enum.

type CalendarActionProvider 

type CalendarActionProvider string

CalendarActionProvider defines model for CalendarAction.Provider. 

const (
	CalendarActionProviderCustom         CalendarActionProvider = "custom"
	CalendarActionProviderGoogleCalendar CalendarActionProvider = "google_calendar"
	CalendarActionProviderOutlook        CalendarActionProvider = "outlook"
)

Defines values for CalendarActionProvider.

func (CalendarActionProvider) Valid 

func (e CalendarActionProvider) Valid() bool

Valid indicates whether the value is a known member of the CalendarActionProvider enum.

type CalendarActionVisibility 

type CalendarActionVisibility string

CalendarActionVisibility defines model for CalendarAction.Visibility. 

const (
	Default CalendarActionVisibility = "default"
	Private CalendarActionVisibility = "private"
	Public  CalendarActionVisibility = "public"
)

Defines values for CalendarActionVisibility.

func (CalendarActionVisibility) Valid 

func (e CalendarActionVisibility) Valid() bool

Valid indicates whether the value is a known member of the CalendarActionVisibility enum.

type CalendarAttendee 

type CalendarAttendee struct {
	Email    openapi_types.Email `json:"email"`
	Name     *string             `json:"name,omitempty"`
	Optional *bool               `json:"optional,omitempty"`
}

CalendarAttendee defines model for CalendarAttendee.

type ChatCompletionChoice 

type ChatCompletionChoice struct {
	FinishReason         string                 `json:"finish_reason"`
	Index                int                    `json:"index"`
	Message              ChatCompletionMessage  `json:"message"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

ChatCompletionChoice defines model for ChatCompletionChoice.

func (ChatCompletionChoice) Get 

func (a ChatCompletionChoice) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionChoice. Returns the specified element and whether it was found

func (ChatCompletionChoice) MarshalJSON 

func (a ChatCompletionChoice) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionChoice to handle AdditionalProperties

func (*ChatCompletionChoice) Set 

func (a *ChatCompletionChoice) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionChoice

func (*ChatCompletionChoice) UnmarshalJSON 

func (a *ChatCompletionChoice) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionChoice to handle AdditionalProperties

type ChatCompletionFunctionDef 

type ChatCompletionFunctionDef struct {
	Description *string `json:"description,omitempty"`
	Name        string  `json:"name"`

	// Parameters JSON Schema for the function's parameters.
	Parameters           *map[string]interface{} `json:"parameters,omitempty"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

ChatCompletionFunctionDef defines model for ChatCompletionFunctionDef.

func (ChatCompletionFunctionDef) Get 

func (a ChatCompletionFunctionDef) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionFunctionDef. Returns the specified element and whether it was found

func (ChatCompletionFunctionDef) MarshalJSON 

func (a ChatCompletionFunctionDef) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionFunctionDef to handle AdditionalProperties

func (*ChatCompletionFunctionDef) Set 

func (a *ChatCompletionFunctionDef) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionFunctionDef

func (*ChatCompletionFunctionDef) UnmarshalJSON 

func (a *ChatCompletionFunctionDef) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionFunctionDef to handle AdditionalProperties

type ChatCompletionMessage 

type ChatCompletionMessage struct {
	// Content String or array of content parts; shape follows the upstream
	// provider's contract. Aileron does not require parsing.
	Content interface{}               `json:"content,omitempty"`
	Name    *string                   `json:"name,omitempty"`
	Role    ChatCompletionMessageRole `json:"role"`

	// ToolCallId Required on `tool` role messages.
	ToolCallId           *string                   `json:"tool_call_id,omitempty"`
	ToolCalls            *[]ChatCompletionToolCall `json:"tool_calls,omitempty"`
	AdditionalProperties map[string]interface{}    `json:"-"`
}

ChatCompletionMessage defines model for ChatCompletionMessage.

func (ChatCompletionMessage) Get 

func (a ChatCompletionMessage) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionMessage. Returns the specified element and whether it was found

func (ChatCompletionMessage) MarshalJSON 

func (a ChatCompletionMessage) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionMessage to handle AdditionalProperties

func (*ChatCompletionMessage) Set 

func (a *ChatCompletionMessage) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionMessage

func (*ChatCompletionMessage) UnmarshalJSON 

func (a *ChatCompletionMessage) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionMessage to handle AdditionalProperties

type ChatCompletionMessageRole 

type ChatCompletionMessageRole string

ChatCompletionMessageRole defines model for ChatCompletionMessage.Role. 

const (
	ChatCompletionMessageRoleAssistant ChatCompletionMessageRole = "assistant"
	ChatCompletionMessageRoleDeveloper ChatCompletionMessageRole = "developer"
	ChatCompletionMessageRoleSystem    ChatCompletionMessageRole = "system"
	ChatCompletionMessageRoleTool      ChatCompletionMessageRole = "tool"
	ChatCompletionMessageRoleUser      ChatCompletionMessageRole = "user"
)

Defines values for ChatCompletionMessageRole.

func (ChatCompletionMessageRole) Valid 

func (e ChatCompletionMessageRole) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionMessageRole enum.

type ChatCompletionRequest 

type ChatCompletionRequest struct {
	Messages []ChatCompletionMessage `json:"messages"`

	// Model Model identifier passed to the upstream provider.
	Model string `json:"model"`

	// Stream When true, the response is `text/event-stream`. Aileron
	// buffers tool-call deltas for augmented actions until the call
	// is structurally complete.
	Stream *bool `json:"stream,omitempty"`

	// ToolChoice Passed through to the upstream provider unchanged.
	ToolChoice interface{} `json:"tool_choice,omitempty"`

	// Tools Agent-declared tools. Aileron preserves these unchanged and
	// appends installed actions to the array before forwarding
	// upstream.
	Tools                *[]ChatCompletionTool  `json:"tools,omitempty"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

ChatCompletionRequest defines model for ChatCompletionRequest.

func (ChatCompletionRequest) Get 

func (a ChatCompletionRequest) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionRequest. Returns the specified element and whether it was found

func (ChatCompletionRequest) MarshalJSON 

func (a ChatCompletionRequest) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionRequest to handle AdditionalProperties

func (*ChatCompletionRequest) Set 

func (a *ChatCompletionRequest) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionRequest

func (*ChatCompletionRequest) UnmarshalJSON 

func (a *ChatCompletionRequest) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionRequest to handle AdditionalProperties

type ChatCompletionResponse 

type ChatCompletionResponse struct {
	Choices              []ChatCompletionChoice  `json:"choices"`
	Created              *int                    `json:"created,omitempty"`
	Id                   string                  `json:"id"`
	Model                string                  `json:"model"`
	Object               string                  `json:"object"`
	Usage                *map[string]interface{} `json:"usage,omitempty"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

ChatCompletionResponse defines model for ChatCompletionResponse.

func (ChatCompletionResponse) Get 

func (a ChatCompletionResponse) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionResponse. Returns the specified element and whether it was found

func (ChatCompletionResponse) MarshalJSON 

func (a ChatCompletionResponse) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionResponse to handle AdditionalProperties

func (*ChatCompletionResponse) Set 

func (a *ChatCompletionResponse) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionResponse

func (*ChatCompletionResponse) UnmarshalJSON 

func (a *ChatCompletionResponse) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionResponse to handle AdditionalProperties

type ChatCompletionTool 

type ChatCompletionTool struct {
	Function             *ChatCompletionFunctionDef `json:"function,omitempty"`
	Type                 ChatCompletionToolType     `json:"type"`
	AdditionalProperties map[string]interface{}     `json:"-"`
}

ChatCompletionTool defines model for ChatCompletionTool.

func (ChatCompletionTool) Get 

func (a ChatCompletionTool) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionTool. Returns the specified element and whether it was found

func (ChatCompletionTool) MarshalJSON 

func (a ChatCompletionTool) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionTool to handle AdditionalProperties

func (*ChatCompletionTool) Set 

func (a *ChatCompletionTool) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionTool

func (*ChatCompletionTool) UnmarshalJSON 

func (a *ChatCompletionTool) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionTool to handle AdditionalProperties

type ChatCompletionToolCall 

type ChatCompletionToolCall struct {
	Function struct {
		// Arguments JSON-encoded argument object.
		Arguments string `json:"arguments"`
		Name      string `json:"name"`
	} `json:"function"`
	Id                   string                     `json:"id"`
	Type                 ChatCompletionToolCallType `json:"type"`
	AdditionalProperties map[string]interface{}     `json:"-"`
}

ChatCompletionToolCall defines model for ChatCompletionToolCall.

func (ChatCompletionToolCall) Get 

func (a ChatCompletionToolCall) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionToolCall. Returns the specified element and whether it was found

func (ChatCompletionToolCall) MarshalJSON 

func (a ChatCompletionToolCall) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionToolCall to handle AdditionalProperties

func (*ChatCompletionToolCall) Set 

func (a *ChatCompletionToolCall) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionToolCall

func (*ChatCompletionToolCall) UnmarshalJSON 

func (a *ChatCompletionToolCall) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionToolCall to handle AdditionalProperties

type ChatCompletionToolCallType 

type ChatCompletionToolCallType string

ChatCompletionToolCallType defines model for ChatCompletionToolCall.Type. 

const (
	ChatCompletionToolCallTypeFunction ChatCompletionToolCallType = "function"
)

Defines values for ChatCompletionToolCallType.

func (ChatCompletionToolCallType) Valid 

func (e ChatCompletionToolCallType) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionToolCallType enum.

type ChatCompletionToolType 

type ChatCompletionToolType string

ChatCompletionToolType defines model for ChatCompletionTool.Type. 

const (
	ChatCompletionToolTypeFunction ChatCompletionToolType = "function"
)

Defines values for ChatCompletionToolType.

func (ChatCompletionToolType) Valid 

func (e ChatCompletionToolType) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionToolType enum.

type CheckConnectorsParams 

type CheckConnectorsParams struct {
	// IncludePrerelease Include pre-release versions when computing the latest version.
	IncludePrerelease *bool `form:"include_prerelease,omitempty" json:"include_prerelease,omitempty"`
}

CheckConnectorsParams defines parameters for CheckConnectors.

type CloudAction 

type CloudAction struct {
	AccountId     *string              `json:"account_id,omitempty"`
	EstimatedCost *Money               `json:"estimated_cost,omitempty"`
	Operation     *string              `json:"operation,omitempty"`
	Provider      *CloudActionProvider `json:"provider,omitempty"`
	Region        *string              `json:"region,omitempty"`
	ResourceId    *string              `json:"resource_id,omitempty"`
	ResourceType  *string              `json:"resource_type,omitempty"`
	Tags          *map[string]string   `json:"tags,omitempty"`
}

CloudAction defines model for CloudAction.

type CloudActionProvider 

type CloudActionProvider string

CloudActionProvider defines model for CloudAction.Provider. 

const (
	CloudActionProviderAws        CloudActionProvider = "aws"
	CloudActionProviderAzure      CloudActionProvider = "azure"
	CloudActionProviderCloudflare CloudActionProvider = "cloudflare"
	CloudActionProviderCustom     CloudActionProvider = "custom"
	CloudActionProviderGcp        CloudActionProvider = "gcp"
)

Defines values for CloudActionProvider.

func (CloudActionProvider) Valid 

func (e CloudActionProvider) Valid() bool

Valid indicates whether the value is a known member of the CloudActionProvider enum.

type CommsMessage 

type CommsMessage struct {
	// Author Sender's display name.
	Author string `json:"author"`

	// Body Full message text.
	Body string `json:"body"`

	// Channel Channel name or ID the message arrived on.
	Channel string `json:"channel"`

	// DraftRequest True when the message arrived on a channel configured for
	// auto-draft and no reply has been drafted yet — the agent
	// should call `draft_reply` with this message's id.
	DraftRequest *bool `json:"draft_request,omitempty"`

	// Id Stable per-message identifier (set by the inbound listener).
	Id string `json:"id"`

	// Service Source service ("slack", "discord", ...).
	Service string `json:"service"`

	// Timestamp When the listener received the message (RFC3339).
	Timestamp time.Time `json:"timestamp"`
}

CommsMessage A single message read from the daemon's notify queue. Mirrors the wire shape `aileron-mcp`'s `read_messages` tool surfaces to the agent so the agent can decide whether to draft a reply.

type ConfirmedFingerprint 

type ConfirmedFingerprint struct {
	// Fingerprint Publisher-key fingerprint the operator confirmed
	// (`sha256:<22 base64-no-padding chars>`).
	Fingerprint string `json:"fingerprint"`

	// Fqn Connector authority FQN (e.g. `github://alice/conn-x`).
	Fqn string `json:"fqn"`
}

ConfirmedFingerprint One entry in `InstallActionRequest.confirmed_fingerprints`. The `fqn` is the connector-authority FQN (e.g. `github://alice/conn-google`) rather than the action FQN — trust in the keyring is keyed by authority, and one authority covers every action/connector that ships from the same publisher repo.

type Conflict 

type Conflict = Error

Conflict Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type ConnectAccountCallbackParams 

type ConnectAccountCallbackParams struct {
	Code  string  `form:"code" json:"code"`
	State *string `form:"state,omitempty" json:"state,omitempty"`
}

ConnectAccountCallbackParams defines parameters for ConnectAccountCallback.

type ConnectAccountParams 

type ConnectAccountParams struct {
	// ReturnTo URL to redirect to after the account is connected. Must be a same-site absolute URL or a relative path. Defaults to /settings/connected-accounts.
	ReturnTo *string `form:"return_to,omitempty" json:"return_to,omitempty"`
}

ConnectAccountParams defines parameters for ConnectAccount.

type ConnectedAccount 

type ConnectedAccount struct {
	CreatedAt *time.Time `json:"created_at,omitempty"`

	// ExternalUserId Provider-specific user identifier (e.g. email for Gmail, username for GitHub, user ID for Slack)
	ExternalUserId *string                   `json:"external_user_id,omitempty"`
	Id             *string                   `json:"id,omitempty"`
	Provider       *ConnectedAccountProvider `json:"provider,omitempty"`

	// Scopes OAuth scopes granted to Aileron
	Scopes    *[]string               `json:"scopes,omitempty"`
	Status    *ConnectedAccountStatus `json:"status,omitempty"`
	UpdatedAt *time.Time              `json:"updated_at,omitempty"`
	UserId    *string                 `json:"user_id,omitempty"`
}

ConnectedAccount defines model for ConnectedAccount.

type ConnectedAccountProvider 

type ConnectedAccountProvider string

ConnectedAccountProvider defines model for ConnectedAccount.Provider. 

const (
	Gmail             ConnectedAccountProvider = "gmail"
	GoogleCalendar    ConnectedAccountProvider = "google_calendar"
	MicrosoftCalendar ConnectedAccountProvider = "microsoft_calendar"
	Outlook           ConnectedAccountProvider = "outlook"
)

Defines values for ConnectedAccountProvider.

func (ConnectedAccountProvider) Valid 

func (e ConnectedAccountProvider) Valid() bool

Valid indicates whether the value is a known member of the ConnectedAccountProvider enum.

type ConnectedAccountStatus 

type ConnectedAccountStatus string

ConnectedAccountStatus defines model for ConnectedAccount.Status. 

const (
	ConnectedAccountStatusActive  ConnectedAccountStatus = "active"
	ConnectedAccountStatusExpired ConnectedAccountStatus = "expired"
	ConnectedAccountStatusRevoked ConnectedAccountStatus = "revoked"
)

Defines values for ConnectedAccountStatus.

func (ConnectedAccountStatus) Valid 

func (e ConnectedAccountStatus) Valid() bool

Valid indicates whether the value is a known member of the ConnectedAccountStatus enum.

type Connector 

type Connector struct {
	Auth        *ConnectorAuth          `json:"auth,omitempty"`
	ConnectorId string                  `json:"connector_id"`
	Environment *string                 `json:"environment,omitempty"`
	Metadata    *map[string]interface{} `json:"metadata,omitempty"`
	Name        string                  `json:"name"`
	PolicyIds   *[]string               `json:"policy_ids,omitempty"`
	Provider    *string                 `json:"provider,omitempty"`
	Status      ConnectorStatus         `json:"status"`
	Type        ConnectorType           `json:"type"`
	WorkspaceId string                  `json:"workspace_id"`
}

Connector defines model for Connector.

type ConnectorAuth 

type ConnectorAuth struct {
	Method      ConnectorAuthMethod `json:"method"`
	ReferenceId *string             `json:"reference_id,omitempty"`
	Scopes      *[]string           `json:"scopes,omitempty"`
}

ConnectorAuth defines model for ConnectorAuth.

type ConnectorAuthMethod 

type ConnectorAuthMethod string

ConnectorAuthMethod defines model for ConnectorAuth.Method. 

const (
	ConnectorAuthMethodApiKeyRef         ConnectorAuthMethod = "api_key_ref"
	ConnectorAuthMethodCustom            ConnectorAuthMethod = "custom"
	ConnectorAuthMethodOauth2            ConnectorAuthMethod = "oauth2"
	ConnectorAuthMethodServiceAccountRef ConnectorAuthMethod = "service_account_ref"
	ConnectorAuthMethodWebhookSecretRef  ConnectorAuthMethod = "webhook_secret_ref"
)

Defines values for ConnectorAuthMethod.

func (ConnectorAuthMethod) Valid 

func (e ConnectorAuthMethod) Valid() bool

Valid indicates whether the value is a known member of the ConnectorAuthMethod enum.

type ConnectorCheckResult 

type ConnectorCheckResult struct {
	// AvailableVersions Versions strictly newer than `current_version`, sorted descending.
	// Omitted when `error` is present. Excludes pre-releases unless
	// the request set `include_prerelease=true`.
	AvailableVersions *[]string `json:"available_versions,omitempty"`

	// CurrentVersion Currently installed SemVer.
	CurrentVersion string `json:"current_version"`

	// Error Per-connector check error (network failure, source removed,
	// unknown scheme, scheme not yet implemented). When present,
	// `latest_version` and `available_versions` may be omitted —
	// the check failed for this connector but did not abort the
	// sweep.
	Error *string `json:"error,omitempty"`

	// Fqn Canonical FQN of the installed connector (per ADR-0002).
	Fqn string `json:"fqn"`

	// LatestVersion Latest available version after applying the prerelease filter.
	// Omitted when `error` is present or when no released versions
	// were found at the source.
	LatestVersion *string `json:"latest_version,omitempty"`

	// UpdateAvailable True when `latest_version` is strictly newer than `current_version`
	// under SemVer 2.0 ordering. False when this connector is up to date,
	// and false when `error` is present (we couldn't tell).
	UpdateAvailable bool `json:"update_available"`
}

ConnectorCheckResult defines model for ConnectorCheckResult.

type ConnectorId 

type ConnectorId = string

ConnectorId defines model for ConnectorId.

type ConnectorInstallFailure 

type ConnectorInstallFailure struct {
	// Error Human-readable error from the install pipeline.
	Error   string `json:"error"`
	Fqn     string `json:"fqn"`
	Version string `json:"version"`
}

ConnectorInstallFailure defines model for ConnectorInstallFailure.

type ConnectorListResponse 

type ConnectorListResponse struct {
	Items      *[]Connector `json:"items,omitempty"`
	Pagination *Pagination  `json:"pagination,omitempty"`
}

ConnectorListResponse defines model for ConnectorListResponse.

type ConnectorPreview 

type ConnectorPreview struct {
	// AlreadyInstalled True when an entry with this hash is already in the
	// cstore. The CLI uses this to skip the consent prompt and
	// short-circuit to a "already installed" message — operators
	// running install twice in a row should not see the prompt
	// twice.
	AlreadyInstalled bool `json:"already_installed"`

	// Capabilities Flattened view of the connector manifest's `[capabilities.*]`
	// blocks. Optional sub-tables that are absent in the manifest
	// are absent here too — the CLI renders only what the connector
	// actually declares.
	Capabilities PreviewCapabilities `json:"capabilities"`

	// Description Human-readable description from the connector manifest.
	// May be empty.
	Description *string `json:"description,omitempty"`

	// Fqn Canonical FQN of the previewed connector.
	Fqn string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the fetched tarball's
	// (binary || manifest) bytes. Same value the install
	// endpoint will produce.
	Hash string `json:"hash"`

	// Publisher FQN authority — the entity that signed the connector. For
	// `github://owner/repo` this is `owner`. The CLI surfaces
	// this so the operator knows whose key trust is being
	// consumed for this install.
	Publisher string `json:"publisher"`

	// SignatureStatus Always `verified` when this preview is returned: a
	// signature failure short-circuits earlier in the pipeline
	// and surfaces as a 422 error per ADR-0007. The field
	// exists on the wire so future verification states (e.g.
	// `experimental_unsigned` for a trusted-but-unsigned dev
	// mode) can be added without breaking the response shape.
	SignatureStatus ConnectorPreviewSignatureStatus `json:"signature_status"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ConnectorPreview defines model for ConnectorPreview.

type ConnectorPreviewSignatureStatus 

type ConnectorPreviewSignatureStatus string

ConnectorPreviewSignatureStatus Always `verified` when this preview is returned: a signature failure short-circuits earlier in the pipeline and surfaces as a 422 error per ADR-0007. The field exists on the wire so future verification states (e.g. `experimental_unsigned` for a trusted-but-unsigned dev mode) can be added without breaking the response shape. 

const (
	ConnectorPreviewSignatureStatusVerified ConnectorPreviewSignatureStatus = "verified"
)

Defines values for ConnectorPreviewSignatureStatus.

func (ConnectorPreviewSignatureStatus) Valid 

func (e ConnectorPreviewSignatureStatus) Valid() bool

Valid indicates whether the value is a known member of the ConnectorPreviewSignatureStatus enum.

type ConnectorRef 

type ConnectorRef struct {
	// Fqn Fully-qualified URI per ADR-0002.
	Fqn string `json:"fqn"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ConnectorRef defines model for ConnectorRef.

type ConnectorStatus 

type ConnectorStatus string

ConnectorStatus defines model for Connector.Status. 

const (
	ConnectorStatusActive   ConnectorStatus = "active"
	ConnectorStatusDisabled ConnectorStatus = "disabled"
	ConnectorStatusError    ConnectorStatus = "error"
)

Defines values for ConnectorStatus.

func (ConnectorStatus) Valid 

func (e ConnectorStatus) Valid() bool

Valid indicates whether the value is a known member of the ConnectorStatus enum.

type ConnectorType 

type ConnectorType string

ConnectorType defines model for ConnectorType. 

const (
	ConnectorTypeCalendar      ConnectorType = "calendar"
	ConnectorTypeCloud         ConnectorType = "cloud"
	ConnectorTypeCrm           ConnectorType = "crm"
	ConnectorTypeCustom        ConnectorType = "custom"
	ConnectorTypeDeployment    ConnectorType = "deployment"
	ConnectorTypeEmail         ConnectorType = "email"
	ConnectorTypeErp           ConnectorType = "erp"
	ConnectorTypeInternalApi   ConnectorType = "internal_api"
	ConnectorTypePayments      ConnectorType = "payments"
	ConnectorTypeSecretManager ConnectorType = "secret_manager"
	ConnectorTypeSourceControl ConnectorType = "source_control"
	ConnectorTypeTicketing     ConnectorType = "ticketing"
)

Defines values for ConnectorType.

func (ConnectorType) Valid 

func (e ConnectorType) Valid() bool

Valid indicates whether the value is a known member of the ConnectorType enum.

type ConnectorsCheckResponse 

type ConnectorsCheckResponse struct {
	// Results One entry per installed (FQN, version) pair. Order matches
	// the cstore index's deterministic sort (ascending canonical
	// key); operators rendering this should not assume a
	// different order.
	Results []ConnectorCheckResult `json:"results"`
}

ConnectorsCheckResponse defines model for ConnectorsCheckResponse.

type CreateConnectorJSONRequestBody 

type CreateConnectorJSONRequestBody = CreateConnectorRequest

CreateConnectorJSONRequestBody defines body for CreateConnector for application/json ContentType.

type CreateConnectorRequest 

type CreateConnectorRequest struct {
	Auth        ConnectorAuth           `json:"auth"`
	Environment *string                 `json:"environment,omitempty"`
	Metadata    *map[string]interface{} `json:"metadata,omitempty"`
	Name        string                  `json:"name"`
	Provider    *string                 `json:"provider,omitempty"`
	Type        ConnectorType           `json:"type"`
	WorkspaceId string                  `json:"workspace_id"`
}

CreateConnectorRequest defines model for CreateConnectorRequest.

type CreateCredentialJSONRequestBody 

type CreateCredentialJSONRequestBody = CreateCredentialRequest

CreateCredentialJSONRequestBody defines body for CreateCredential for application/json ContentType.

type CreateCredentialRequest 

type CreateCredentialRequest struct {
	Environment *string                     `json:"environment,omitempty"`
	Metadata    *map[string]interface{}     `json:"metadata,omitempty"`
	Name        string                      `json:"name"`
	Type        CreateCredentialRequestType `json:"type"`
	VaultPath   string                      `json:"vault_path"`
	WorkspaceId string                      `json:"workspace_id"`
}

CreateCredentialRequest defines model for CreateCredentialRequest.

type CreateCredentialRequestType 

type CreateCredentialRequestType string

CreateCredentialRequestType defines model for CreateCredentialRequest.Type. 

const (
	CreateCredentialRequestTypeApiKey            CreateCredentialRequestType = "api_key"
	CreateCredentialRequestTypeCustom            CreateCredentialRequestType = "custom"
	CreateCredentialRequestTypeOauthRefreshToken CreateCredentialRequestType = "oauth_refresh_token"
	CreateCredentialRequestTypeServiceAccount    CreateCredentialRequestType = "service_account"
	CreateCredentialRequestTypeWebhookSecret     CreateCredentialRequestType = "webhook_secret"
)

Defines values for CreateCredentialRequestType.

func (CreateCredentialRequestType) Valid 

func (e CreateCredentialRequestType) Valid() bool

Valid indicates whether the value is a known member of the CreateCredentialRequestType enum.

type CreateFundingSourceJSONRequestBody 

type CreateFundingSourceJSONRequestBody = CreateFundingSourceRequest

CreateFundingSourceJSONRequestBody defines body for CreateFundingSource for application/json ContentType.

type CreateFundingSourceRequest 

type CreateFundingSourceRequest struct {
	Currency         *string                        `json:"currency,omitempty"`
	Metadata         *map[string]interface{}        `json:"metadata,omitempty"`
	Name             string                         `json:"name"`
	SpendingControls *map[string]interface{}        `json:"spending_controls,omitempty"`
	Type             CreateFundingSourceRequestType `json:"type"`
	WorkspaceId      string                         `json:"workspace_id"`
}

CreateFundingSourceRequest defines model for CreateFundingSourceRequest.

type CreateFundingSourceRequestType 

type CreateFundingSourceRequestType string

CreateFundingSourceRequestType defines model for CreateFundingSourceRequest.Type. 

const (
	CreateFundingSourceRequestTypeBtcWalletRef       CreateFundingSourceRequestType = "btc_wallet_ref"
	CreateFundingSourceRequestTypeBudget             CreateFundingSourceRequestType = "budget"
	CreateFundingSourceRequestTypeFiatAccountRef     CreateFundingSourceRequestType = "fiat_account_ref"
	CreateFundingSourceRequestTypeLightningWalletRef CreateFundingSourceRequestType = "lightning_wallet_ref"
	CreateFundingSourceRequestTypeStoredBalance      CreateFundingSourceRequestType = "stored_balance"
	CreateFundingSourceRequestTypeVirtualCardPool    CreateFundingSourceRequestType = "virtual_card_pool"
)

Defines values for CreateFundingSourceRequestType.

func (CreateFundingSourceRequestType) Valid 

func (e CreateFundingSourceRequestType) Valid() bool

Valid indicates whether the value is a known member of the CreateFundingSourceRequestType enum.

type CreateIntentJSONRequestBody 

type CreateIntentJSONRequestBody = CreateIntentRequest

CreateIntentJSONRequestBody defines body for CreateIntent for application/json ContentType.

type CreateIntentRequest 

type CreateIntentRequest struct {
	Action  ActionIntent `json:"action"`
	AgentId string       `json:"agent_id"`

	// CallbackUrl Optional webhook URL. The control plane will POST status updates
	// to this URL as the intent progresses through the lifecycle
	// (policy evaluated, approval requested, approved/denied, execution
	// started, execution completed). This avoids the need for agents
	// to poll the GET /v1/intents/{id} endpoint.
	CallbackUrl    *string        `json:"callback_url,omitempty"`
	Context        *IntentContext `json:"context,omitempty"`
	IdempotencyKey string         `json:"idempotency_key"`
	WorkspaceId    string         `json:"workspace_id"`
}

CreateIntentRequest defines model for CreateIntentRequest.

type CreatePolicyJSONRequestBody 

type CreatePolicyJSONRequestBody = CreatePolicyRequest

CreatePolicyJSONRequestBody defines body for CreatePolicy for application/json ContentType.

type CreatePolicyRequest 

type CreatePolicyRequest struct {
	Description *string       `json:"description,omitempty"`
	Environment *string       `json:"environment,omitempty"`
	Name        string        `json:"name"`
	Rules       []PolicyRule  `json:"rules"`
	Status      *PolicyStatus `json:"status,omitempty"`
	WorkspaceId string        `json:"workspace_id"`
}

CreatePolicyRequest defines model for CreatePolicyRequest.

type CreateSessionJSONRequestBody 

type CreateSessionJSONRequestBody = CreateSessionRequest

CreateSessionJSONRequestBody defines body for CreateSession for application/json ContentType.

type CreateSessionRequest 

type CreateSessionRequest struct {
	Agent      string  `json:"agent"`
	WorkingDir *string `json:"working_dir,omitempty"`
}

CreateSessionRequest defines model for CreateSessionRequest.

type CredentialListResponse 

type CredentialListResponse struct {
	Items      *[]CredentialReference `json:"items,omitempty"`
	Pagination *Pagination            `json:"pagination,omitempty"`
}

CredentialListResponse defines model for CredentialListResponse.

type CredentialReference 

type CredentialReference struct {
	CredentialId string                  `json:"credential_id"`
	Environment  *string                 `json:"environment,omitempty"`
	Metadata     *map[string]interface{} `json:"metadata,omitempty"`
	Name         string                  `json:"name"`
	Type         CredentialReferenceType `json:"type"`
	VaultPath    string                  `json:"vault_path"`
	WorkspaceId  string                  `json:"workspace_id"`
}

CredentialReference defines model for CredentialReference.

type CredentialReferenceType 

type CredentialReferenceType string

CredentialReferenceType defines model for CredentialReference.Type. 

const (
	CredentialReferenceTypeApiKey            CredentialReferenceType = "api_key"
	CredentialReferenceTypeCustom            CredentialReferenceType = "custom"
	CredentialReferenceTypeOauthRefreshToken CredentialReferenceType = "oauth_refresh_token"
	CredentialReferenceTypeServiceAccount    CredentialReferenceType = "service_account"
	CredentialReferenceTypeWebhookSecret     CredentialReferenceType = "webhook_secret"
)

Defines values for CredentialReferenceType.

func (CredentialReferenceType) Valid 

func (e CredentialReferenceType) Valid() bool

Valid indicates whether the value is a known member of the CredentialReferenceType enum.

type DecideActionApprovalJSONRequestBody 

type DecideActionApprovalJSONRequestBody = ActionApprovalDecision

DecideActionApprovalJSONRequestBody defines body for DecideActionApproval for application/json ContentType.

type Decision 

type Decision struct {
	ApprovalId       *string             `json:"approval_id,omitempty"`
	DenialReason     *string             `json:"denial_reason,omitempty"`
	Disposition      DecisionDisposition `json:"disposition"`
	ExecutionGrantId *string             `json:"execution_grant_id,omitempty"`
	MatchedPolicies  *[]PolicyMatch      `json:"matched_policies,omitempty"`
	RequiresApproval *bool               `json:"requires_approval,omitempty"`
	RiskLevel        RiskLevel           `json:"risk_level"`
}

Decision defines model for Decision.

type DecisionDisposition 

type DecisionDisposition string

DecisionDisposition defines model for DecisionDisposition. 

const (
	DecisionDispositionAllow               DecisionDisposition = "allow"
	DecisionDispositionAllowModified       DecisionDisposition = "allow_modified"
	DecisionDispositionDeny                DecisionDisposition = "deny"
	DecisionDispositionRequireApproval     DecisionDisposition = "require_approval"
	DecisionDispositionRequireMoreEvidence DecisionDisposition = "require_more_evidence"
)

Defines values for DecisionDisposition.

func (DecisionDisposition) Valid 

func (e DecisionDisposition) Valid() bool

Valid indicates whether the value is a known member of the DecisionDisposition enum.

type DenyRequest 

type DenyRequest struct {
	Comment *string `json:"comment,omitempty"`
	Reason  string  `json:"reason"`
}

DenyRequest defines model for DenyRequest.

type DenyRequestJSONRequestBody 

type DenyRequestJSONRequestBody = DenyRequest

DenyRequestJSONRequestBody defines body for DenyRequest for application/json ContentType.

type DeployAction 

type DeployAction struct {
	ArtifactRef         *string               `json:"artifact_ref,omitempty"`
	ChangeTicketId      *string               `json:"change_ticket_id,omitempty"`
	Cluster             *string               `json:"cluster,omitempty"`
	Environment         *string               `json:"environment,omitempty"`
	ImageRef            *string               `json:"image_ref,omitempty"`
	MaintenanceWindowId *string               `json:"maintenance_window_id,omitempty"`
	Namespace           *string               `json:"namespace,omitempty"`
	Provider            *DeployActionProvider `json:"provider,omitempty"`
	RollbackSupported   *bool                 `json:"rollback_supported,omitempty"`
	Service             *string               `json:"service,omitempty"`
	Strategy            *DeployActionStrategy `json:"strategy,omitempty"`
}

DeployAction defines model for DeployAction.

type DeployActionProvider 

type DeployActionProvider string

DeployActionProvider defines model for DeployAction.Provider. 

const (
	DeployActionProviderAws        DeployActionProvider = "aws"
	DeployActionProviderAzure      DeployActionProvider = "azure"
	DeployActionProviderCustom     DeployActionProvider = "custom"
	DeployActionProviderFlyio      DeployActionProvider = "flyio"
	DeployActionProviderGcp        DeployActionProvider = "gcp"
	DeployActionProviderKubernetes DeployActionProvider = "kubernetes"
	DeployActionProviderNetlify    DeployActionProvider = "netlify"
	DeployActionProviderVercel     DeployActionProvider = "vercel"
)

Defines values for DeployActionProvider.

func (DeployActionProvider) Valid 

func (e DeployActionProvider) Valid() bool

Valid indicates whether the value is a known member of the DeployActionProvider enum.

type DeployActionStrategy 

type DeployActionStrategy string

DeployActionStrategy defines model for DeployAction.Strategy. 

const (
	DeployActionStrategyBlueGreen DeployActionStrategy = "blue_green"
	DeployActionStrategyCanary    DeployActionStrategy = "canary"
	DeployActionStrategyCustom    DeployActionStrategy = "custom"
	DeployActionStrategyReplace   DeployActionStrategy = "replace"
	DeployActionStrategyRolling   DeployActionStrategy = "rolling"
)

Defines values for DeployActionStrategy.

func (DeployActionStrategy) Valid 

func (e DeployActionStrategy) Valid() bool

Valid indicates whether the value is a known member of the DeployActionStrategy enum.

type DomainAction 

type DomainAction struct {
	Calendar    *CalendarAction    `json:"calendar,omitempty"`
	Cloud       *CloudAction       `json:"cloud,omitempty"`
	Deploy      *DeployAction      `json:"deploy,omitempty"`
	Email       *EmailAction       `json:"email,omitempty"`
	Git         *GitAction         `json:"git,omitempty"`
	Payment     *PaymentAction     `json:"payment,omitempty"`
	Procurement *ProcurementAction `json:"procurement,omitempty"`
}

DomainAction Carries action-type-specific fields. Exactly one field must be populated, corresponding to the prefix of ActionIntent.type:

  • git.* → git
  • deploy.* → deploy
  • cloud.* → cloud
  • email.* → email
  • calendar.* → calendar
  • payment.* → payment
  • procurement.* → procurement

The server rejects requests where the populated domain field does not match the action type prefix.

type DraftCommsReplyJSONRequestBody 

type DraftCommsReplyJSONRequestBody = DraftCommsReplyRequest

DraftCommsReplyJSONRequestBody defines body for DraftCommsReply for application/json ContentType.

type DraftCommsReplyRequest 

type DraftCommsReplyRequest struct {
	// Body Suggested reply text the agent drafted.
	Body string `json:"body"`

	// ReplyTo ID of the original incoming message (from `read_messages`).
	ReplyTo string `json:"reply_to"`
}

DraftCommsReplyRequest Request body for `POST /v1/sessions/{id}/comms/draft`. The daemon looks up the original message in the notify queue by `reply_to` and surfaces it alongside the draft body for the user to approve / edit / discard.

type EmailAction 

type EmailAction struct {
	Attachments *[]AttachmentRef     `json:"attachments,omitempty"`
	Bcc         *[]Recipient         `json:"bcc,omitempty"`
	BodyHtml    *string              `json:"body_html,omitempty"`
	BodyText    *string              `json:"body_text,omitempty"`
	Cc          *[]Recipient         `json:"cc,omitempty"`
	From        *Recipient           `json:"from,omitempty"`
	SendMode    *EmailActionSendMode `json:"send_mode,omitempty"`
	Subject     *string              `json:"subject,omitempty"`
	ThreadRef   *string              `json:"thread_ref,omitempty"`
	To          *[]Recipient         `json:"to,omitempty"`
}

EmailAction defines model for EmailAction.

type EmailActionSendMode 

type EmailActionSendMode string

EmailActionSendMode defines model for EmailAction.SendMode. 

const (
	DraftOnly EmailActionSendMode = "draft_only"
	SendNow   EmailActionSendMode = "send_now"
)

Defines values for EmailActionSendMode.

func (EmailActionSendMode) Valid 

func (e EmailActionSendMode) Valid() bool

Valid indicates whether the value is a known member of the EmailActionSendMode enum.

type EndSessionJSONRequestBody 

type EndSessionJSONRequestBody = EndSessionRequest

EndSessionJSONRequestBody defines body for EndSession for application/json ContentType.

type EndSessionRequest 

type EndSessionRequest struct {
	// ExitCode Agent process exit code. Omit or send null to mark the
	// session as ended-with-unknown-status (same shape the
	// orphan-reaper produces on daemon restart).
	ExitCode *int `json:"exit_code,omitempty"`
}

EndSessionRequest defines model for EndSessionRequest.

type Enterprise 

type Enterprise struct {
	// AllowedAuthProviders Restrict sign-in to these providers. Empty means all allowed.
	AllowedAuthProviders *[]string `json:"allowed_auth_providers,omitempty"`

	// AllowedEmailDomains Restrict sign-in to these email domains. Empty means all allowed.
	AllowedEmailDomains *[]string           `json:"allowed_email_domains,omitempty"`
	BillingEmail        openapi_types.Email `json:"billing_email"`
	CreatedAt           time.Time           `json:"created_at"`
	Id                  string              `json:"id"`
	Name                string              `json:"name"`

	// Personal True for single-user personal accounts (e.g. Gmail sign-in)
	Personal *bool          `json:"personal,omitempty"`
	Plan     EnterprisePlan `json:"plan"`

	// Slug URL-friendly unique identifier
	Slug        string    `json:"slug"`
	SsoRequired *bool     `json:"sso_required,omitempty"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Enterprise defines model for Enterprise.

type EnterprisePlan 

type EnterprisePlan string

EnterprisePlan defines model for Enterprise.Plan. 

const (
	EnterprisePlanEnterprise EnterprisePlan = "enterprise"
	EnterprisePlanFree       EnterprisePlan = "free"
	EnterprisePlanPro        EnterprisePlan = "pro"
)

Defines values for EnterprisePlan.

func (EnterprisePlan) Valid 

func (e EnterprisePlan) Valid() bool

Valid indicates whether the value is a known member of the EnterprisePlan enum.

type Error 

type Error struct {
	Error struct {
		Code      string                    `json:"code"`
		Details   *[]map[string]interface{} `json:"details,omitempty"`
		Message   string                    `json:"message"`
		RequestId *string                   `json:"request_id,omitempty"`
	} `json:"error"`
}

Error Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type EstablishTeeSessionJSONRequestBody 

type EstablishTeeSessionJSONRequestBody = TeeSessionRequest

EstablishTeeSessionJSONRequestBody defines body for EstablishTeeSession for application/json ContentType.

type EvidenceItem 

type EvidenceItem struct {
	Label *string          `json:"label,omitempty"`
	Type  EvidenceItemType `json:"type"`
	Value string           `json:"value"`
}

EvidenceItem defines model for EvidenceItem.

type EvidenceItemType 

type EvidenceItemType string

EvidenceItemType defines model for EvidenceItem.Type. 

const (
	EvidenceItemTypeArtifactRef   EvidenceItemType = "artifact_ref"
	EvidenceItemTypeChangeTicket  EvidenceItemType = "change_ticket"
	EvidenceItemTypeCustom        EvidenceItemType = "custom"
	EvidenceItemTypeDiffSummary   EvidenceItemType = "diff_summary"
	EvidenceItemTypeLink          EvidenceItemType = "link"
	EvidenceItemTypeReceiptRef    EvidenceItemType = "receipt_ref"
	EvidenceItemTypeScreenshotRef EvidenceItemType = "screenshot_ref"
	EvidenceItemTypeTestResult    EvidenceItemType = "test_result"
	EvidenceItemTypeText          EvidenceItemType = "text"
)

Defines values for EvidenceItemType.

func (EvidenceItemType) Valid 

func (e EvidenceItemType) Valid() bool

Valid indicates whether the value is a known member of the EvidenceItemType enum.

type Execution 

type Execution struct {
	ConnectorId *string                 `json:"connector_id,omitempty"`
	ExecutionId string                  `json:"execution_id"`
	FinishedAt  *time.Time              `json:"finished_at,omitempty"`
	IntentId    string                  `json:"intent_id"`
	Output      *map[string]interface{} `json:"output,omitempty"`
	ReceiptRef  *string                 `json:"receipt_ref,omitempty"`
	StartedAt   time.Time               `json:"started_at"`
	Status      ExecutionStatus         `json:"status"`
}

Execution defines model for Execution.

type ExecutionCallbackJSONRequestBody 

type ExecutionCallbackJSONRequestBody = ExecutionCallbackRequest

ExecutionCallbackJSONRequestBody defines body for ExecutionCallback for application/json ContentType.

type ExecutionCallbackRequest 

type ExecutionCallbackRequest struct {
	ErrorMessage *string                        `json:"error_message,omitempty"`
	Output       *map[string]interface{}        `json:"output,omitempty"`
	ReceiptRef   *string                        `json:"receipt_ref,omitempty"`
	Status       ExecutionCallbackRequestStatus `json:"status"`
}

ExecutionCallbackRequest defines model for ExecutionCallbackRequest.

type ExecutionCallbackRequestStatus 

type ExecutionCallbackRequestStatus string

ExecutionCallbackRequestStatus defines model for ExecutionCallbackRequest.Status. 

const (
	ExecutionCallbackRequestStatusCancelled ExecutionCallbackRequestStatus = "cancelled"
	ExecutionCallbackRequestStatusFailed    ExecutionCallbackRequestStatus = "failed"
	ExecutionCallbackRequestStatusRunning   ExecutionCallbackRequestStatus = "running"
	ExecutionCallbackRequestStatusSucceeded ExecutionCallbackRequestStatus = "succeeded"
)

Defines values for ExecutionCallbackRequestStatus.

func (ExecutionCallbackRequestStatus) Valid 

func (e ExecutionCallbackRequestStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionCallbackRequestStatus enum.

type ExecutionGrant 

type ExecutionGrant struct {
	BoundedParameters *map[string]interface{} `json:"bounded_parameters,omitempty"`

	// Capability Durable signed grant capability issued from the approved grant scope.
	Capability  *map[string]interface{} `json:"capability,omitempty"`
	ConnectorId *string                 `json:"connector_id,omitempty"`

	// EscrowPolicy How credentials are managed for this grant.
	// - none: no TEE (credentials decrypted in host process)
	// - session: credentials sent to TEE per-execution (real-time only)
	// - escrowed: credentials escrowed inside TEE for async/scheduled use
	EscrowPolicy *ExecutionGrantEscrowPolicy `json:"escrow_policy,omitempty"`
	ExpiresAt    time.Time                   `json:"expires_at"`
	GrantId      string                      `json:"grant_id"`
	IntentId     string                      `json:"intent_id"`
	Status       ExecutionGrantStatus        `json:"status"`
}

ExecutionGrant defines model for ExecutionGrant.

type ExecutionGrantEscrowPolicy 

type ExecutionGrantEscrowPolicy string

ExecutionGrantEscrowPolicy How credentials are managed for this grant. - none: no TEE (credentials decrypted in host process) - session: credentials sent to TEE per-execution (real-time only) - escrowed: credentials escrowed inside TEE for async/scheduled use 

const (
	ExecutionGrantEscrowPolicyEscrowed ExecutionGrantEscrowPolicy = "escrowed"
	ExecutionGrantEscrowPolicyNone     ExecutionGrantEscrowPolicy = "none"
	ExecutionGrantEscrowPolicySession  ExecutionGrantEscrowPolicy = "session"
)

Defines values for ExecutionGrantEscrowPolicy.

func (ExecutionGrantEscrowPolicy) Valid 

func (e ExecutionGrantEscrowPolicy) Valid() bool

Valid indicates whether the value is a known member of the ExecutionGrantEscrowPolicy enum.

type ExecutionGrantStatus 

type ExecutionGrantStatus string

ExecutionGrantStatus defines model for ExecutionGrant.Status. 

const (
	ExecutionGrantStatusActive   ExecutionGrantStatus = "active"
	ExecutionGrantStatusConsumed ExecutionGrantStatus = "consumed"
	ExecutionGrantStatusExpired  ExecutionGrantStatus = "expired"
	ExecutionGrantStatusRevoked  ExecutionGrantStatus = "revoked"
)

Defines values for ExecutionGrantStatus.

func (ExecutionGrantStatus) Valid 

func (e ExecutionGrantStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionGrantStatus enum.

type ExecutionId 

type ExecutionId = string

ExecutionId defines model for ExecutionId.

type ExecutionRunRequest 

type ExecutionRunRequest struct {
	GrantId            string                  `json:"grant_id"`
	OverrideParameters *map[string]interface{} `json:"override_parameters,omitempty"`
}

ExecutionRunRequest defines model for ExecutionRunRequest.

type ExecutionRunResponse 

type ExecutionRunResponse struct {
	AcceptedAt  *time.Time                 `json:"accepted_at,omitempty"`
	ExecutionId string                     `json:"execution_id"`
	Status      ExecutionRunResponseStatus `json:"status"`
}

ExecutionRunResponse defines model for ExecutionRunResponse.

type ExecutionRunResponseStatus 

type ExecutionRunResponseStatus string

ExecutionRunResponseStatus defines model for ExecutionRunResponse.Status. 

const (
	Accepted ExecutionRunResponseStatus = "accepted"
	Running  ExecutionRunResponseStatus = "running"
)

Defines values for ExecutionRunResponseStatus.

func (ExecutionRunResponseStatus) Valid 

func (e ExecutionRunResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionRunResponseStatus enum.

type ExecutionStatus 

type ExecutionStatus string

ExecutionStatus defines model for Execution.Status. 

const (
	ExecutionStatusAccepted  ExecutionStatus = "accepted"
	ExecutionStatusCancelled ExecutionStatus = "cancelled"
	ExecutionStatusFailed    ExecutionStatus = "failed"
	ExecutionStatusRunning   ExecutionStatus = "running"
	ExecutionStatusSucceeded ExecutionStatus = "succeeded"
)

Defines values for ExecutionStatus.

func (ExecutionStatus) Valid 

func (e ExecutionStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionStatus enum.

type Failure 

type Failure = FailureEnvelope

Failure Structured failure envelope ratified by [ADR-0010]adr10 for errors returned to the calling action and through it to the agent. Used on the gateway endpoints (`/v1/chat/completions`, `/v1/messages`) and on action / connector install responses.

type FailureBoundary 

type FailureBoundary string

FailureBoundary Layer that produced the failure. The closed set excludes `user` which is reserved for post-MVP per-invocation approval flows. 

const (
	FailureBoundaryAction            FailureBoundary = "action"
	FailureBoundaryConnectorManifest FailureBoundary = "connector_manifest"
	FailureBoundaryExternal          FailureBoundary = "external"
	FailureBoundaryRuntime           FailureBoundary = "runtime"
	FailureBoundarySandbox           FailureBoundary = "sandbox"
)

Defines values for FailureBoundary.

func (FailureBoundary) Valid 

func (e FailureBoundary) Valid() bool

Valid indicates whether the value is a known member of the FailureBoundary enum.

type FailureClass 

type FailureClass string

FailureClass Closed taxonomy of failure classes per ADR-0010. Adding a value requires an ADR amendment. 

const (
	BindingFailed         FailureClass = "binding_failed"
	BindingRequired       FailureClass = "binding_required"
	CapabilityDenied      FailureClass = "capability_denied"
	ConnectorRuntimeError FailureClass = "connector_runtime_error"
	ExternalApiError      FailureClass = "external_api_error"
	HashMismatch          FailureClass = "hash_mismatch"
	NetworkError          FailureClass = "network_error"
	ResourceLimitExceeded FailureClass = "resource_limit_exceeded"
	SignatureFailure      FailureClass = "signature_failure"
)

Defines values for FailureClass.

func (FailureClass) Valid 

func (e FailureClass) Valid() bool

Valid indicates whether the value is a known member of the FailureClass enum.

type FailureEnvelope 

type FailureEnvelope struct {
	Error struct {
		// AuditId Reference into the audit log for full context. Stamped
		// by the audit recorder before the response is written.
		AuditId *string `json:"audit_id,omitempty"`

		// Boundary Layer that produced the failure. The closed set excludes `user`
		// which is reserved for post-MVP per-invocation approval flows.
		Boundary FailureBoundary `json:"boundary"`

		// Class Closed taxonomy of failure classes per ADR-0010. Adding a value
		// requires an ADR amendment.
		Class FailureClass `json:"class"`

		// Details Class-specific additional fields.
		Details *map[string]interface{} `json:"details,omitempty"`

		// Message Human-readable description; safe to show end users. Does
		// not contain credentials or sensitive payload.
		Message string `json:"message"`

		// Retriable Whether the failure is safe to retry.
		Retriable bool `json:"retriable"`
	} `json:"error"`
}

FailureEnvelope Structured failure envelope ratified by [ADR-0010]adr10 for errors returned to the calling action and through it to the agent. Used on the gateway endpoints (`/v1/chat/completions`, `/v1/messages`) and on action / connector install responses.

type FinishOAuth2BindingJSONRequestBody 

type FinishOAuth2BindingJSONRequestBody = OAuth2FinishRequest

FinishOAuth2BindingJSONRequestBody defines body for FinishOAuth2Binding for application/json ContentType.

type Forbidden 

type Forbidden = Error

Forbidden Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type FundingSource 

type FundingSource struct {
	Currency         *string                 `json:"currency,omitempty"`
	FundingSourceId  string                  `json:"funding_source_id"`
	Metadata         *map[string]interface{} `json:"metadata,omitempty"`
	Name             string                  `json:"name"`
	SpendingControls *struct {
		AllowedCategories    *[]string `json:"allowed_categories,omitempty"`
		AllowedMerchants     *[]string `json:"allowed_merchants,omitempty"`
		MaxSingleTransaction *Money    `json:"max_single_transaction,omitempty"`
	} `json:"spending_controls,omitempty"`
	Status      FundingSourceStatus `json:"status"`
	Type        FundingSourceType   `json:"type"`
	WorkspaceId string              `json:"workspace_id"`
}

FundingSource defines model for FundingSource.

type FundingSourceListResponse 

type FundingSourceListResponse struct {
	Items      *[]FundingSource `json:"items,omitempty"`
	Pagination *Pagination      `json:"pagination,omitempty"`
}

FundingSourceListResponse defines model for FundingSourceListResponse.

type FundingSourceStatus 

type FundingSourceStatus string

FundingSourceStatus defines model for FundingSource.Status. 

const (
	FundingSourceStatusActive   FundingSourceStatus = "active"
	FundingSourceStatusDisabled FundingSourceStatus = "disabled"
)

Defines values for FundingSourceStatus.

func (FundingSourceStatus) Valid 

func (e FundingSourceStatus) Valid() bool

Valid indicates whether the value is a known member of the FundingSourceStatus enum.

type FundingSourceType 

type FundingSourceType string

FundingSourceType defines model for FundingSource.Type. 

const (
	FundingSourceTypeBtcWalletRef       FundingSourceType = "btc_wallet_ref"
	FundingSourceTypeBudget             FundingSourceType = "budget"
	FundingSourceTypeFiatAccountRef     FundingSourceType = "fiat_account_ref"
	FundingSourceTypeLightningWalletRef FundingSourceType = "lightning_wallet_ref"
	FundingSourceTypeStoredBalance      FundingSourceType = "stored_balance"
	FundingSourceTypeVirtualCardPool    FundingSourceType = "virtual_card_pool"
)

Defines values for FundingSourceType.

func (FundingSourceType) Valid 

func (e FundingSourceType) Valid() bool

Valid indicates whether the value is a known member of the FundingSourceType enum.

type GetAnalyticsSummaryParams 

type GetAnalyticsSummaryParams struct {
	WorkspaceId string    `form:"workspace_id" json:"workspace_id"`
	From        time.Time `form:"from" json:"from"`
	To          time.Time `form:"to" json:"to"`
}

GetAnalyticsSummaryParams defines parameters for GetAnalyticsSummary.

type GetHubActionInstallDecisionParams 

type GetHubActionInstallDecisionParams struct {
	// Fqn Action FQN, e.g. `github://ALRubinger/aileron-connector-google/actions/draft-email`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubActionInstallDecisionParams defines parameters for GetHubActionInstallDecision.

type GetHubActionParams 

type GetHubActionParams struct {
	// Fqn Action FQN, e.g. `github://ALRubinger/aileron-connector-google/actions/draft-email`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubActionParams defines parameters for GetHubAction.

type GetHubConnectorParams 

type GetHubConnectorParams struct {
	// Fqn Connector FQN, e.g. `github://ALRubinger/aileron-connector-google`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubConnectorParams defines parameters for GetHubConnector.

type GetHubInstallDecisionParams 

type GetHubInstallDecisionParams struct {
	// Fqn Connector FQN, e.g. `github://ALRubinger/aileron-connector-google`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubInstallDecisionParams defines parameters for GetHubInstallDecision.

type GetHubSuiteInstallDecisionParams 

type GetHubSuiteInstallDecisionParams struct {
	// Fqn Suite FQN, e.g. `github://ALRubinger/aileron-connector-google/suite`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubSuiteInstallDecisionParams defines parameters for GetHubSuiteInstallDecision.

type GetHubSuiteParams 

type GetHubSuiteParams struct {
	// Fqn Suite FQN, e.g. `github://ALRubinger/aileron-connector-google/suite`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubSuiteParams defines parameters for GetHubSuite.

type GitAction 

type GitAction struct {
	BaseBranch     *string            `json:"base_branch,omitempty"`
	Branch         *string            `json:"branch,omitempty"`
	ChecksRequired *[]string          `json:"checks_required,omitempty"`
	CommitShas     *[]string          `json:"commit_shas,omitempty"`
	FilesChanged   *[]string          `json:"files_changed,omitempty"`
	IssueAssignees *[]string          `json:"issue_assignees,omitempty"`
	IssueBody      *string            `json:"issue_body,omitempty"`
	IssueLabels    *[]string          `json:"issue_labels,omitempty"`
	IssueTitle     *string            `json:"issue_title,omitempty"`
	Labels         *[]string          `json:"labels,omitempty"`
	PrBody         *string            `json:"pr_body,omitempty"`
	PrTitle        *string            `json:"pr_title,omitempty"`
	Provider       *GitActionProvider `json:"provider,omitempty"`
	Repository     *string            `json:"repository,omitempty"`
	Reviewers      *[]string          `json:"reviewers,omitempty"`
}

GitAction defines model for GitAction.

type GitActionProvider 

type GitActionProvider string

GitActionProvider defines model for GitAction.Provider. 

const (
	Bitbucket GitActionProvider = "bitbucket"
	Custom    GitActionProvider = "custom"
	Github    GitActionProvider = "github"
	Gitlab    GitActionProvider = "gitlab"
)

Defines values for GitActionProvider.

func (GitActionProvider) Valid 

func (e GitActionProvider) Valid() bool

Valid indicates whether the value is a known member of the GitActionProvider enum.

type GrantId 

type GrantId = string

GrantId defines model for GrantId.

type HealthResponse 

type HealthResponse struct {
	Service   string               `json:"service"`
	Status    HealthResponseStatus `json:"status"`
	Timestamp time.Time            `json:"timestamp"`
	Version   string               `json:"version"`
}

HealthResponse defines model for HealthResponse.

type HealthResponseStatus 

type HealthResponseStatus string

HealthResponseStatus defines model for HealthResponse.Status. 

const (
	Degraded HealthResponseStatus = "degraded"
	Down     HealthResponseStatus = "down"
	Ok       HealthResponseStatus = "ok"
)

Defines values for HealthResponseStatus.

func (HealthResponseStatus) Valid 

func (e HealthResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the HealthResponseStatus enum.

type HubActionEntry 

type HubActionEntry struct {
	// Category Optional discovery grouping (e.g. `communication`, `productivity`).
	Category *string `json:"category,omitempty"`

	// ConnectorFqn FQN of the connector this action depends on. Used by the
	// Hub UI to filter actions by provider and to compute the
	// install-decision dependency closure.
	ConnectorFqn string `json:"connector_fqn"`

	// Description One-line description of what the action does.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO/actions/NAME`.
	Fqn string `json:"fqn"`

	// Intents Optional informational phrases describing what users would
	// ask their agent to do to trigger this action (e.g.
	// "draft email", "compose gmail").
	Intents *[]string `json:"intents,omitempty"`

	// PublisherGithub GitHub user or org name that owns the action's repo.
	PublisherGithub string `json:"publisher_github"`
}

HubActionEntry A single Hub action entry. Matches the YAML files committed to the `aileron-hub` repo under `actions/`. Pointer to a published action template at its canonical FQN; the action template itself (TOML frontmatter + Markdown body per ADR-0003) is fetched from the publisher's repo at install time.

type HubActionInstallDecision 

type HubActionInstallDecision struct {
	Authorities []HubInstallAuthority `json:"authorities"`

	// ConnectorFqn FQN of the connector this action depends on.
	ConnectorFqn string                       `json:"connector_fqn"`
	Description  string                       `json:"description"`
	Fqn          string                       `json:"fqn"`
	Kind         HubActionInstallDecisionKind `json:"kind"`

	// LatestVersion Latest non-prerelease SemVer tag the action's source repo
	// has published, resolved via the connector version lister at
	// decision time. Empty when the source has no published
	// releases (the operator can still install via the CLI by
	// pinning `@<sha>` or `@<tag>`, but the webapp modal needs a
	// concrete version to call `/v1/actions/install`). The webapp
	// uses this directly as the install's `version` argument so
	// the install endpoint sees strict SemVer, not `latest`.
	LatestVersion   *string `json:"latest_version,omitempty"`
	PublisherGithub string  `json:"publisher_github"`
}

HubActionInstallDecision Composite install-decision payload for an action install. The `authorities[]` list always carries one entry for actions (single connector dependency); the kind discriminator lets clients render a single combined modal with both action-level metadata and the underlying connector trust gate.

type HubActionInstallDecisionKind 

type HubActionInstallDecisionKind string

HubActionInstallDecisionKind defines model for HubActionInstallDecision.Kind. 

const (
	HubActionInstallDecisionKindAction HubActionInstallDecisionKind = "action"
)

Defines values for HubActionInstallDecisionKind.

func (HubActionInstallDecisionKind) Valid 

func (e HubActionInstallDecisionKind) Valid() bool

Valid indicates whether the value is a known member of the HubActionInstallDecisionKind enum.

type HubActionList 

type HubActionList struct {
	Actions []HubActionEntry `json:"actions"`
}

HubActionList defines model for HubActionList.

type HubConnectorEntry 

type HubConnectorEntry struct {
	// Description One-line description of what the connector does.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO`.
	Fqn string `json:"fqn"`

	// KeyUrl Public URL of the publisher's ed25519 signing key.
	// Typically `https://raw.githubusercontent.com/OWNER/REPO/main/keys/publisher.pub`.
	KeyUrl string `json:"key_url"`

	// PublisherGithub GitHub user or org name that owns the connector repo.
	PublisherGithub string `json:"publisher_github"`

	// ReleasePattern Glob matching the release tags Aileron should consider.
	ReleasePattern string `json:"release_pattern"`
}

HubConnectorEntry A single Hub entry. Matches the YAML files committed to the `aileron-hub` repo under `connectors/`. Pointer to a connector hosted at the canonical FQN; the Hub does not host the binary.

type HubConnectorList 

type HubConnectorList struct {
	Connectors []HubConnectorEntry `json:"connectors"`
}

HubConnectorList defines model for HubConnectorList.

type HubInstallAuthority 

type HubInstallAuthority struct {
	// Fingerprint SHA-256 fingerprint of the publisher's signing key, formatted
	// as `sha256:<base64-without-padding>` to match
	// `aileron keyring trust` output.
	Fingerprint string `json:"fingerprint"`

	// Fqn Connector FQN this authority refers to.
	Fqn                string   `json:"fqn"`
	PublisherFootprint []string `json:"publisher_footprint"`
	PublisherGithub    string   `json:"publisher_github"`
	RiskIndicators     []string `json:"risk_indicators"`

	// TrustState Trust state for the connector's FQN against the local keyring.
	// `already_trusted`: the keyring has the publisher's key for this
	// FQN. `unknown`: no keyring entry for this FQN.
	// `conflict`: keyring has a key for the same publisher under a
	// sibling FQN, and that key differs from the one declared by the
	// Hub entry — surface as a risk indicator.
	TrustState HubTrustState `json:"trust_state"`
}

HubInstallAuthority Per-connector trust-panel data inside a composite install-decision. Shape mirrors the connector-level `HubInstallDecision` minus the top-level description (which belongs to the action or suite being installed, not the underlying connector authority).

type HubInstallDecision 

type HubInstallDecision struct {
	Description string `json:"description"`

	// Fingerprint SHA-256 fingerprint of the publisher's signing key, formatted
	// as `sha256:<base64-without-padding>` to match
	// `aileron keyring trust` output.
	Fingerprint string `json:"fingerprint"`

	// Fqn Canonical FQN.
	Fqn string `json:"fqn"`

	// PublisherFootprint FQNs of the publisher's other connectors listed in the Hub
	// (informational context for the user's decision).
	PublisherFootprint []string `json:"publisher_footprint"`
	PublisherGithub    string   `json:"publisher_github"`

	// RiskIndicators Human-readable risk strings derived from the trust state and
	// keyring contents, e.g. "First connector by this publisher
	// you've installed" (informational, yellow) or "Key fingerprint
	// differs from one you trust for a sibling repo" (conflict,
	// red).
	RiskIndicators []string `json:"risk_indicators"`

	// TrustState Trust state for the connector's FQN against the local keyring.
	// `already_trusted`: the keyring has the publisher's key for this
	// FQN. `unknown`: no keyring entry for this FQN.
	// `conflict`: keyring has a key for the same publisher under a
	// sibling FQN, and that key differs from the one declared by the
	// Hub entry — surface as a risk indicator.
	TrustState HubTrustState `json:"trust_state"`
}

HubInstallDecision Pre-computed payload for the install-time prompt (CLI y/N and webapp modal). Shape resolved in #487. Publisher info is informational context, NOT a trust target: v0.x trust is strictly per-repo (per-FQN).

type HubSuiteEntry 

type HubSuiteEntry struct {
	// Category Optional discovery grouping (e.g. `communication`, `productivity`).
	Category *string `json:"category,omitempty"`

	// ConnectorsRequired FQNs of the connectors the suite's actions transitively
	// require. Informational metadata for discovery; not part of
	// any trust grant.
	ConnectorsRequired *[]string `json:"connectors_required,omitempty"`

	// Description One-line description of what the suite bundles.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO/suite`.
	Fqn string `json:"fqn"`

	// MemberActions FQNs of the actions bundled in this suite.
	MemberActions []string `json:"member_actions"`

	// PublisherGithub GitHub user or org name that owns the suite's repo.
	PublisherGithub string `json:"publisher_github"`
}

HubSuiteEntry A single Hub action-suite entry. Matches the YAML files committed to the `aileron-hub` repo under `suites/`. Pointer to a published suite manifest (the canonical `suite.toml` per #564 lives in the publisher's repo); the Hub entry is the discovery surface.

type HubSuiteInstallDecision 

type HubSuiteInstallDecision struct {
	Authorities []HubInstallAuthority       `json:"authorities"`
	Description string                      `json:"description"`
	Fqn         string                      `json:"fqn"`
	Kind        HubSuiteInstallDecisionKind `json:"kind"`

	// LatestVersion Latest non-prerelease SemVer tag from the suite's source
	// repo, resolved at decision time. The webapp passes this as
	// the `version` argument to each per-member install call —
	// every action in a Hub-published suite ships from the same
	// repo, so one tag covers them all. Empty when the source has
	// no published releases.
	LatestVersion   *string  `json:"latest_version,omitempty"`
	MemberActions   []string `json:"member_actions"`
	PublisherGithub string   `json:"publisher_github"`
}

HubSuiteInstallDecision Composite install-decision payload for a suite install. The `authorities[]` list carries one entry per unique connector authority in the suite's dependency closure (one trust panel per authority, however many member actions are being installed).

type HubSuiteInstallDecisionKind 

type HubSuiteInstallDecisionKind string

HubSuiteInstallDecisionKind defines model for HubSuiteInstallDecision.Kind. 

const (
	Suite HubSuiteInstallDecisionKind = "suite"
)

Defines values for HubSuiteInstallDecisionKind.

func (HubSuiteInstallDecisionKind) Valid 

func (e HubSuiteInstallDecisionKind) Valid() bool

Valid indicates whether the value is a known member of the HubSuiteInstallDecisionKind enum.

type HubSuiteList 

type HubSuiteList struct {
	Suites []HubSuiteEntry `json:"suites"`
}

HubSuiteList defines model for HubSuiteList.

type HubTrustState 

type HubTrustState string

HubTrustState Trust state for the connector's FQN against the local keyring. `already_trusted`: the keyring has the publisher's key for this FQN. `unknown`: no keyring entry for this FQN. `conflict`: keyring has a key for the same publisher under a sibling FQN, and that key differs from the one declared by the Hub entry — surface as a risk indicator. 

const (
	HubTrustStateAlreadyTrusted HubTrustState = "already_trusted"
	HubTrustStateConflict       HubTrustState = "conflict"
	HubTrustStateUnknown        HubTrustState = "unknown"
)

Defines values for HubTrustState.

func (HubTrustState) Valid 

func (e HubTrustState) Valid() bool

Valid indicates whether the value is a known member of the HubTrustState enum.

type InitOAuth2BindingJSONRequestBody 

type InitOAuth2BindingJSONRequestBody = OAuth2InitRequest

InitOAuth2BindingJSONRequestBody defines body for InitOAuth2Binding for application/json ContentType.

type InitiateAttestationJSONRequestBody 

type InitiateAttestationJSONRequestBody = TeeAttestationRequest

InitiateAttestationJSONRequestBody defines body for InitiateAttestation for application/json ContentType.

type InstallActionJSONRequestBody 

type InstallActionJSONRequestBody = InstallActionRequest

InstallActionJSONRequestBody defines body for InstallAction for application/json ContentType.

type InstallActionRequest 

type InstallActionRequest struct {
	// AutoInstallConnectors When true, the server transparently installs any
	// `[[requires.connectors]]` whose pinned hash is not already in
	// the local content-addressed store, using the connector's
	// declared version and hash from the action manifest. Each
	// implicit install runs the full connector pipeline (resolve →
	// fetch → verify signature → match `expected_hash`) and any
	// failure aborts the action install with the connector's
	// structured error.
	//
	// When false (default), missing connector deps abort the
	// install with a `422` carrying `error.code = connectors_missing`
	// and `error.details[]` listing each missing connector's
	// `name`, `version`, and `hash` so the CLI can prompt the user
	// for confirmation before retrying with the flag set.
	AutoInstallConnectors *bool `json:"auto_install_connectors,omitempty"`

	// ConfirmedFingerprints Publisher-key fingerprints the operator confirmed at the
	// webapp install modal — one entry per connector authority in
	// the action's dependency closure (suite installs supply the
	// full set on every per-action install; the CLI omits this
	// field entirely since it pre-trusts via `aileron keyring
	// trust`). Mirrors `confirmed_fingerprint` on
	// `InstallConnectorRequest` (#487 / #628) but applies it
	// across every authority the install needs trust for —
	// without this the webapp can't reach the action install
	// endpoint without first running N standalone connector
	// installs to write trust as a side effect.
	//
	// For each entry the daemon looks up `fqn` in the Hub,
	// fetches the publisher's current key, verifies its
	// fingerprint matches the supplied value (anti-tampering
	// check between what the operator saw and what the install
	// endpoint uses), then writes the key to the keyring under
	// the FQN before running the install pipeline. Trust
	// persists even if the install later fails (matches #487 Q4
	// resolution for the singular case). Entries whose FQN is
	// already trusted under the same key short-circuit; mismatch
	// aborts with `fingerprint_mismatch`.
	ConfirmedFingerprints *[]ConfirmedFingerprint `json:"confirmed_fingerprints,omitempty"`

	// Force When true, overwrite an existing action with the same name.
	// When false (default), refuse with `409 Conflict` if an action
	// of the same name already exists.
	Force *bool `json:"force,omitempty"`

	// Fqn Fully-qualified URI of the action template per ADR-0002 / ADR-0003
	// (e.g. `github://ALRubinger/aileron-connector-github/actions/list-recent-prs`).
	// Subpath references are supported for actions published alongside
	// their connector.
	Fqn string `json:"fqn"`

	// Version Strict SemVer (e.g. `0.1.0`).
	Version string `json:"version"`
}

InstallActionRequest defines model for InstallActionRequest.

type InstallConnectorJSONRequestBody 

type InstallConnectorJSONRequestBody = InstallConnectorRequest

InstallConnectorJSONRequestBody defines body for InstallConnector for application/json ContentType.

type InstallConnectorRequest 

type InstallConnectorRequest struct {
	// ConfirmedFingerprint Optional publisher-key fingerprint the operator confirmed at
	// the install prompt (terminal y/N/d or webapp install modal),
	// per ADR-0013 / #487. Format matches `aileron keyring trust`
	// output: `sha256:<22 base64-no-padding chars>`.
	//
	// When supplied, the daemon looks up the FQN in the Hub, fetches
	// the publisher's current key, verifies its fingerprint matches
	// this value (anti-tampering — the client and daemon must agree
	// on what the operator saw), then writes the key to the keyring
	// at the FQN authority before running the install pipeline.
	// Trust persists even if the install later fails, matching the
	// #487 Q4 resolution.
	//
	// When omitted, the install requires the publisher key to be
	// pre-established in the keyring (typical for non-TTY installs
	// and connectors not listed in the Hub). Mismatch returns
	// `fingerprint_mismatch`; an FQN with no Hub entry returns
	// `not_found`.
	ConfirmedFingerprint *string `json:"confirmed_fingerprint,omitempty"`

	// ExpectedHash Optional canonical hash (`sha256:<hex>`) the install must match.
	// When supplied (typical when the install is driven by an action
	// file's `[[requires.connectors]] hash`), a computed hash that
	// does not match aborts the install with `hash_mismatch` and
	// nothing is written to the store. When omitted (typical for
	// first install), the pipeline records whatever hash the bytes
	// produce.
	ExpectedHash *string `json:"expected_hash,omitempty"`

	// Fqn Fully-qualified URI per ADR-0002 (e.g. `github://aileron/slack`).
	// Scheme must be one of `github`, `gitlab`, `hub` in v1.
	Fqn string `json:"fqn"`

	// Version Strict SemVer (e.g. `1.2.0`). No ranges, no `latest`.
	Version string `json:"version"`
}

InstallConnectorRequest defines model for InstallConnectorRequest.

type InstalledAction 

type InstalledAction struct {
	// AlreadyInstalled True when the action was already present and the install was a no-op
	// (the file on disk matched the bytes that would have been written).
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// Fqn FQN the action was installed from.
	Fqn string `json:"fqn"`

	// Name Bare local handle of the installed action (the action manifest's `name`).
	Name string `json:"name"`

	// NewlyStaleBindings Existing bindings whose status flipped to `stale` because
	// this install upgraded a connector whose manifest now demands
	// an OAuth scope the recorded grant lacks (`scope_drift`), or
	// because the binding predates scope tracking and needs a
	// one-time reauthorize (`no_grant_record`). The CLI uses this
	// list to prompt the operator to drop into
	// `aileron binding reauthorize` inline (#741); without this
	// signal the install reports success and the next action
	// invocation that needs the new scope fails with a 403.
	// Aggregated across implicit connector installs the action
	// triggers (`auto_install_connectors=true`).
	NewlyStaleBindings *[]StaleBinding `json:"newly_stale_bindings,omitempty"`

	// Path Absolute path of the installed action file on disk.
	Path string `json:"path"`

	// Source Provenance URI recorded on the installed manifest's `source` field.
	Source string `json:"source"`

	// UnboundCapabilities Credential capabilities the action's connectors declare that
	// do not yet have a binding in the user's vault. The CLI uses
	// this list to prompt the user to drop into `aileron binding
	// setup` immediately after install — the user stays in the CLI
	// and avoids hitting `binding_required` later.
	UnboundCapabilities *[]UnboundCapability `json:"unbound_capabilities,omitempty"`
	Version             string               `json:"version"`
}

InstalledAction defines model for InstalledAction.

type InstalledActionRef 

type InstalledActionRef struct {
	// Hash `sha256:<hex>` of the installed manifest's bytes on disk.
	// Differs from the previewed `hash` whenever this object is
	// populated.
	Hash string `json:"hash"`

	// Path Absolute path of the installed action file on disk.
	Path string `json:"path"`

	// Source Provenance URI recorded on the installed manifest's `source` field.
	Source string `json:"source"`

	// Version Version field from the installed manifest's frontmatter.
	Version string `json:"version"`
}

InstalledActionRef Snapshot of an action already on disk at install time. Used in the preview response to surface the installed version when its bytes differ from the requested install — the CLI renders this so the operator can confirm an upgrade.

type InstalledConnector 

type InstalledConnector struct {
	// AlreadyInstalled True when the install was a no-op because an entry with the
	// matching hash already existed (offline reinstall path per
	// ADR-0004).
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// EntryDir Absolute path of the store entry on disk.
	EntryDir string `json:"entry_dir"`
	Fqn      string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the installed bytes.
	Hash string `json:"hash"`

	// NewlyStaleBindings Bindings whose status flipped to `stale` as a result of this
	// install — either because the new manifest demands an OAuth
	// scope the recorded grant lacks (`scope_drift`) or because
	// the binding predates scope tracking (`no_grant_record`) and
	// needs a one-time reauthorize so the daemon can record what
	// was granted. Emitted by the scope-drift hook (#726/#729).
	// The CLI uses this list to prompt the operator to drop into
	// `aileron binding reauthorize` inline (#741); without this
	// signal the install reports success and the next action
	// invocation that needs the new scope fails with a 403 from
	// the upstream provider.
	NewlyStaleBindings *[]StaleBinding `json:"newly_stale_bindings,omitempty"`
	Version            string          `json:"version"`
}

InstalledConnector defines model for InstalledConnector.

type IntentContext 

type IntentContext struct {
	Environment      *string   `json:"environment,omitempty"`
	IpAddress        *string   `json:"ip_address,omitempty"`
	RiskHints        *[]string `json:"risk_hints,omitempty"`
	SourcePlatform   *string   `json:"source_platform,omitempty"`
	SourceSessionId  *string   `json:"source_session_id,omitempty"`
	SourceTraceId    *string   `json:"source_trace_id,omitempty"`
	TemporaryGrantId *string   `json:"temporary_grant_id,omitempty"`
	UserPresent      *bool     `json:"user_present,omitempty"`
}

IntentContext defines model for IntentContext.

type IntentEnvelope 

type IntentEnvelope struct {
	Action      ActionIntent    `json:"action"`
	Agent       ActorRef        `json:"agent"`
	Context     *IntentContext  `json:"context,omitempty"`
	CreatedAt   time.Time       `json:"created_at"`
	Decision    Decision        `json:"decision"`
	Evidence    *[]EvidenceItem `json:"evidence,omitempty"`
	IntentId    string          `json:"intent_id"`
	Status      IntentStatus    `json:"status"`
	UpdatedAt   time.Time       `json:"updated_at"`
	WorkspaceId string          `json:"workspace_id"`
}

IntentEnvelope defines model for IntentEnvelope.

type IntentId 

type IntentId = string

IntentId defines model for IntentId.

type IntentListResponse 

type IntentListResponse struct {
	Items      *[]IntentEnvelope `json:"items,omitempty"`
	Pagination *Pagination       `json:"pagination,omitempty"`
}

IntentListResponse defines model for IntentListResponse.

type IntentStatus 

type IntentStatus string

IntentStatus defines model for IntentStatus. 

const (
	Approved        IntentStatus = "approved"
	Cancelled       IntentStatus = "cancelled"
	Denied          IntentStatus = "denied"
	Executing       IntentStatus = "executing"
	Expired         IntentStatus = "expired"
	Failed          IntentStatus = "failed"
	PendingApproval IntentStatus = "pending_approval"
	PendingPolicy   IntentStatus = "pending_policy"
	Succeeded       IntentStatus = "succeeded"
)

Defines values for IntentStatus.

func (IntentStatus) Valid 

func (e IntentStatus) Valid() bool

Valid indicates whether the value is a known member of the IntentStatus enum.

type InvalidParamFormatError 

type InvalidParamFormatError struct {
	ParamName string
	Err       error
}

func (*InvalidParamFormatError) Error 

func (e *InvalidParamFormatError) Error() string

func (*InvalidParamFormatError) Unwrap 

func (e *InvalidParamFormatError) Unwrap() error

type Jwk 

type Jwk struct {
	Alg *string `json:"alg,omitempty"`
	Crv *string `json:"crv,omitempty"`
	E   *string `json:"e,omitempty"`
	Kid string  `json:"kid"`
	Kty string  `json:"kty"`
	N   *string `json:"n,omitempty"`
	Use *string `json:"use,omitempty"`
	X   *string `json:"x,omitempty"`
	Y   *string `json:"y,omitempty"`
}

Jwk defines model for Jwk.

type Jwks 

type Jwks struct {
	Keys []Jwk `json:"keys"`
}

Jwks defines model for Jwks.

type LineItem 

type LineItem struct {
	Description string  `json:"description"`
	Quantity    int     `json:"quantity"`
	Sku         *string `json:"sku,omitempty"`
	UnitAmount  Money   `json:"unit_amount"`
}

LineItem defines model for LineItem.

type ListApprovalsParams 

type ListApprovalsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
	Assignee    *string    `form:"assignee,omitempty" json:"assignee,omitempty"`
}

ListApprovalsParams defines parameters for ListApprovals.

type ListAuditParams 

type ListAuditParams struct {
	// Since Lower-bound (inclusive) on event timestamp; RFC 3339.
	Since *time.Time `form:"since,omitempty" json:"since,omitempty"`

	// AuditId Match events with this exact `audit_id`.
	AuditId *string `form:"audit_id,omitempty" json:"audit_id,omitempty"`

	// ConnectorFqn Match events that reference this connector FQN.
	ConnectorFqn *string `form:"connector_fqn,omitempty" json:"connector_fqn,omitempty"`

	// Class Match failure events with this `class` (e.g. `binding_required`).
	Class *string `form:"class,omitempty" json:"class,omitempty"`

	// Limit Maximum events to return; newest first.
	Limit *int `form:"limit,omitempty" json:"limit,omitempty"`
}

ListAuditParams defines parameters for ListAudit.

type ListBindingsParams 

type ListBindingsParams struct {
	// ConnectorFqn Restrict to bindings created for the given connector FQN.
	ConnectorFqn *string `form:"connector_fqn,omitempty" json:"connector_fqn,omitempty"`

	// Kind Restrict to bindings of the given credential kind (e.g. `api_key`).
	Kind *string `form:"kind,omitempty" json:"kind,omitempty"`
}

ListBindingsParams defines parameters for ListBindings.

type ListConnectorsParams 

type ListConnectorsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListConnectorsParams defines parameters for ListConnectors.

type ListCredentialsParams 

type ListCredentialsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListCredentialsParams defines parameters for ListCredentials.

type ListFundingSourcesParams 

type ListFundingSourcesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListFundingSourcesParams defines parameters for ListFundingSources.

type ListHubActionsParams 

type ListHubActionsParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubActionsParams defines parameters for ListHubActions.

type ListHubConnectorsParams 

type ListHubConnectorsParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubConnectorsParams defines parameters for ListHubConnectors.

type ListHubSuitesParams 

type ListHubSuitesParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubSuitesParams defines parameters for ListHubSuites.

type ListIntentsParams 

type ListIntentsParams struct {
	PageSize    *PageSize     `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken    `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId *string       `form:"workspace_id,omitempty" json:"workspace_id,omitempty"`
	Status      *IntentStatus `form:"status,omitempty" json:"status,omitempty"`
	ActionType  *string       `form:"action_type,omitempty" json:"action_type,omitempty"`
	AgentId     *string       `form:"agent_id,omitempty" json:"agent_id,omitempty"`
}

ListIntentsParams defines parameters for ListIntents.

type ListPoliciesParams 

type ListPoliciesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListPoliciesParams defines parameters for ListPolicies.

type ListSessionsParams 

type ListSessionsParams struct {
	ActiveOnly *bool   `form:"active_only,omitempty" json:"active_only,omitempty"`
	Agent      *string `form:"agent,omitempty" json:"agent,omitempty"`

	// Since RFC3339 timestamp; only sessions with StartedAt >= since are returned.
	Since *time.Time `form:"since,omitempty" json:"since,omitempty"`
	Limit *int       `form:"limit,omitempty" json:"limit,omitempty"`
}

ListSessionsParams defines parameters for ListSessions.

type ListTracesParams 

type ListTracesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListTracesParams defines parameters for ListTraces.

type LocalVaultStatusResponse 

type LocalVaultStatusResponse struct {
	// Locked Convenience boolean — true when state is `missing` or `locked`,
	// false when `unlocked`. The webapp uses this to drive the modal.
	Locked bool `json:"locked"`

	// State Lifecycle state of the local vault file.
	//   - `missing`  — no vault file at the canonical path
	//   - `locked`   — vault file present, awaiting passphrase
	//   - `unlocked` — passphrase accepted; the daemon holds the KEK
	State LocalVaultStatusResponseState `json:"state"`
}

LocalVaultStatusResponse defines model for LocalVaultStatusResponse.

type LocalVaultStatusResponseState 

type LocalVaultStatusResponseState string

LocalVaultStatusResponseState Lifecycle state of the local vault file.

  • `missing` — no vault file at the canonical path
  • `locked` — vault file present, awaiting passphrase
  • `unlocked` — passphrase accepted; the daemon holds the KEK
const (
	LocalVaultStatusResponseStateLocked   LocalVaultStatusResponseState = "locked"
	LocalVaultStatusResponseStateMissing  LocalVaultStatusResponseState = "missing"
	LocalVaultStatusResponseStateUnlocked LocalVaultStatusResponseState = "unlocked"
)

Defines values for LocalVaultStatusResponseState.

func (LocalVaultStatusResponseState) Valid 

func (e LocalVaultStatusResponseState) Valid() bool

Valid indicates whether the value is a known member of the LocalVaultStatusResponseState enum.

type LocalVaultUnlockRequest 

type LocalVaultUnlockRequest struct {
	// Passphrase The vault passphrase. Sent in plaintext over the loopback
	// connection — the daemon derives the KEK locally via Argon2id.
	// Distinct from `UnlockVaultRequest`, which carries a
	// client-derived KEK for the cloud-tier multi-tenant flow.
	Passphrase string `json:"passphrase"`
}

LocalVaultUnlockRequest defines model for LocalVaultUnlockRequest.

type MessagesRequest 

type MessagesRequest struct {
	MaxTokens int                `json:"max_tokens"`
	Messages  []AnthropicMessage `json:"messages"`
	Model     string             `json:"model"`
	Stream    *bool              `json:"stream,omitempty"`

	// System System prompt; string or array of content blocks (Anthropic
	// shape).
	System interface{} `json:"system,omitempty"`

	// ToolChoice Passed through to the upstream provider unchanged.
	ToolChoice interface{} `json:"tool_choice,omitempty"`

	// Tools Agent-declared tools. Aileron preserves these unchanged and
	// appends installed actions to the array before forwarding
	// upstream (Anthropic shape).
	Tools                *[]AnthropicTool       `json:"tools,omitempty"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

MessagesRequest defines model for MessagesRequest.

func (MessagesRequest) Get 

func (a MessagesRequest) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for MessagesRequest. Returns the specified element and whether it was found

func (MessagesRequest) MarshalJSON 

func (a MessagesRequest) MarshalJSON() ([]byte, error)

Override default JSON handling for MessagesRequest to handle AdditionalProperties

func (*MessagesRequest) Set 

func (a *MessagesRequest) Set(fieldName string, value interface{})

Setter for additional properties for MessagesRequest

func (*MessagesRequest) UnmarshalJSON 

func (a *MessagesRequest) UnmarshalJSON(b []byte) error

Override default JSON handling for MessagesRequest to handle AdditionalProperties

type MessagesResponse 

type MessagesResponse struct {
	Content              []map[string]interface{} `json:"content"`
	Id                   string                   `json:"id"`
	Model                string                   `json:"model"`
	Role                 MessagesResponseRole     `json:"role"`
	StopReason           *string                  `json:"stop_reason,omitempty"`
	StopSequence         *string                  `json:"stop_sequence,omitempty"`
	Type                 MessagesResponseType     `json:"type"`
	Usage                *map[string]interface{}  `json:"usage,omitempty"`
	AdditionalProperties map[string]interface{}   `json:"-"`
}

MessagesResponse defines model for MessagesResponse.

func (MessagesResponse) Get 

func (a MessagesResponse) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for MessagesResponse. Returns the specified element and whether it was found

func (MessagesResponse) MarshalJSON 

func (a MessagesResponse) MarshalJSON() ([]byte, error)

Override default JSON handling for MessagesResponse to handle AdditionalProperties

func (*MessagesResponse) Set 

func (a *MessagesResponse) Set(fieldName string, value interface{})

Setter for additional properties for MessagesResponse

func (*MessagesResponse) UnmarshalJSON 

func (a *MessagesResponse) UnmarshalJSON(b []byte) error

Override default JSON handling for MessagesResponse to handle AdditionalProperties

type MessagesResponseRole 

type MessagesResponseRole string

MessagesResponseRole defines model for MessagesResponse.Role. 

const (
	Assistant MessagesResponseRole = "assistant"
)

Defines values for MessagesResponseRole.

func (MessagesResponseRole) Valid 

func (e MessagesResponseRole) Valid() bool

Valid indicates whether the value is a known member of the MessagesResponseRole enum.

type MessagesResponseType 

type MessagesResponseType string

MessagesResponseType defines model for MessagesResponse.Type. 

const (
	Message MessagesResponseType = "message"
)

Defines values for MessagesResponseType.

func (MessagesResponseType) Valid 

func (e MessagesResponseType) Valid() bool

Valid indicates whether the value is a known member of the MessagesResponseType enum.

type MiddlewareFunc 

type MiddlewareFunc func(http.Handler) http.Handler

type ModifyApprovalRequest 

type ModifyApprovalRequest struct {
	Comment       *string                `json:"comment,omitempty"`
	Modifications map[string]interface{} `json:"modifications"`
}

ModifyApprovalRequest defines model for ModifyApprovalRequest.

type ModifyRequestJSONRequestBody 

type ModifyRequestJSONRequestBody = ModifyApprovalRequest

ModifyRequestJSONRequestBody defines body for ModifyRequest for application/json ContentType.

type Money 

type Money struct {
	// Amount Amount in minor units
	Amount   int    `json:"amount"`
	Currency string `json:"currency"`
}

Money defines model for Money.

type NotFound 

type NotFound = Error

NotFound Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type OAuth2FinishRequest 

type OAuth2FinishRequest struct {
	// Code Authorization code captured from the OAuth callback.
	Code string `json:"code"`

	// SessionId The session id returned by oauth2/init.
	SessionId string `json:"session_id"`

	// State State token captured from the OAuth callback. Server
	// compares against the session's stored state and rejects
	// on mismatch (CSRF protection).
	State string `json:"state"`
}

OAuth2FinishRequest defines model for OAuth2FinishRequest.

type OAuth2InitRequest 

type OAuth2InitRequest struct {
	// Account Optional human-readable account label.
	Account *string `json:"account,omitempty"`

	// Caller Selects who serves the OAuth callback. See the endpoint
	// description for the full contract.
	//
	// - `cli` (default) — daemon picks an ephemeral loopback port;
	//   the calling CLI binds it and posts to `oauth2/finish`.
	//   Unchanged from the pre-#743 behavior.
	// - `daemon` — the daemon's own listen address is the callback
	//   target. The provider's redirect lands at
	//   `/v1/bindings/setup/oauth2/callback`, the daemon completes
	//   the flow internally, and the user's browser is then
	//   redirected to `return_to`. Requires `return_to`.
	Caller *OAuth2InitRequestCaller `json:"caller,omitempty"`

	// ConnectorFqn Fully-qualified connector name. Connector must be installed
	// and must declare `[capabilities.credential] kind = "oauth2"`.
	ConnectorFqn string `json:"connector_fqn"`

	// Identity User-chosen handle for the new binding (e.g. `work`,
	// `personal`). Combined with the connector's declared kind
	// and service to form the full binding name.
	Identity string `json:"identity"`

	// Purpose Distinguishes a first-time setup (default) from a scope-drift
	// reauthorize. `reauthorize` requires the named binding to
	// already exist; finish then upserts that binding (preserving
	// CreatedAt / Account) rather than creating a new one, and the
	// authorize URL is built with `prompt=consent` so the provider
	// re-prompts for the upgraded scope set instead of silently
	// reissuing from prior consent.
	Purpose *OAuth2InitRequestPurpose `json:"purpose,omitempty"`

	// ReturnTo URL the daemon redirects the browser to after completing a
	// `caller=daemon` flow. Required when `caller=daemon`; ignored
	// when `caller=cli`. Validated as loopback-only (`127.0.0.1`,
	// `localhost`, or `[::1]`) under http(s) — same boundary as
	// ADR-0002's loopback constraint on the redirect URI itself.
	ReturnTo *string `json:"return_to,omitempty"`

	// Service Optional service override. Defaults to the service segment
	// derived from the connector FQN's repo segment.
	Service *string `json:"service,omitempty"`
}

OAuth2InitRequest defines model for OAuth2InitRequest.

type OAuth2InitRequestCaller 

type OAuth2InitRequestCaller string

OAuth2InitRequestCaller Selects who serves the OAuth callback. See the endpoint description for the full contract.

  • `cli` (default) — daemon picks an ephemeral loopback port; the calling CLI binds it and posts to `oauth2/finish`. Unchanged from the pre-#743 behavior.
  • `daemon` — the daemon's own listen address is the callback target. The provider's redirect lands at `/v1/bindings/setup/oauth2/callback`, the daemon completes the flow internally, and the user's browser is then redirected to `return_to`. Requires `return_to`.
const (
	Cli    OAuth2InitRequestCaller = "cli"
	Daemon OAuth2InitRequestCaller = "daemon"
)

Defines values for OAuth2InitRequestCaller.

func (OAuth2InitRequestCaller) Valid 

func (e OAuth2InitRequestCaller) Valid() bool

Valid indicates whether the value is a known member of the OAuth2InitRequestCaller enum.

type OAuth2InitRequestPurpose 

type OAuth2InitRequestPurpose string

OAuth2InitRequestPurpose Distinguishes a first-time setup (default) from a scope-drift reauthorize. `reauthorize` requires the named binding to already exist; finish then upserts that binding (preserving CreatedAt / Account) rather than creating a new one, and the authorize URL is built with `prompt=consent` so the provider re-prompts for the upgraded scope set instead of silently reissuing from prior consent. 

const (
	Reauthorize OAuth2InitRequestPurpose = "reauthorize"
	Setup       OAuth2InitRequestPurpose = "setup"
)

Defines values for OAuth2InitRequestPurpose.

func (OAuth2InitRequestPurpose) Valid 

func (e OAuth2InitRequestPurpose) Valid() bool

Valid indicates whether the value is a known member of the OAuth2InitRequestPurpose enum.

type OAuth2InitResponse 

type OAuth2InitResponse struct {
	// AuthorizeUrl URL the caller should direct the user's browser to. Already
	// includes client_id, redirect_uri, response_type=code,
	// scope, state, code_challenge, and code_challenge_method=S256.
	AuthorizeUrl string `json:"authorize_url"`

	// RedirectUri Loopback URL the caller must serve to capture the OAuth
	// callback (e.g. `http://localhost:54321/callback`). The
	// server has already chosen a free port and embedded the
	// URI in `authorize_url`.
	RedirectUri string `json:"redirect_uri"`

	// SessionId Opaque token the caller passes back to oauth2/finish.
	// Server-side state (PKCE verifier, expected state value)
	// is keyed by this id; TTL is 10 minutes.
	SessionId string `json:"session_id"`
}

OAuth2InitResponse defines model for OAuth2InitResponse.

type Oauth2BindingCallbackParams 

type Oauth2BindingCallbackParams struct {
	// Code Authorization code from the OAuth provider.
	Code string `form:"code" json:"code"`

	// State State token from the OAuth provider's redirect. Daemon
	// compares against the session it indexed under this value
	// on init; mismatch (or no session) returns 404.
	State string `form:"state" json:"state"`

	// Error OAuth-provider-supplied error code (e.g. `access_denied`).
	// When present, the daemon clears the session, skips the
	// token exchange, and surfaces the failure on the rendered
	// page. Mutually exclusive with `code` per OAuth2 §4.1.2.1.
	Error *string `form:"error,omitempty" json:"error,omitempty"`

	// ErrorDescription OAuth-provider-supplied human-readable error detail. Used
	// alongside `error` in the failure page.
	ErrorDescription *string `form:"error_description,omitempty" json:"error_description,omitempty"`
}

Oauth2BindingCallbackParams defines parameters for Oauth2BindingCallback.

type PageSize 

type PageSize = int

PageSize defines model for PageSize.

type PageToken 

type PageToken = string

PageToken defines model for PageToken.

type Pagination 

type Pagination struct {
	NextPageToken *string `json:"next_page_token,omitempty"`
}

Pagination defines model for Pagination.

type PassphraseSaltResponse 

type PassphraseSaltResponse struct {
	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// Salt Base64-encoded Argon2id salt (omitted when no passphrase is set)
	Salt *[]byte `json:"salt,omitempty"`
}

PassphraseSaltResponse defines model for PassphraseSaltResponse.

type PassphraseVerificationResponse 

type PassphraseVerificationResponse struct {
	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// KekVerification Encrypted verification blob for client-side decryption (omitted when no passphrase is set)
	KekVerification *[]byte `json:"kek_verification,omitempty"`
}

PassphraseVerificationResponse defines model for PassphraseVerificationResponse.

type PatchActionJSONRequestBody 

type PatchActionJSONRequestBody = ActionPatchRequest

PatchActionJSONRequestBody defines body for PatchAction for application/json ContentType.

type PaymentAction 

type PaymentAction struct {
	Amount                      *Money                                    `json:"amount,omitempty"`
	Beneficiary                 *PaymentBeneficiary                       `json:"beneficiary,omitempty"`
	BudgetCode                  *string                                   `json:"budget_code,omitempty"`
	ContractTerm                *string                                   `json:"contract_term,omitempty"`
	FundingSourceId             *string                                   `json:"funding_source_id,omitempty"`
	LineItems                   *[]LineItem                               `json:"line_items,omitempty"`
	MerchantCategory            *string                                   `json:"merchant_category,omitempty"`
	MerchantReference           *string                                   `json:"merchant_reference,omitempty"`
	PaymentInstrumentPreference *PaymentActionPaymentInstrumentPreference `json:"payment_instrument_preference,omitempty"`
	RecurringInterval           *PaymentActionRecurringInterval           `json:"recurring_interval,omitempty"`
	Renewal                     *bool                                     `json:"renewal,omitempty"`
	VendorId                    *string                                   `json:"vendor_id,omitempty"`
	VendorName                  *string                                   `json:"vendor_name,omitempty"`
}

PaymentAction defines model for PaymentAction.

type PaymentActionPaymentInstrumentPreference 

type PaymentActionPaymentInstrumentPreference string

PaymentActionPaymentInstrumentPreference defines model for PaymentAction.PaymentInstrumentPreference. 

const (
	Ach          PaymentActionPaymentInstrumentPreference = "ach"
	NetworkProxy PaymentActionPaymentInstrumentPreference = "network_proxy"
	Unspecified  PaymentActionPaymentInstrumentPreference = "unspecified"
	VirtualCard  PaymentActionPaymentInstrumentPreference = "virtual_card"
	Wallet       PaymentActionPaymentInstrumentPreference = "wallet"
)

Defines values for PaymentActionPaymentInstrumentPreference.

func (PaymentActionPaymentInstrumentPreference) Valid 

func (e PaymentActionPaymentInstrumentPreference) Valid() bool

Valid indicates whether the value is a known member of the PaymentActionPaymentInstrumentPreference enum.

type PaymentActionRecurringInterval 

type PaymentActionRecurringInterval string

PaymentActionRecurringInterval defines model for PaymentAction.RecurringInterval. 

const (
	PaymentActionRecurringIntervalAnnual    PaymentActionRecurringInterval = "annual"
	PaymentActionRecurringIntervalMonthly   PaymentActionRecurringInterval = "monthly"
	PaymentActionRecurringIntervalNone      PaymentActionRecurringInterval = "none"
	PaymentActionRecurringIntervalQuarterly PaymentActionRecurringInterval = "quarterly"
)

Defines values for PaymentActionRecurringInterval.

func (PaymentActionRecurringInterval) Valid 

func (e PaymentActionRecurringInterval) Valid() bool

Valid indicates whether the value is a known member of the PaymentActionRecurringInterval enum.

type PaymentBeneficiary 

type PaymentBeneficiary struct {
	Department *string              `json:"department,omitempty"`
	Email      *openapi_types.Email `json:"email,omitempty"`
	Name       *string              `json:"name,omitempty"`
}

PaymentBeneficiary defines model for PaymentBeneficiary.

type PendingActionApproval 

type PendingActionApproval struct {
	// ActionName For `kind=action`, the manifest name of the gated action
	// (e.g. "send-email"). For non-action kinds, a short label
	// describing what's being approved ("send_message",
	// "draft_reply", "http_request").
	ActionName string `json:"action_name"`

	// Args Kind-specific arguments. For `action`, the call-time
	// arguments the agent passed in. For comms / HTTP kinds,
	// see the `kind` enum description above.
	Args *map[string]interface{} `json:"args,omitempty"`

	// ConnectorFqn Connector FQN the action's first execute step targets, surfaced
	// so the user can see which integration would actually run.
	// Empty for non-action kinds.
	ConnectorFqn *string `json:"connector_fqn,omitempty"`

	// Id Opaque server-minted identifier for this request.
	Id string `json:"id"`

	// InputFields Rendered projection of the gated action's call-time args
	// through the action manifest's `[[inputs]]` declarations
	// (per the ADR-0003 amendment introducing per-input `label`
	// and `multiline` keys). Surfaced on the approval card so
	// the user sees labeled rows ("To: alr@…", "Subject: …",
	// multiline "Body: …") instead of the raw JSON args dump.
	//
	// Fields are ordered by `[[inputs]]` declaration order
	// (matching the convention `ActionApprovalPreviewPolicy`
	// uses for previews). An input's `label` from the manifest
	// becomes the row's user-facing key; when no label is
	// declared the input's bare name is used. Required inputs
	// the agent did not supply surface as `missing=true` so the
	// UI can render "n/a". Args the agent supplied that aren't
	// declared on the manifest are appended at the end, sorted
	// by key, so the user always sees everything the agent
	// passed.
	//
	// Optional. Omitted when the gated action has no resolvable
	// manifest or its manifest declares no `[[inputs]]` block;
	// in that case the webapp falls back to the historic raw-
	// JSON accordion. The field shape mirrors
	// `ActionApprovalPreviewField` so the webapp can route
	// preview fields and input fields through the same renderer.
	InputFields *[]ActionApprovalPreviewField `json:"input_fields,omitempty"`

	// Kind Discriminates the user-facing card layout the webapp
	// should render.
	//
	//   - `action` — historic action-manifest gate (default).
	//   - `comms_send` — `aileron-mcp`'s `send_message` tool;
	//     args carry `service`, `channel`, `body`.
	//   - `comms_draft` — `aileron-mcp`'s `draft_reply` tool;
	//     args carry `service`, `channel`, `original_author`,
	//     `original_body`, `draft_body`, `reply_to`. The
	//     webapp surfaces `draft_body` as an editable field
	//     and ships the edited bytes back via
	//     `ActionApprovalDecision.edited_payload.body`.
	//   - `http_request` — `aileron-mcp`'s `http_request` tool;
	//     args carry `method`, `url`, `body`, `secret_name`
	//     (the matched binding name; the value is never
	//     surfaced to the webapp).
	Kind PendingActionApprovalKind `json:"kind"`

	// Preview Rendered output of the action manifest's `[approval.preview]`
	// directive (ADR-0016). Surfaced on the approval prompt so the user
	// sees an authoritative summary of what they are approving rather than
	// agent-supplied hints. Two terminal shapes:
	//
	//   - On success, `fields` carries the rendered entries in the
	//     manifest's declared order. A field whose render path did not
	//     resolve in the preview response carries `missing=true` so the UI
	//     renders "n/a" rather than silently omitting the row.
	//   - On wholesale failure (HTTP non-2xx, timeout, sandbox denial,
	//     WASM trap), `unavailable` carries a short user-facing reason
	//     (e.g. "preview unavailable: timeout") and `fields` is omitted.
	//     The approval still proceeds; the user can decline based on the
	//     raw inputs plus the failure note.
	Preview *ActionApprovalPreview `json:"preview,omitempty"`

	// RequestedAt When the queue minted this request.
	RequestedAt time.Time `json:"requested_at"`

	// SessionId Launch session that initiated the request, when one is in
	// scope; empty for daemon-direct callers.
	SessionId *string `json:"session_id,omitempty"`
}

PendingActionApproval One pending action-level approval request. Surfaced to the webapp / CLI for user decision. The runtime is blocked on the corresponding action-run HTTP response and will resume the moment a decision is posted to `/v1/action-approvals/{id}/decide`.

type PendingActionApprovalKind 

type PendingActionApprovalKind string

PendingActionApprovalKind Discriminates the user-facing card layout the webapp should render.

  • `action` — historic action-manifest gate (default).
  • `comms_send` — `aileron-mcp`'s `send_message` tool; args carry `service`, `channel`, `body`.
  • `comms_draft` — `aileron-mcp`'s `draft_reply` tool; args carry `service`, `channel`, `original_author`, `original_body`, `draft_body`, `reply_to`. The webapp surfaces `draft_body` as an editable field and ships the edited bytes back via `ActionApprovalDecision.edited_payload.body`.
  • `http_request` — `aileron-mcp`'s `http_request` tool; args carry `method`, `url`, `body`, `secret_name` (the matched binding name; the value is never surfaced to the webapp).
const (
	PendingActionApprovalKindAction      PendingActionApprovalKind = "action"
	PendingActionApprovalKindCommsDraft  PendingActionApprovalKind = "comms_draft"
	PendingActionApprovalKindCommsSend   PendingActionApprovalKind = "comms_send"
	PendingActionApprovalKindHttpRequest PendingActionApprovalKind = "http_request"
)

Defines values for PendingActionApprovalKind.

func (PendingActionApprovalKind) Valid 

func (e PendingActionApprovalKind) Valid() bool

Valid indicates whether the value is a known member of the PendingActionApprovalKind enum.

type Policy 

type Policy struct {
	CreatedAt   *time.Time   `json:"created_at,omitempty"`
	Description *string      `json:"description,omitempty"`
	Environment *string      `json:"environment,omitempty"`
	Name        string       `json:"name"`
	PolicyId    string       `json:"policy_id"`
	Rules       []PolicyRule `json:"rules"`
	Status      PolicyStatus `json:"status"`
	UpdatedAt   *time.Time   `json:"updated_at,omitempty"`
	Version     int          `json:"version"`
	WorkspaceId string       `json:"workspace_id"`
}

Policy defines model for Policy.

type PolicyCondition 

type PolicyCondition struct {
	Field    *string                  `json:"field,omitempty"`
	Operator *PolicyConditionOperator `json:"operator,omitempty"`
	Value    *PolicyCondition_Value   `json:"value,omitempty"`
}

PolicyCondition defines model for PolicyCondition.

type PolicyConditionOperator 

type PolicyConditionOperator string

PolicyConditionOperator defines model for PolicyCondition.Operator. 

const (
	Contains PolicyConditionOperator = "contains"
	Eq       PolicyConditionOperator = "eq"
	Gt       PolicyConditionOperator = "gt"
	Gte      PolicyConditionOperator = "gte"
	In       PolicyConditionOperator = "in"
	Lt       PolicyConditionOperator = "lt"
	Lte      PolicyConditionOperator = "lte"
	Matches  PolicyConditionOperator = "matches"
	Neq      PolicyConditionOperator = "neq"
	NotIn    PolicyConditionOperator = "not_in"
)

Defines values for PolicyConditionOperator.

func (PolicyConditionOperator) Valid 

func (e PolicyConditionOperator) Valid() bool

Valid indicates whether the value is a known member of the PolicyConditionOperator enum.

type PolicyConditionValue0 

type PolicyConditionValue0 = string

PolicyConditionValue0 defines model for .

type PolicyConditionValue1 

type PolicyConditionValue1 = float32

PolicyConditionValue1 defines model for .

type PolicyConditionValue2 

type PolicyConditionValue2 = int

PolicyConditionValue2 defines model for .

type PolicyConditionValue3 

type PolicyConditionValue3 = bool

PolicyConditionValue3 defines model for .

type PolicyConditionValue4 

type PolicyConditionValue4 = []interface{}

PolicyConditionValue4 defines model for .

type PolicyCondition_Value 

type PolicyCondition_Value struct {
	// contains filtered or unexported fields
}

PolicyCondition_Value defines model for PolicyCondition.Value.

func (PolicyCondition_Value) AsPolicyConditionValue0 

func (t PolicyCondition_Value) AsPolicyConditionValue0() (PolicyConditionValue0, error)

AsPolicyConditionValue0 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue0

func (PolicyCondition_Value) AsPolicyConditionValue1 

func (t PolicyCondition_Value) AsPolicyConditionValue1() (PolicyConditionValue1, error)

AsPolicyConditionValue1 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue1

func (PolicyCondition_Value) AsPolicyConditionValue2 

func (t PolicyCondition_Value) AsPolicyConditionValue2() (PolicyConditionValue2, error)

AsPolicyConditionValue2 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue2

func (PolicyCondition_Value) AsPolicyConditionValue3 

func (t PolicyCondition_Value) AsPolicyConditionValue3() (PolicyConditionValue3, error)

AsPolicyConditionValue3 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue3

func (PolicyCondition_Value) AsPolicyConditionValue4 

func (t PolicyCondition_Value) AsPolicyConditionValue4() (PolicyConditionValue4, error)

AsPolicyConditionValue4 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue4

func (*PolicyCondition_Value) FromPolicyConditionValue0 

func (t *PolicyCondition_Value) FromPolicyConditionValue0(v PolicyConditionValue0) error

FromPolicyConditionValue0 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue0

func (*PolicyCondition_Value) FromPolicyConditionValue1 

func (t *PolicyCondition_Value) FromPolicyConditionValue1(v PolicyConditionValue1) error

FromPolicyConditionValue1 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue1

func (*PolicyCondition_Value) FromPolicyConditionValue2 

func (t *PolicyCondition_Value) FromPolicyConditionValue2(v PolicyConditionValue2) error

FromPolicyConditionValue2 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue2

func (*PolicyCondition_Value) FromPolicyConditionValue3 

func (t *PolicyCondition_Value) FromPolicyConditionValue3(v PolicyConditionValue3) error

FromPolicyConditionValue3 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue3

func (*PolicyCondition_Value) FromPolicyConditionValue4 

func (t *PolicyCondition_Value) FromPolicyConditionValue4(v PolicyConditionValue4) error

FromPolicyConditionValue4 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue4

func (PolicyCondition_Value) MarshalJSON 

func (t PolicyCondition_Value) MarshalJSON() ([]byte, error)

func (*PolicyCondition_Value) MergePolicyConditionValue0 

func (t *PolicyCondition_Value) MergePolicyConditionValue0(v PolicyConditionValue0) error

MergePolicyConditionValue0 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue0

func (*PolicyCondition_Value) MergePolicyConditionValue1 

func (t *PolicyCondition_Value) MergePolicyConditionValue1(v PolicyConditionValue1) error

MergePolicyConditionValue1 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue1

func (*PolicyCondition_Value) MergePolicyConditionValue2 

func (t *PolicyCondition_Value) MergePolicyConditionValue2(v PolicyConditionValue2) error

MergePolicyConditionValue2 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue2

func (*PolicyCondition_Value) MergePolicyConditionValue3 

func (t *PolicyCondition_Value) MergePolicyConditionValue3(v PolicyConditionValue3) error

MergePolicyConditionValue3 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue3

func (*PolicyCondition_Value) MergePolicyConditionValue4 

func (t *PolicyCondition_Value) MergePolicyConditionValue4(v PolicyConditionValue4) error

MergePolicyConditionValue4 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue4

func (*PolicyCondition_Value) UnmarshalJSON 

func (t *PolicyCondition_Value) UnmarshalJSON(b []byte) error

type PolicyId 

type PolicyId = string

PolicyId defines model for PolicyId.

type PolicyListResponse 

type PolicyListResponse struct {
	Items      *[]Policy   `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

PolicyListResponse defines model for PolicyListResponse.

type PolicyMatch 

type PolicyMatch struct {
	Explanation   *string `json:"explanation,omitempty"`
	PolicyId      *string `json:"policy_id,omitempty"`
	PolicyVersion *int    `json:"policy_version,omitempty"`
	RuleId        *string `json:"rule_id,omitempty"`
}

PolicyMatch defines model for PolicyMatch.

type PolicyRule 

type PolicyRule struct {
	ApprovalRequirement   *ApprovalRequirement    `json:"approval_requirement,omitempty"`
	Conditions            *[]PolicyCondition      `json:"conditions,omitempty"`
	Description           *string                 `json:"description,omitempty"`
	Effect                PolicyRuleEffect        `json:"effect"`
	ModificationsTemplate *map[string]interface{} `json:"modifications_template,omitempty"`
	Priority              *int                    `json:"priority,omitempty"`
	RuleId                string                  `json:"rule_id"`
}

PolicyRule defines model for PolicyRule.

type PolicyRuleEffect 

type PolicyRuleEffect string

PolicyRuleEffect defines model for PolicyRule.Effect. 

const (
	PolicyRuleEffectAllow                 PolicyRuleEffect = "allow"
	PolicyRuleEffectAllowWithModification PolicyRuleEffect = "allow_with_modification"
	PolicyRuleEffectDeny                  PolicyRuleEffect = "deny"
	PolicyRuleEffectRequireApproval       PolicyRuleEffect = "require_approval"
)

Defines values for PolicyRuleEffect.

func (PolicyRuleEffect) Valid 

func (e PolicyRuleEffect) Valid() bool

Valid indicates whether the value is a known member of the PolicyRuleEffect enum.

type PolicySimulationRequest 

type PolicySimulationRequest struct {
	Action      ActionIntent   `json:"action"`
	Context     *IntentContext `json:"context,omitempty"`
	WorkspaceId string         `json:"workspace_id"`
}

PolicySimulationRequest defines model for PolicySimulationRequest.

type PolicySimulationResponse 

type PolicySimulationResponse struct {
	Decision Decision `json:"decision"`
}

PolicySimulationResponse defines model for PolicySimulationResponse.

type PolicyStatus 

type PolicyStatus string

PolicyStatus defines model for PolicyStatus. 

const (
	PolicyStatusActive   PolicyStatus = "active"
	PolicyStatusArchived PolicyStatus = "archived"
	PolicyStatusDraft    PolicyStatus = "draft"
)

Defines values for PolicyStatus.

func (PolicyStatus) Valid 

func (e PolicyStatus) Valid() bool

Valid indicates whether the value is a known member of the PolicyStatus enum.

type PostChatCompletionsJSONRequestBody 

type PostChatCompletionsJSONRequestBody = ChatCompletionRequest

PostChatCompletionsJSONRequestBody defines body for PostChatCompletions for application/json ContentType.

type PostMessagesJSONRequestBody 

type PostMessagesJSONRequestBody = MessagesRequest

PostMessagesJSONRequestBody defines body for PostMessages for application/json ContentType.

type PreviewActionJSONRequestBody 

type PreviewActionJSONRequestBody = InstallActionRequest

PreviewActionJSONRequestBody defines body for PreviewAction for application/json ContentType.

type PreviewCapabilities 

type PreviewCapabilities struct {
	Credential *struct {
		// Kind Credential kind (`api_key`, `oauth2`).
		Kind string `json:"kind"`

		// Scope Human-readable scope from `[capabilities.credential]
		// scope`. Useful for the CLI's "what does this connector
		// want?" prompt.
		Scope *string `json:"scope,omitempty"`
	} `json:"credential,omitempty"`

	// NetworkHosts `[capabilities.network] hosts`: pinned `host:port` pairs
	// the connector will reach. Order matches the manifest.
	NetworkHosts *[]string `json:"network_hosts,omitempty"`
}

PreviewCapabilities Flattened view of the connector manifest's `[capabilities.*]` blocks. Optional sub-tables that are absent in the manifest are absent here too — the CLI renders only what the connector actually declares.

type PreviewConnectorJSONRequestBody 

type PreviewConnectorJSONRequestBody = InstallConnectorRequest

PreviewConnectorJSONRequestBody defines body for PreviewConnector for application/json ContentType.

type ProcurementAction 

type ProcurementAction struct {
	AmountEstimate         *Money                        `json:"amount_estimate,omitempty"`
	CostCenter             *string                       `json:"cost_center,omitempty"`
	Justification          *string                       `json:"justification,omitempty"`
	LegalReviewRequired    *bool                         `json:"legal_review_required,omitempty"`
	LineItems              *[]LineItem                   `json:"line_items,omitempty"`
	RequestType            *ProcurementActionRequestType `json:"request_type,omitempty"`
	Requestor              *string                       `json:"requestor,omitempty"`
	SecurityReviewRequired *bool                         `json:"security_review_required,omitempty"`
	VendorName             *string                       `json:"vendor_name,omitempty"`
}

ProcurementAction defines model for ProcurementAction.

type ProcurementActionRequestType 

type ProcurementActionRequestType string

ProcurementActionRequestType defines model for ProcurementAction.RequestType. 

const (
	Contractor ProcurementActionRequestType = "contractor"
	Equipment  ProcurementActionRequestType = "equipment"
	Other      ProcurementActionRequestType = "other"
	Services   ProcurementActionRequestType = "services"
	Software   ProcurementActionRequestType = "software"
	Travel     ProcurementActionRequestType = "travel"
)

Defines values for ProcurementActionRequestType.

func (ProcurementActionRequestType) Valid 

func (e ProcurementActionRequestType) Valid() bool

Valid indicates whether the value is a known member of the ProcurementActionRequestType enum.

type ReadCommsMessagesParams 

type ReadCommsMessagesParams struct {
	// Service Filter by service ("slack", "discord", or empty for all).
	Service *string `form:"service,omitempty" json:"service,omitempty"`

	// Channel Filter by channel name, or empty for all channels.
	Channel *string `form:"channel,omitempty" json:"channel,omitempty"`
}

ReadCommsMessagesParams defines parameters for ReadCommsMessages.

type ReadCommsMessagesResponse 

type ReadCommsMessagesResponse struct {
	Messages []CommsMessage `json:"messages"`
}

ReadCommsMessagesResponse Snapshot of unread messages from the daemon's notify queue. Calling this endpoint marks the surfaced messages as read.

type RebindBindingJSONRequestBody 

type RebindBindingJSONRequestBody = RebindRequest

RebindBindingJSONRequestBody defines body for RebindBinding for application/json ContentType.

type RebindRequest 

type RebindRequest struct {
	// Source Per-binding credential source. v1 supports only `api_key`. Setting
	// `kind: oauth2` returns a structured `400` referencing #388.
	Source BindingSource `json:"source"`
}

RebindRequest defines model for RebindRequest.

type Recipient 

type Recipient struct {
	Email openapi_types.Email `json:"email"`
	Name  *string             `json:"name,omitempty"`
}

Recipient defines model for Recipient.

type RequestCommsHTTPJSONRequestBody 

type RequestCommsHTTPJSONRequestBody = RequestCommsHTTPRequest

RequestCommsHTTPJSONRequestBody defines body for RequestCommsHTTP for application/json ContentType.

type RequestCommsHTTPRequest 

type RequestCommsHTTPRequest struct {
	// Body Request body string. Optional.
	Body *string `json:"body,omitempty"`

	// Headers Additional request headers as a JSON object string, e.g.
	// `{"X-Foo":"bar"}`. Optional.
	Headers *string `json:"headers,omitempty"`

	// Method HTTP method (GET, POST, PUT, DELETE, PATCH).
	Method string `json:"method"`

	// Url Target URL.
	Url string `json:"url"`
}

RequestCommsHTTPRequest Request body for `POST /v1/sessions/{id}/comms/http`. The daemon matches `url` against api_key vault entries and injects the matched secret as a Bearer token after the user approves.

type RequiredHeaderError 

type RequiredHeaderError struct {
	ParamName string
	Err       error
}

func (*RequiredHeaderError) Error 

func (e *RequiredHeaderError) Error() string

func (*RequiredHeaderError) Unwrap 

func (e *RequiredHeaderError) Unwrap() error

type RequiredParamError 

type RequiredParamError struct {
	ParamName string
}

func (*RequiredParamError) Error 

func (e *RequiredParamError) Error() string

type RiskLevel 

type RiskLevel string

RiskLevel defines model for RiskLevel. 

const (
	Critical RiskLevel = "critical"
	High     RiskLevel = "high"
	Low      RiskLevel = "low"
	Medium   RiskLevel = "medium"
)

Defines values for RiskLevel.

func (RiskLevel) Valid 

func (e RiskLevel) Valid() bool

Valid indicates whether the value is a known member of the RiskLevel enum.

type RunActionJSONRequestBody 

type RunActionJSONRequestBody = ActionRunRequest

RunActionJSONRequestBody defines body for RunAction for application/json ContentType.

type RunExecutionJSONRequestBody 

type RunExecutionJSONRequestBody = ExecutionRunRequest

RunExecutionJSONRequestBody defines body for RunExecution for application/json ContentType.

type SendCommsMessageJSONRequestBody 

type SendCommsMessageJSONRequestBody = SendCommsMessageRequest

SendCommsMessageJSONRequestBody defines body for SendCommsMessage for application/json ContentType.

type SendCommsMessageRequest 

type SendCommsMessageRequest struct {
	// Body Message text to send.
	Body string `json:"body"`

	// Channel Channel name or ID to send to.
	Channel string `json:"channel"`

	// Service Target service ("slack", "discord").
	Service string `json:"service"`
}

SendCommsMessageRequest Request body for `POST /v1/sessions/{id}/comms/send`. session_id rides in the URL path; the daemon stamps it on the action-approval entry.

type ServeMux 

type ServeMux interface {
	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
	http.Handler
}

ServeMux is an abstraction of http.ServeMux.

type ServerInterface 

type ServerInterface interface {
	// List pending action-level approval requests
	// (GET /v1/action-approvals)
	ListActionApprovals(w http.ResponseWriter, r *http.Request)
	// Stream action-level approval queue events (Server-Sent Events)
	// (GET /v1/action-approvals/watch)
	WatchActionApprovals(w http.ResponseWriter, r *http.Request)
	// Approve or deny a pending action-level approval
	// (POST /v1/action-approvals/{approval_id}/decide)
	DecideActionApproval(w http.ResponseWriter, r *http.Request, approvalId string)
	// Poll an action approval's status and result
	// (GET /v1/action-approvals/{approval_id}/result)
	GetActionApprovalResult(w http.ResponseWriter, r *http.Request, approvalId string)
	// List installed actions
	// (GET /v1/actions)
	ListActions(w http.ResponseWriter, r *http.Request)
	// Install an action template into the user's actions directory
	// (POST /v1/actions/install)
	InstallAction(w http.ResponseWriter, r *http.Request)
	// Preview an action install without committing
	// (POST /v1/actions/preview)
	PreviewAction(w http.ResponseWriter, r *http.Request)
	// Get an installed action by name
	// (GET /v1/actions/{name})
	GetAction(w http.ResponseWriter, r *http.Request, name string)
	// Update an installed action's user-controlled state
	// (PATCH /v1/actions/{name})
	PatchAction(w http.ResponseWriter, r *http.Request, name string)
	// Execute an installed action
	// (POST /v1/actions/{name}/run)
	RunAction(w http.ResponseWriter, r *http.Request, name string)
	// Get analytics summary
	// (GET /v1/analytics/summary)
	GetAnalyticsSummary(w http.ResponseWriter, r *http.Request, params GetAnalyticsSummaryParams)
	// List approval requests
	// (GET /v1/approvals)
	ListApprovals(w http.ResponseWriter, r *http.Request, params ListApprovalsParams)
	// Get an approval request
	// (GET /v1/approvals/{approval_id})
	GetApproval(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Approve an action
	// (POST /v1/approvals/{approval_id}/approve)
	ApproveRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Deny an action
	// (POST /v1/approvals/{approval_id}/deny)
	DenyRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Approve with modifications
	// (POST /v1/approvals/{approval_id}/modify)
	ModifyRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// List audit events
	// (GET /v1/audit)
	ListAudit(w http.ResponseWriter, r *http.Request, params ListAuditParams)
	// Get a single audit event by id
	// (GET /v1/audit/{audit_id})
	GetAudit(w http.ResponseWriter, r *http.Request, auditId string)
	// List capability bindings
	// (GET /v1/bindings)
	ListBindings(w http.ResponseWriter, r *http.Request, params ListBindingsParams)
	// Create one or more bindings for a connector
	// (POST /v1/bindings/setup)
	SetupBindings(w http.ResponseWriter, r *http.Request)
	// Daemon-hosted OAuth2 callback
	// (GET /v1/bindings/setup/oauth2/callback)
	Oauth2BindingCallback(w http.ResponseWriter, r *http.Request, params Oauth2BindingCallbackParams)
	// Complete an OAuth2 binding flow
	// (POST /v1/bindings/setup/oauth2/finish)
	FinishOAuth2Binding(w http.ResponseWriter, r *http.Request)
	// Begin an OAuth2 binding flow
	// (POST /v1/bindings/setup/oauth2/init)
	InitOAuth2Binding(w http.ResponseWriter, r *http.Request)
	// Revoke a binding
	// (DELETE /v1/bindings/{name})
	RevokeBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// Inspect a single binding
	// (GET /v1/bindings/{name})
	GetBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// Replace the credential value of an existing binding
	// (POST /v1/bindings/{name}/rebind)
	RebindBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// OpenAI-compatible chat completions endpoint
	// (POST /v1/chat/completions)
	PostChatCompletions(w http.ResponseWriter, r *http.Request)
	// Initiate OAuth flow to connect an external account
	// (GET /v1/connect/{provider})
	ConnectAccount(w http.ResponseWriter, r *http.Request, provider string, params ConnectAccountParams)
	// Handle OAuth callback for account connection
	// (GET /v1/connect/{provider}/callback)
	ConnectAccountCallback(w http.ResponseWriter, r *http.Request, provider string, params ConnectAccountCallbackParams)
	// List the current user's connected external accounts
	// (GET /v1/connected-accounts)
	ListConnectedAccounts(w http.ResponseWriter, r *http.Request)
	// Disconnect an external account
	// (DELETE /v1/connected-accounts/{id})
	DeleteConnectedAccount(w http.ResponseWriter, r *http.Request, id string)
	// Get a connected account
	// (GET /v1/connected-accounts/{id})
	GetConnectedAccount(w http.ResponseWriter, r *http.Request, id string)
	// List connectors
	// (GET /v1/connectors)
	ListConnectors(w http.ResponseWriter, r *http.Request, params ListConnectorsParams)
	// Register a connector
	// (POST /v1/connectors)
	CreateConnector(w http.ResponseWriter, r *http.Request)
	// Check installed connectors for newer versions
	// (GET /v1/connectors/check)
	CheckConnectors(w http.ResponseWriter, r *http.Request, params CheckConnectorsParams)
	// Install a connector into the content-addressed store
	// (POST /v1/connectors/install)
	InstallConnector(w http.ResponseWriter, r *http.Request)
	// Preview a connector install without committing
	// (POST /v1/connectors/preview)
	PreviewConnector(w http.ResponseWriter, r *http.Request)
	// Get a connector
	// (GET /v1/connectors/{connector_id})
	GetConnector(w http.ResponseWriter, r *http.Request, connectorId ConnectorId)
	// Update a connector
	// (PATCH /v1/connectors/{connector_id})
	UpdateConnector(w http.ResponseWriter, r *http.Request, connectorId ConnectorId)
	// List credential references
	// (GET /v1/credentials)
	ListCredentials(w http.ResponseWriter, r *http.Request, params ListCredentialsParams)
	// Register a credential reference
	// (POST /v1/credentials)
	CreateCredential(w http.ResponseWriter, r *http.Request)
	// Get current enterprise
	// (GET /v1/enterprises/me)
	GetCurrentEnterprise(w http.ResponseWriter, r *http.Request)
	// Update current enterprise
	// (PATCH /v1/enterprises/me)
	UpdateCurrentEnterprise(w http.ResponseWriter, r *http.Request)
	// Get an execution grant
	// (GET /v1/execution-grants/{grant_id})
	GetExecutionGrant(w http.ResponseWriter, r *http.Request, grantId GrantId)
	// Execute an approved action
	// (POST /v1/executions/run)
	RunExecution(w http.ResponseWriter, r *http.Request)
	// Get execution status
	// (GET /v1/executions/{execution_id})
	GetExecution(w http.ResponseWriter, r *http.Request, executionId ExecutionId)
	// Post execution callback
	// (POST /v1/executions/{execution_id}/callback)
	ExecutionCallback(w http.ResponseWriter, r *http.Request, executionId ExecutionId)
	// List funding sources
	// (GET /v1/funding-sources)
	ListFundingSources(w http.ResponseWriter, r *http.Request, params ListFundingSourcesParams)
	// Create a funding source
	// (POST /v1/funding-sources)
	CreateFundingSource(w http.ResponseWriter, r *http.Request)
	// Get service health
	// (GET /v1/health)
	GetHealth(w http.ResponseWriter, r *http.Request)
	// Look up a single Hub action entry by FQN
	// (GET /v1/hub/action)
	GetHubAction(w http.ResponseWriter, r *http.Request, params GetHubActionParams)
	// Composite install-decision payload for an action install
	// (GET /v1/hub/action-install-decision)
	GetHubActionInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubActionInstallDecisionParams)
	// List Hub action entries
	// (GET /v1/hub/actions)
	ListHubActions(w http.ResponseWriter, r *http.Request, params ListHubActionsParams)
	// Look up a single Hub connector entry by FQN
	// (GET /v1/hub/connector)
	GetHubConnector(w http.ResponseWriter, r *http.Request, params GetHubConnectorParams)
	// List Hub connector entries
	// (GET /v1/hub/connectors)
	ListHubConnectors(w http.ResponseWriter, r *http.Request, params ListHubConnectorsParams)
	// Pre-computed install-decision payload for a Hub connector
	// (GET /v1/hub/install-decision)
	GetHubInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubInstallDecisionParams)
	// Look up a single Hub suite entry by FQN
	// (GET /v1/hub/suite)
	GetHubSuite(w http.ResponseWriter, r *http.Request, params GetHubSuiteParams)
	// Composite install-decision payload for a suite install
	// (GET /v1/hub/suite-install-decision)
	GetHubSuiteInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubSuiteInstallDecisionParams)
	// List Hub suite entries
	// (GET /v1/hub/suites)
	ListHubSuites(w http.ResponseWriter, r *http.Request, params ListHubSuitesParams)
	// List intents
	// (GET /v1/intents)
	ListIntents(w http.ResponseWriter, r *http.Request, params ListIntentsParams)
	// Submit a new action intent
	// (POST /v1/intents)
	CreateIntent(w http.ResponseWriter, r *http.Request)
	// Get an intent
	// (GET /v1/intents/{intent_id})
	GetIntent(w http.ResponseWriter, r *http.Request, intentId IntentId)
	// Attach evidence to an intent
	// (POST /v1/intents/{intent_id}/evidence)
	AppendIntentEvidence(w http.ResponseWriter, r *http.Request, intentId IntentId)
	// Anthropic-compatible messages endpoint
	// (POST /v1/messages)
	PostMessages(w http.ResponseWriter, r *http.Request)
	// List policies
	// (GET /v1/policies)
	ListPolicies(w http.ResponseWriter, r *http.Request, params ListPoliciesParams)
	// Create a policy
	// (POST /v1/policies)
	CreatePolicy(w http.ResponseWriter, r *http.Request)
	// Simulate policy evaluation
	// (POST /v1/policies/simulate)
	SimulatePolicy(w http.ResponseWriter, r *http.Request)
	// Get a policy
	// (GET /v1/policies/{policy_id})
	GetPolicy(w http.ResponseWriter, r *http.Request, policyId PolicyId)
	// Update a policy
	// (PATCH /v1/policies/{policy_id})
	UpdatePolicy(w http.ResponseWriter, r *http.Request, policyId PolicyId)
	// List launch sessions
	// (GET /v1/sessions)
	ListSessions(w http.ResponseWriter, r *http.Request, params ListSessionsParams)
	// Register a new launch session
	// (POST /v1/sessions)
	CreateSession(w http.ResponseWriter, r *http.Request)
	// Get a launch session by id
	// (GET /v1/sessions/{session_id})
	GetSession(w http.ResponseWriter, r *http.Request, sessionId string)
	// Submit a draft reply for user review
	// (POST /v1/sessions/{session_id}/comms/draft)
	DraftCommsReply(w http.ResponseWriter, r *http.Request, sessionId string)
	// Issue an authenticated HTTP request with user approval
	// (POST /v1/sessions/{session_id}/comms/http)
	RequestCommsHTTP(w http.ResponseWriter, r *http.Request, sessionId string)
	// Read pending messages from communication channels
	// (GET /v1/sessions/{session_id}/comms/messages)
	ReadCommsMessages(w http.ResponseWriter, r *http.Request, sessionId string, params ReadCommsMessagesParams)
	// Request user approval to send a message
	// (POST /v1/sessions/{session_id}/comms/send)
	SendCommsMessage(w http.ResponseWriter, r *http.Request, sessionId string)
	// Mark a launch session ended
	// (POST /v1/sessions/{session_id}/end)
	EndSession(w http.ResponseWriter, r *http.Request, sessionId string)
	// Get runtime status (version, listen address, action / connector / binding counts, vault state)
	// (GET /v1/status)
	GetStatus(w http.ResponseWriter, r *http.Request)
	// Reconcile installed actions with their declared connector dependencies
	// (POST /v1/sync)
	Sync(w http.ResponseWriter, r *http.Request)
	// Initiate remote attestation
	// (POST /v1/tee/attestation)
	InitiateAttestation(w http.ResponseWriter, r *http.Request)
	// Get JWKS for attestation token verification
	// (GET /v1/tee/jwks)
	GetTeeJwks(w http.ResponseWriter, r *http.Request)
	// Establish TEE session and transmit KEK
	// (POST /v1/tee/session)
	EstablishTeeSession(w http.ResponseWriter, r *http.Request)
	// Get TEE status
	// (GET /v1/tee/status)
	GetTeeStatus(w http.ResponseWriter, r *http.Request)
	// List traces
	// (GET /v1/traces)
	ListTraces(w http.ResponseWriter, r *http.Request, params ListTracesParams)
	// Get current user
	// (GET /v1/users/me)
	GetCurrentUser(w http.ResponseWriter, r *http.Request)
	// Update current user
	// (PATCH /v1/users/me)
	UpdateCurrentUser(w http.ResponseWriter, r *http.Request)
	// Disconnect an auth provider
	// (DELETE /v1/users/me/auth-providers/{provider})
	DisconnectAuthProvider(w http.ResponseWriter, r *http.Request, provider string)
	// Set or rotate vault passphrase
	// (POST /v1/users/me/passphrase)
	SetPassphrase(w http.ResponseWriter, r *http.Request)
	// Lock vault and clear cached KEK
	// (POST /v1/users/me/passphrase/lock)
	LockVault(w http.ResponseWriter, r *http.Request)
	// Get passphrase salt
	// (GET /v1/users/me/passphrase/salt)
	GetPassphraseSalt(w http.ResponseWriter, r *http.Request)
	// Unlock vault with passphrase-derived KEK
	// (POST /v1/users/me/passphrase/unlock)
	UnlockVault(w http.ResponseWriter, r *http.Request)
	// Get KEK verification blob
	// (GET /v1/users/me/passphrase/verification)
	GetPassphraseVerification(w http.ResponseWriter, r *http.Request)
	// Get vault lock status
	// (GET /v1/users/me/vault/status)
	GetVaultStatus(w http.ResponseWriter, r *http.Request)
	// Get local vault lock status
	// (GET /v1/vault/status)
	GetLocalVaultStatus(w http.ResponseWriter, r *http.Request)
	// Unlock the local vault with a passphrase
	// (POST /v1/vault/unlock)
	UnlockLocalVault(w http.ResponseWriter, r *http.Request)
}

ServerInterface represents all server handlers.

type ServerInterfaceWrapper 

type ServerInterfaceWrapper struct {
	Handler            ServerInterface
	HandlerMiddlewares []MiddlewareFunc
	ErrorHandlerFunc   func(w http.ResponseWriter, r *http.Request, err error)
}

ServerInterfaceWrapper converts contexts to parameters.

func (*ServerInterfaceWrapper) AppendIntentEvidence 

func (siw *ServerInterfaceWrapper) AppendIntentEvidence(w http.ResponseWriter, r *http.Request)

AppendIntentEvidence operation middleware

func (*ServerInterfaceWrapper) ApproveRequest 

func (siw *ServerInterfaceWrapper) ApproveRequest(w http.ResponseWriter, r *http.Request)

ApproveRequest operation middleware

func (*ServerInterfaceWrapper) CheckConnectors 

func (siw *ServerInterfaceWrapper) CheckConnectors(w http.ResponseWriter, r *http.Request)

CheckConnectors operation middleware

func (*ServerInterfaceWrapper) ConnectAccount 

func (siw *ServerInterfaceWrapper) ConnectAccount(w http.ResponseWriter, r *http.Request)

ConnectAccount operation middleware

func (*ServerInterfaceWrapper) ConnectAccountCallback 

func (siw *ServerInterfaceWrapper) ConnectAccountCallback(w http.ResponseWriter, r *http.Request)

ConnectAccountCallback operation middleware

func (*ServerInterfaceWrapper) CreateConnector 

func (siw *ServerInterfaceWrapper) CreateConnector(w http.ResponseWriter, r *http.Request)

CreateConnector operation middleware

func (*ServerInterfaceWrapper) CreateCredential 

func (siw *ServerInterfaceWrapper) CreateCredential(w http.ResponseWriter, r *http.Request)

CreateCredential operation middleware

func (*ServerInterfaceWrapper) CreateFundingSource 

func (siw *ServerInterfaceWrapper) CreateFundingSource(w http.ResponseWriter, r *http.Request)

CreateFundingSource operation middleware

func (*ServerInterfaceWrapper) CreateIntent 

func (siw *ServerInterfaceWrapper) CreateIntent(w http.ResponseWriter, r *http.Request)

CreateIntent operation middleware

func (*ServerInterfaceWrapper) CreatePolicy 

func (siw *ServerInterfaceWrapper) CreatePolicy(w http.ResponseWriter, r *http.Request)

CreatePolicy operation middleware

func (*ServerInterfaceWrapper) CreateSession 

func (siw *ServerInterfaceWrapper) CreateSession(w http.ResponseWriter, r *http.Request)

CreateSession operation middleware

func (*ServerInterfaceWrapper) DecideActionApproval 

func (siw *ServerInterfaceWrapper) DecideActionApproval(w http.ResponseWriter, r *http.Request)

DecideActionApproval operation middleware

func (*ServerInterfaceWrapper) DeleteConnectedAccount 

func (siw *ServerInterfaceWrapper) DeleteConnectedAccount(w http.ResponseWriter, r *http.Request)

DeleteConnectedAccount operation middleware

func (*ServerInterfaceWrapper) DenyRequest 

func (siw *ServerInterfaceWrapper) DenyRequest(w http.ResponseWriter, r *http.Request)

DenyRequest operation middleware

func (*ServerInterfaceWrapper) DisconnectAuthProvider 

func (siw *ServerInterfaceWrapper) DisconnectAuthProvider(w http.ResponseWriter, r *http.Request)

DisconnectAuthProvider operation middleware

func (*ServerInterfaceWrapper) DraftCommsReply 

func (siw *ServerInterfaceWrapper) DraftCommsReply(w http.ResponseWriter, r *http.Request)

DraftCommsReply operation middleware

func (*ServerInterfaceWrapper) EndSession 

func (siw *ServerInterfaceWrapper) EndSession(w http.ResponseWriter, r *http.Request)

EndSession operation middleware

func (*ServerInterfaceWrapper) EstablishTeeSession 

func (siw *ServerInterfaceWrapper) EstablishTeeSession(w http.ResponseWriter, r *http.Request)

EstablishTeeSession operation middleware

func (*ServerInterfaceWrapper) ExecutionCallback 

func (siw *ServerInterfaceWrapper) ExecutionCallback(w http.ResponseWriter, r *http.Request)

ExecutionCallback operation middleware

func (*ServerInterfaceWrapper) FinishOAuth2Binding 

func (siw *ServerInterfaceWrapper) FinishOAuth2Binding(w http.ResponseWriter, r *http.Request)

FinishOAuth2Binding operation middleware

func (*ServerInterfaceWrapper) GetAction 

func (siw *ServerInterfaceWrapper) GetAction(w http.ResponseWriter, r *http.Request)

GetAction operation middleware

func (*ServerInterfaceWrapper) GetActionApprovalResult 

func (siw *ServerInterfaceWrapper) GetActionApprovalResult(w http.ResponseWriter, r *http.Request)

GetActionApprovalResult operation middleware

func (*ServerInterfaceWrapper) GetAnalyticsSummary 

func (siw *ServerInterfaceWrapper) GetAnalyticsSummary(w http.ResponseWriter, r *http.Request)

GetAnalyticsSummary operation middleware

func (*ServerInterfaceWrapper) GetApproval 

func (siw *ServerInterfaceWrapper) GetApproval(w http.ResponseWriter, r *http.Request)

GetApproval operation middleware

func (*ServerInterfaceWrapper) GetAudit 

func (siw *ServerInterfaceWrapper) GetAudit(w http.ResponseWriter, r *http.Request)

GetAudit operation middleware

func (*ServerInterfaceWrapper) GetBinding 

func (siw *ServerInterfaceWrapper) GetBinding(w http.ResponseWriter, r *http.Request)

GetBinding operation middleware

func (*ServerInterfaceWrapper) GetConnectedAccount 

func (siw *ServerInterfaceWrapper) GetConnectedAccount(w http.ResponseWriter, r *http.Request)

GetConnectedAccount operation middleware

func (*ServerInterfaceWrapper) GetConnector 

func (siw *ServerInterfaceWrapper) GetConnector(w http.ResponseWriter, r *http.Request)

GetConnector operation middleware

func (*ServerInterfaceWrapper) GetCurrentEnterprise 

func (siw *ServerInterfaceWrapper) GetCurrentEnterprise(w http.ResponseWriter, r *http.Request)

GetCurrentEnterprise operation middleware

func (*ServerInterfaceWrapper) GetCurrentUser 

func (siw *ServerInterfaceWrapper) GetCurrentUser(w http.ResponseWriter, r *http.Request)

GetCurrentUser operation middleware

func (*ServerInterfaceWrapper) GetExecution 

func (siw *ServerInterfaceWrapper) GetExecution(w http.ResponseWriter, r *http.Request)

GetExecution operation middleware

func (*ServerInterfaceWrapper) GetExecutionGrant 

func (siw *ServerInterfaceWrapper) GetExecutionGrant(w http.ResponseWriter, r *http.Request)

GetExecutionGrant operation middleware

func (*ServerInterfaceWrapper) GetHealth 

func (siw *ServerInterfaceWrapper) GetHealth(w http.ResponseWriter, r *http.Request)

GetHealth operation middleware

func (*ServerInterfaceWrapper) GetHubAction 

func (siw *ServerInterfaceWrapper) GetHubAction(w http.ResponseWriter, r *http.Request)

GetHubAction operation middleware

func (*ServerInterfaceWrapper) GetHubActionInstallDecision 

func (siw *ServerInterfaceWrapper) GetHubActionInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubActionInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetHubConnector 

func (siw *ServerInterfaceWrapper) GetHubConnector(w http.ResponseWriter, r *http.Request)

GetHubConnector operation middleware

func (*ServerInterfaceWrapper) GetHubInstallDecision 

func (siw *ServerInterfaceWrapper) GetHubInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetHubSuite 

func (siw *ServerInterfaceWrapper) GetHubSuite(w http.ResponseWriter, r *http.Request)

GetHubSuite operation middleware

func (*ServerInterfaceWrapper) GetHubSuiteInstallDecision 

func (siw *ServerInterfaceWrapper) GetHubSuiteInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubSuiteInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetIntent 

func (siw *ServerInterfaceWrapper) GetIntent(w http.ResponseWriter, r *http.Request)

GetIntent operation middleware

func (*ServerInterfaceWrapper) GetLocalVaultStatus 

func (siw *ServerInterfaceWrapper) GetLocalVaultStatus(w http.ResponseWriter, r *http.Request)

GetLocalVaultStatus operation middleware

func (*ServerInterfaceWrapper) GetPassphraseSalt 

func (siw *ServerInterfaceWrapper) GetPassphraseSalt(w http.ResponseWriter, r *http.Request)

GetPassphraseSalt operation middleware

func (*ServerInterfaceWrapper) GetPassphraseVerification 

func (siw *ServerInterfaceWrapper) GetPassphraseVerification(w http.ResponseWriter, r *http.Request)

GetPassphraseVerification operation middleware

func (*ServerInterfaceWrapper) GetPolicy 

func (siw *ServerInterfaceWrapper) GetPolicy(w http.ResponseWriter, r *http.Request)

GetPolicy operation middleware

func (*ServerInterfaceWrapper) GetSession 

func (siw *ServerInterfaceWrapper) GetSession(w http.ResponseWriter, r *http.Request)

GetSession operation middleware

func (*ServerInterfaceWrapper) GetStatus 

func (siw *ServerInterfaceWrapper) GetStatus(w http.ResponseWriter, r *http.Request)

GetStatus operation middleware

func (*ServerInterfaceWrapper) GetTeeJwks 

func (siw *ServerInterfaceWrapper) GetTeeJwks(w http.ResponseWriter, r *http.Request)

GetTeeJwks operation middleware

func (*ServerInterfaceWrapper) GetTeeStatus 

func (siw *ServerInterfaceWrapper) GetTeeStatus(w http.ResponseWriter, r *http.Request)

GetTeeStatus operation middleware

func (*ServerInterfaceWrapper) GetVaultStatus 

func (siw *ServerInterfaceWrapper) GetVaultStatus(w http.ResponseWriter, r *http.Request)

GetVaultStatus operation middleware

func (*ServerInterfaceWrapper) InitOAuth2Binding 

func (siw *ServerInterfaceWrapper) InitOAuth2Binding(w http.ResponseWriter, r *http.Request)

InitOAuth2Binding operation middleware

func (*ServerInterfaceWrapper) InitiateAttestation 

func (siw *ServerInterfaceWrapper) InitiateAttestation(w http.ResponseWriter, r *http.Request)

InitiateAttestation operation middleware

func (*ServerInterfaceWrapper) InstallAction 

func (siw *ServerInterfaceWrapper) InstallAction(w http.ResponseWriter, r *http.Request)

InstallAction operation middleware

func (*ServerInterfaceWrapper) InstallConnector 

func (siw *ServerInterfaceWrapper) InstallConnector(w http.ResponseWriter, r *http.Request)

InstallConnector operation middleware

func (*ServerInterfaceWrapper) ListActionApprovals 

func (siw *ServerInterfaceWrapper) ListActionApprovals(w http.ResponseWriter, r *http.Request)

ListActionApprovals operation middleware

func (*ServerInterfaceWrapper) ListActions 

func (siw *ServerInterfaceWrapper) ListActions(w http.ResponseWriter, r *http.Request)

ListActions operation middleware

func (*ServerInterfaceWrapper) ListApprovals 

func (siw *ServerInterfaceWrapper) ListApprovals(w http.ResponseWriter, r *http.Request)

ListApprovals operation middleware

func (*ServerInterfaceWrapper) ListAudit 

func (siw *ServerInterfaceWrapper) ListAudit(w http.ResponseWriter, r *http.Request)

ListAudit operation middleware

func (*ServerInterfaceWrapper) ListBindings 

func (siw *ServerInterfaceWrapper) ListBindings(w http.ResponseWriter, r *http.Request)

ListBindings operation middleware

func (*ServerInterfaceWrapper) ListConnectedAccounts 

func (siw *ServerInterfaceWrapper) ListConnectedAccounts(w http.ResponseWriter, r *http.Request)

ListConnectedAccounts operation middleware

func (*ServerInterfaceWrapper) ListConnectors 

func (siw *ServerInterfaceWrapper) ListConnectors(w http.ResponseWriter, r *http.Request)

ListConnectors operation middleware

func (*ServerInterfaceWrapper) ListCredentials 

func (siw *ServerInterfaceWrapper) ListCredentials(w http.ResponseWriter, r *http.Request)

ListCredentials operation middleware

func (*ServerInterfaceWrapper) ListFundingSources 

func (siw *ServerInterfaceWrapper) ListFundingSources(w http.ResponseWriter, r *http.Request)

ListFundingSources operation middleware

func (*ServerInterfaceWrapper) ListHubActions 

func (siw *ServerInterfaceWrapper) ListHubActions(w http.ResponseWriter, r *http.Request)

ListHubActions operation middleware

func (*ServerInterfaceWrapper) ListHubConnectors 

func (siw *ServerInterfaceWrapper) ListHubConnectors(w http.ResponseWriter, r *http.Request)

ListHubConnectors operation middleware

func (*ServerInterfaceWrapper) ListHubSuites 

func (siw *ServerInterfaceWrapper) ListHubSuites(w http.ResponseWriter, r *http.Request)

ListHubSuites operation middleware

func (*ServerInterfaceWrapper) ListIntents 

func (siw *ServerInterfaceWrapper) ListIntents(w http.ResponseWriter, r *http.Request)

ListIntents operation middleware

func (*ServerInterfaceWrapper) ListPolicies 

func (siw *ServerInterfaceWrapper) ListPolicies(w http.ResponseWriter, r *http.Request)

ListPolicies operation middleware

func (*ServerInterfaceWrapper) ListSessions 

func (siw *ServerInterfaceWrapper) ListSessions(w http.ResponseWriter, r *http.Request)

ListSessions operation middleware

func (*ServerInterfaceWrapper) ListTraces 

func (siw *ServerInterfaceWrapper) ListTraces(w http.ResponseWriter, r *http.Request)

ListTraces operation middleware

func (*ServerInterfaceWrapper) LockVault 

func (siw *ServerInterfaceWrapper) LockVault(w http.ResponseWriter, r *http.Request)

LockVault operation middleware

func (*ServerInterfaceWrapper) ModifyRequest 

func (siw *ServerInterfaceWrapper) ModifyRequest(w http.ResponseWriter, r *http.Request)

ModifyRequest operation middleware

func (*ServerInterfaceWrapper) Oauth2BindingCallback 

func (siw *ServerInterfaceWrapper) Oauth2BindingCallback(w http.ResponseWriter, r *http.Request)

Oauth2BindingCallback operation middleware

func (*ServerInterfaceWrapper) PatchAction 

func (siw *ServerInterfaceWrapper) PatchAction(w http.ResponseWriter, r *http.Request)

PatchAction operation middleware

func (*ServerInterfaceWrapper) PostChatCompletions 

func (siw *ServerInterfaceWrapper) PostChatCompletions(w http.ResponseWriter, r *http.Request)

PostChatCompletions operation middleware

func (*ServerInterfaceWrapper) PostMessages 

func (siw *ServerInterfaceWrapper) PostMessages(w http.ResponseWriter, r *http.Request)

PostMessages operation middleware

func (*ServerInterfaceWrapper) PreviewAction 

func (siw *ServerInterfaceWrapper) PreviewAction(w http.ResponseWriter, r *http.Request)

PreviewAction operation middleware

func (*ServerInterfaceWrapper) PreviewConnector 

func (siw *ServerInterfaceWrapper) PreviewConnector(w http.ResponseWriter, r *http.Request)

PreviewConnector operation middleware

func (*ServerInterfaceWrapper) ReadCommsMessages 

func (siw *ServerInterfaceWrapper) ReadCommsMessages(w http.ResponseWriter, r *http.Request)

ReadCommsMessages operation middleware

func (*ServerInterfaceWrapper) RebindBinding 

func (siw *ServerInterfaceWrapper) RebindBinding(w http.ResponseWriter, r *http.Request)

RebindBinding operation middleware

func (*ServerInterfaceWrapper) RequestCommsHTTP 

func (siw *ServerInterfaceWrapper) RequestCommsHTTP(w http.ResponseWriter, r *http.Request)

RequestCommsHTTP operation middleware

func (*ServerInterfaceWrapper) RevokeBinding 

func (siw *ServerInterfaceWrapper) RevokeBinding(w http.ResponseWriter, r *http.Request)

RevokeBinding operation middleware

func (*ServerInterfaceWrapper) RunAction 

func (siw *ServerInterfaceWrapper) RunAction(w http.ResponseWriter, r *http.Request)

RunAction operation middleware

func (*ServerInterfaceWrapper) RunExecution 

func (siw *ServerInterfaceWrapper) RunExecution(w http.ResponseWriter, r *http.Request)

RunExecution operation middleware

func (*ServerInterfaceWrapper) SendCommsMessage 

func (siw *ServerInterfaceWrapper) SendCommsMessage(w http.ResponseWriter, r *http.Request)

SendCommsMessage operation middleware

func (*ServerInterfaceWrapper) SetPassphrase 

func (siw *ServerInterfaceWrapper) SetPassphrase(w http.ResponseWriter, r *http.Request)

SetPassphrase operation middleware

func (*ServerInterfaceWrapper) SetupBindings 

func (siw *ServerInterfaceWrapper) SetupBindings(w http.ResponseWriter, r *http.Request)

SetupBindings operation middleware

func (*ServerInterfaceWrapper) SimulatePolicy 

func (siw *ServerInterfaceWrapper) SimulatePolicy(w http.ResponseWriter, r *http.Request)

SimulatePolicy operation middleware

func (*ServerInterfaceWrapper) Sync 

func (siw *ServerInterfaceWrapper) Sync(w http.ResponseWriter, r *http.Request)

Sync operation middleware

func (*ServerInterfaceWrapper) UnlockLocalVault 

func (siw *ServerInterfaceWrapper) UnlockLocalVault(w http.ResponseWriter, r *http.Request)

UnlockLocalVault operation middleware

func (*ServerInterfaceWrapper) UnlockVault 

func (siw *ServerInterfaceWrapper) UnlockVault(w http.ResponseWriter, r *http.Request)

UnlockVault operation middleware

func (*ServerInterfaceWrapper) UpdateConnector 

func (siw *ServerInterfaceWrapper) UpdateConnector(w http.ResponseWriter, r *http.Request)

UpdateConnector operation middleware

func (*ServerInterfaceWrapper) UpdateCurrentEnterprise 

func (siw *ServerInterfaceWrapper) UpdateCurrentEnterprise(w http.ResponseWriter, r *http.Request)

UpdateCurrentEnterprise operation middleware

func (*ServerInterfaceWrapper) UpdateCurrentUser 

func (siw *ServerInterfaceWrapper) UpdateCurrentUser(w http.ResponseWriter, r *http.Request)

UpdateCurrentUser operation middleware

func (*ServerInterfaceWrapper) UpdatePolicy 

func (siw *ServerInterfaceWrapper) UpdatePolicy(w http.ResponseWriter, r *http.Request)

UpdatePolicy operation middleware

func (*ServerInterfaceWrapper) WatchActionApprovals 

func (siw *ServerInterfaceWrapper) WatchActionApprovals(w http.ResponseWriter, r *http.Request)

WatchActionApprovals operation middleware

type Session 

type Session struct {
	// Agent Agent name (e.g. "claude", "pi").
	Agent   string     `json:"agent"`
	EndedAt *time.Time `json:"ended_at,omitempty"`

	// ExitCode Agent process exit code, or null when ended_at is set but the daemon never observed a clean exit (orphaned).
	ExitCode *int `json:"exit_code,omitempty"`

	// Id ULID-based session identifier; time-sortable lexicographically.
	Id        string    `json:"id"`
	StartedAt time.Time `json:"started_at"`

	// WorkingDir The directory aileron launch was invoked from.
	WorkingDir string `json:"working_dir"`
}

Session One record of an `aileron launch` agent invocation, owned by the daemon under ADR-0012. (started_at, ended_at, exit_code) encode three states:

  • running: ended_at == null
  • ended cleanly: ended_at != null && exit_code != null
  • orphaned: ended_at != null && exit_code == null (daemon restart while session was running)

type SessionListResponse 

type SessionListResponse struct {
	Items []Session `json:"items"`
}

SessionListResponse defines model for SessionListResponse.

type SetPassphraseJSONRequestBody 

type SetPassphraseJSONRequestBody = SetPassphraseRequest

SetPassphraseJSONRequestBody defines body for SetPassphrase for application/json ContentType.

type SetPassphraseRequest 

type SetPassphraseRequest struct {
	// KekVerification Verification constant encrypted with the client-derived KEK (base64)
	KekVerification []byte `json:"kek_verification"`

	// Salt Base64-encoded 16-byte Argon2id salt generated by the client
	Salt []byte `json:"salt"`
}

SetPassphraseRequest defines model for SetPassphraseRequest.

type SetupBindingsJSONRequestBody 

type SetupBindingsJSONRequestBody = BindingSetupRequest

SetupBindingsJSONRequestBody defines body for SetupBindings for application/json ContentType.

type SimulatePolicyJSONRequestBody 

type SimulatePolicyJSONRequestBody = PolicySimulationRequest

SimulatePolicyJSONRequestBody defines body for SimulatePolicy for application/json ContentType.

type StaleBinding 

type StaleBinding struct {
	// ConnectorFqn FQN of the connector this binding is anchored to.
	ConnectorFqn string `json:"connector_fqn"`

	// MissingScopes Scopes the binding lacks (for `scope_drift` only). Empty
	// for `no_grant_record`.
	MissingScopes *[]string `json:"missing_scopes,omitempty"`

	// Name Canonical binding name (`kind/service/identity`).
	Name string `json:"name"`

	// Service Human-readable service label from the binding ("Google",
	// "Slack"). The CLI uses this in the prompt; clients fall
	// back to `connector_fqn` when empty.
	Service *string `json:"service,omitempty"`

	// StaleReason Why the binding is stale. `scope_drift` — manifest demands a
	// scope the recorded grant lacks; the prompt names the missing
	// scopes. `no_grant_record` — binding predates scope tracking
	// and needs one reauthorize so the daemon can record what was
	// granted; no specific scopes to list.
	StaleReason StaleBindingStaleReason `json:"stale_reason"`
}

StaleBinding Describes one binding the scope-drift hook (#726/#729) marked `stale` on an install. Returned on install API responses (#741) so the CLI/webapp can offer to reauthorize inline.

type StaleBindingStaleReason 

type StaleBindingStaleReason string

StaleBindingStaleReason Why the binding is stale. `scope_drift` — manifest demands a scope the recorded grant lacks; the prompt names the missing scopes. `no_grant_record` — binding predates scope tracking and needs one reauthorize so the daemon can record what was granted; no specific scopes to list. 

const (
	StaleBindingStaleReasonNoGrantRecord StaleBindingStaleReason = "no_grant_record"
	StaleBindingStaleReasonScopeDrift    StaleBindingStaleReason = "scope_drift"
)

Defines values for StaleBindingStaleReason.

func (StaleBindingStaleReason) Valid 

func (e StaleBindingStaleReason) Valid() bool

Valid indicates whether the value is a known member of the StaleBindingStaleReason enum.

type StatusResponse 

type StatusResponse struct {
	// ActionCount Number of installed actions in `~/.aileron/actions/`.
	ActionCount int `json:"action_count"`

	// BindingCount Number of credential bindings in the vault. Surfaced as
	// metadata-only — the vault doesn't have to be unlocked
	// to count them.
	BindingCount int `json:"binding_count"`

	// Commit Short git commit the daemon was built from. May be empty for unstamped builds.
	Commit *string `json:"commit,omitempty"`

	// ConnectorCount Number of connector tarballs in the content-addressed
	// store (`~/.aileron/store/connectors/sha256/`).
	ConnectorCount int `json:"connector_count"`

	// GatewayUrl URL of the embedded gateway, when running under
	// `aileron launch`. Empty for standalone-server invocations.
	GatewayUrl *string `json:"gateway_url,omitempty"`

	// ListenAddr Address the daemon is listening on (e.g. `127.0.0.1:54321`).
	// Best-effort; empty when the runtime can't introspect its
	// own listener (most embedded contexts).
	ListenAddr *string `json:"listen_addr,omitempty"`

	// SessionId Launch session id when the daemon is part of an
	// `aileron launch` session. Empty otherwise.
	SessionId *string `json:"session_id,omitempty"`

	// VaultState `missing` — no vault file at the canonical path.
	// `locked` — file exists but the daemon hasn't unlocked it.
	// `unlocked` — daemon holds the KEK; bindings are resolvable.
	// `dev` — daemon is using the in-memory dev-mode vault
	// (random per-process KEK; not the persistent file).
	VaultState StatusResponseVaultState `json:"vault_state"`

	// Version Daemon version string (matches `aileron version`).
	Version string `json:"version"`
}

StatusResponse Operational snapshot returned by `GET /v1/status`. Surfaced through the `aileron status` CLI and the `/aileron status` agent slash-command. Read-only; safe to poll.

type StatusResponseVaultState 

type StatusResponseVaultState string

StatusResponseVaultState `missing` — no vault file at the canonical path. `locked` — file exists but the daemon hasn't unlocked it. `unlocked` — daemon holds the KEK; bindings are resolvable. `dev` — daemon is using the in-memory dev-mode vault (random per-process KEK; not the persistent file). 

const (
	StatusResponseVaultStateDev      StatusResponseVaultState = "dev"
	StatusResponseVaultStateLocked   StatusResponseVaultState = "locked"
	StatusResponseVaultStateMissing  StatusResponseVaultState = "missing"
	StatusResponseVaultStateUnlocked StatusResponseVaultState = "unlocked"
)

Defines values for StatusResponseVaultState.

func (StatusResponseVaultState) Valid 

func (e StatusResponseVaultState) Valid() bool

Valid indicates whether the value is a known member of the StatusResponseVaultState enum.

type StdHTTPServerOptions 

type StdHTTPServerOptions struct {
	BaseURL          string
	BaseRouter       ServeMux
	Middlewares      []MiddlewareFunc
	ErrorHandlerFunc func(w http.ResponseWriter, r *http.Request, err error)
}

type SyncJSONRequestBody 

type SyncJSONRequestBody = SyncRequest

SyncJSONRequestBody defines body for Sync for application/json ContentType.

type SyncRequest 

type SyncRequest struct {
	// AutoInstall Auto-approve install consent for missing connectors. v1
	// has no consent prompt — install is unconditional — so this
	// flag is accepted as a no-op for forward compatibility with
	// the planned consent flow. Maps to the CLI's `--yes` flag.
	AutoInstall *bool `json:"auto_install,omitempty"`
}

SyncRequest defines model for SyncRequest.

type SyncResponse 

type SyncResponse struct {
	// ActionsSeen Count of action manifests in `~/.aileron/actions/` walked this run.
	ActionsSeen int `json:"actions_seen"`

	// AlreadyInstalled Connectors that were already present in the cstore (no
	// install necessary). The idempotent path.
	AlreadyInstalled []ConnectorRef `json:"already_installed"`

	// InstallFailures Connectors whose install pipeline failed (resolver,
	// fetcher, verifier, hash mismatch, etc.). Sweep continues
	// past per-connector failures.
	InstallFailures []ConnectorInstallFailure `json:"install_failures"`

	// Installed Connectors actually installed by this sweep — i.e. those
	// absent from the cstore at the start of the run.
	Installed []InstalledConnector `json:"installed"`

	// Required Deduplicated set of (FQN, version) connector references
	// collected across every action's `[[requires.connectors]]`.
	Required []ConnectorRef `json:"required"`

	// Unbound Capabilities (`[capabilities.credential]` blocks) declared
	// by installed connectors for which no binding exists.
	// Sorted by `connector_fqn` then `kind` for deterministic
	// output. Operators bind these manually with
	// `aileron binding setup <FQN>`.
	Unbound []UnboundCapability `json:"unbound"`
}

SyncResponse defines model for SyncResponse.

type TeeAttestationRequest 

type TeeAttestationRequest struct {
	// Audience Expected audience for the attestation token
	Audience *string `json:"audience,omitempty"`
}

TeeAttestationRequest defines model for TeeAttestationRequest.

type TeeAttestationResponse 

type TeeAttestationResponse struct {
	// Nonce Random nonce used for attestation freshness
	Nonce []byte `json:"nonce"`

	// PublicKey Enclave's ephemeral ECDH public key (base64)
	PublicKey []byte `json:"public_key"`

	// Token Attestation evidence (OIDC JWT for Confidential Space, "dev-ok" for local)
	Token string `json:"token"`
}

TeeAttestationResponse defines model for TeeAttestationResponse.

type TeeSessionRequest 

type TeeSessionRequest struct {
	// ClientPublicKey Client's ephemeral ECDH public key for enclave key exchange
	ClientPublicKey []byte `json:"client_public_key"`

	// EncryptedKek KEK encrypted with the ECDH-derived shared secret (opaque to server)
	EncryptedKek []byte `json:"encrypted_kek"`
}

TeeSessionRequest defines model for TeeSessionRequest.

type TeeSessionResponse 

type TeeSessionResponse struct {
	// EscrowedCount Number of credentials auto-escrowed into TEE
	EscrowedCount *int `json:"escrowed_count,omitempty"`

	// ExpiresAt When the session expires
	ExpiresAt *time.Time `json:"expires_at,omitempty"`

	// SessionId Session identifier
	SessionId string `json:"session_id"`
}

TeeSessionResponse defines model for TeeSessionResponse.

type TeeStatus 

type TeeStatus struct {
	// AttestationClaims Verified attestation claims from the TEE (present only when attested)
	AttestationClaims *struct {
		// ExpiresAt When the attestation token expires
		ExpiresAt *time.Time `json:"expires_at,omitempty"`

		// Hwmodel Hardware security model (e.g. "GCP_AMD_SEV")
		Hwmodel *string `json:"hwmodel,omitempty"`

		// ImageDigest Container image digest (e.g. "sha256:abc...")
		ImageDigest *string `json:"image_digest,omitempty"`

		// IssuedAt When the attestation token was issued
		IssuedAt *time.Time `json:"issued_at,omitempty"`

		// Issuer Token issuer (e.g. "https://accounts.google.com")
		Issuer *string `json:"issuer,omitempty"`

		// ProjectId GCP project ID that owns the enclave workload
		ProjectId *string `json:"project_id,omitempty"`
	} `json:"attestation_claims,omitempty"`

	// Attested Whether the enclave has been attested
	Attested *bool `json:"attested,omitempty"`

	// Enabled Whether a TEE provider is configured
	Enabled bool `json:"enabled"`

	// ExpectedIdentity Expected enclave identity pins configured by the server and intended for browser/client verification
	ExpectedIdentity *struct {
		// ImageDigest Expected container image digest (e.g. "sha256:abc...")
		ImageDigest *string `json:"image_digest,omitempty"`

		// ProjectId Expected GCP project ID that owns the enclave workload
		ProjectId *string `json:"project_id,omitempty"`
	} `json:"expected_identity,omitempty"`

	// Provider The active TEE provider
	Provider TeeStatusProvider `json:"provider"`

	// SessionActive Whether an active session exists with the enclave
	SessionActive *bool `json:"session_active,omitempty"`

	// SessionExpiresAt When the current session expires
	SessionExpiresAt *time.Time `json:"session_expires_at,omitempty"`
}

TeeStatus defines model for TeeStatus.

type TeeStatusProvider 

type TeeStatusProvider string

TeeStatusProvider The active TEE provider 

const (
	ConfidentialSpace TeeStatusProvider = "confidential-space"
	Local             TeeStatusProvider = "local"
	None              TeeStatusProvider = "none"
)

Defines values for TeeStatusProvider.

func (TeeStatusProvider) Valid 

func (e TeeStatusProvider) Valid() bool

Valid indicates whether the value is a known member of the TeeStatusProvider enum.

type TooManyValuesForParamError 

type TooManyValuesForParamError struct {
	ParamName string
	Count     int
}

func (*TooManyValuesForParamError) Error 

func (e *TooManyValuesForParamError) Error() string

type Trace 

type Trace struct {
	Events      []TraceEvent `json:"events"`
	IntentId    string       `json:"intent_id"`
	TraceId     string       `json:"trace_id"`
	WorkspaceId *string      `json:"workspace_id,omitempty"`
}

Trace defines model for Trace.

type TraceEvent 

type TraceEvent struct {
	Actor     ActorRef                `json:"actor"`
	EventId   string                  `json:"event_id"`
	EventType string                  `json:"event_type"`
	Payload   *map[string]interface{} `json:"payload,omitempty"`
	Timestamp time.Time               `json:"timestamp"`
}

TraceEvent defines model for TraceEvent.

type TraceListResponse 

type TraceListResponse struct {
	Items      *[]Trace    `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

TraceListResponse defines model for TraceListResponse.

type Unauthorized 

type Unauthorized = Error

Unauthorized Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type UnboundCapability 

type UnboundCapability struct {
	// ConnectorFqn FQN of the connector that needs a binding.
	ConnectorFqn string `json:"connector_fqn"`

	// Kind Declared credential kind (`api_key`, `oauth2`).
	Kind string `json:"kind"`

	// Scope Human-readable scope description from the connector manifest.
	Scope *string `json:"scope,omitempty"`
}

UnboundCapability defines model for UnboundCapability.

type UnescapedCookieParamError 

type UnescapedCookieParamError struct {
	ParamName string
	Err       error
}

func (*UnescapedCookieParamError) Error 

func (e *UnescapedCookieParamError) Error() string

func (*UnescapedCookieParamError) Unwrap 

func (e *UnescapedCookieParamError) Unwrap() error

type UnlockLocalVaultJSONRequestBody 

type UnlockLocalVaultJSONRequestBody = LocalVaultUnlockRequest

UnlockLocalVaultJSONRequestBody defines body for UnlockLocalVault for application/json ContentType.

type UnlockVaultJSONRequestBody 

type UnlockVaultJSONRequestBody = UnlockVaultRequest

UnlockVaultJSONRequestBody defines body for UnlockVault for application/json ContentType.

type UnlockVaultRequest 

type UnlockVaultRequest struct {
	// Kek Base64-encoded 32-byte KEK derived from passphrase via Argon2id
	Kek []byte `json:"kek"`
}

UnlockVaultRequest defines model for UnlockVaultRequest.

type UnmarshalingParamError 

type UnmarshalingParamError struct {
	ParamName string
	Err       error
}

func (*UnmarshalingParamError) Error 

func (e *UnmarshalingParamError) Error() string

func (*UnmarshalingParamError) Unwrap 

func (e *UnmarshalingParamError) Unwrap() error

type UpdateConnectorJSONRequestBody 

type UpdateConnectorJSONRequestBody = UpdateConnectorRequest

UpdateConnectorJSONRequestBody defines body for UpdateConnector for application/json ContentType.

type UpdateConnectorRequest 

type UpdateConnectorRequest struct {
	Auth     *ConnectorAuth                `json:"auth,omitempty"`
	Metadata *map[string]interface{}       `json:"metadata,omitempty"`
	Name     *string                       `json:"name,omitempty"`
	Status   *UpdateConnectorRequestStatus `json:"status,omitempty"`
}

UpdateConnectorRequest defines model for UpdateConnectorRequest.

type UpdateConnectorRequestStatus 

type UpdateConnectorRequestStatus string

UpdateConnectorRequestStatus defines model for UpdateConnectorRequest.Status. 

const (
	UpdateConnectorRequestStatusActive   UpdateConnectorRequestStatus = "active"
	UpdateConnectorRequestStatusDisabled UpdateConnectorRequestStatus = "disabled"
)

Defines values for UpdateConnectorRequestStatus.

func (UpdateConnectorRequestStatus) Valid 

func (e UpdateConnectorRequestStatus) Valid() bool

Valid indicates whether the value is a known member of the UpdateConnectorRequestStatus enum.

type UpdateCurrentEnterpriseJSONRequestBody 

type UpdateCurrentEnterpriseJSONRequestBody = UpdateEnterpriseRequest

UpdateCurrentEnterpriseJSONRequestBody defines body for UpdateCurrentEnterprise for application/json ContentType.

type UpdateCurrentUserJSONRequestBody 

type UpdateCurrentUserJSONRequestBody = UpdateUserRequest

UpdateCurrentUserJSONRequestBody defines body for UpdateCurrentUser for application/json ContentType.

type UpdateEnterpriseRequest 

type UpdateEnterpriseRequest struct {
	// AllowedAuthProviders Restrict sign-in to these providers. Empty array means all allowed.
	AllowedAuthProviders *[]string `json:"allowed_auth_providers,omitempty"`

	// AllowedEmailDomains Restrict sign-in to these email domains. Empty array means all allowed.
	AllowedEmailDomains *[]string            `json:"allowed_email_domains,omitempty"`
	BillingEmail        *openapi_types.Email `json:"billing_email,omitempty"`
	Name                *string              `json:"name,omitempty"`
	SsoRequired         *bool                `json:"sso_required,omitempty"`
}

UpdateEnterpriseRequest defines model for UpdateEnterpriseRequest.

type UpdatePolicyJSONRequestBody 

type UpdatePolicyJSONRequestBody = UpdatePolicyRequest

UpdatePolicyJSONRequestBody defines body for UpdatePolicy for application/json ContentType.

type UpdatePolicyRequest 

type UpdatePolicyRequest struct {
	Description *string       `json:"description,omitempty"`
	Name        *string       `json:"name,omitempty"`
	Rules       *[]PolicyRule `json:"rules,omitempty"`
	Status      *PolicyStatus `json:"status,omitempty"`
}

UpdatePolicyRequest defines model for UpdatePolicyRequest.

type UpdateUserRequest 

type UpdateUserRequest struct {
	DisplayName *string `json:"display_name,omitempty"`
}

UpdateUserRequest defines model for UpdateUserRequest.

type User 

type User struct {
	// AuthProviders Connected identity providers for this user
	AuthProviders []UserAuthProviderLink `json:"auth_providers"`
	AvatarUrl     *string                `json:"avatar_url,omitempty"`
	CreatedAt     time.Time              `json:"created_at"`
	DisplayName   string                 `json:"display_name"`

	// Email Unique email — the stable identity across OAuth providers
	Email        openapi_types.Email `json:"email"`
	EnterpriseId string              `json:"enterprise_id"`

	// HasPassword Whether the user has a password set for email/password login
	HasPassword bool `json:"has_password"`

	// Id Opaque surrogate key — immutable, never changes
	Id          string     `json:"id"`
	LastLoginAt *time.Time `json:"last_login_at,omitempty"`
	Role        UserRole   `json:"role"`
	Status      UserStatus `json:"status"`
	UpdatedAt   time.Time  `json:"updated_at"`
}

User A user account. The id is an opaque surrogate key (usr_ + UUID). Email is the stable logical identity used to deduplicate across OAuth providers. 

type UserAuthProviderLink struct {
	ConnectedAt time.Time `json:"connected_at"`

	// Provider Auth provider name (google, github, okta, saml, etc.)
	Provider string `json:"provider"`
}

UserAuthProviderLink defines model for UserAuthProviderLink.

type UserRole 

type UserRole string

UserRole defines model for User.Role. 

const (
	Admin  UserRole = "admin"
	Member UserRole = "member"
	Owner  UserRole = "owner"
)

Defines values for UserRole.

func (UserRole) Valid 

func (e UserRole) Valid() bool

Valid indicates whether the value is a known member of the UserRole enum.

type UserStatus 

type UserStatus string

UserStatus defines model for User.Status. 

const (
	UserStatusActive              UserStatus = "active"
	UserStatusInvited             UserStatus = "invited"
	UserStatusPendingVerification UserStatus = "pending_verification"
	UserStatusSuspended           UserStatus = "suspended"
)

Defines values for UserStatus.

func (UserStatus) Valid 

func (e UserStatus) Valid() bool

Valid indicates whether the value is a known member of the UserStatus enum.

type VaultLocked 

type VaultLocked = Error

VaultLocked Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type VaultStatusResponse 

type VaultStatusResponse struct {
	// ExpiresAt When the current KEK session expires (omitted when locked)
	ExpiresAt *time.Time `json:"expires_at,omitempty"`

	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// Locked Whether the vault is currently locked (no active KEK session)
	Locked bool `json:"locked"`
}

VaultStatusResponse defines model for VaultStatusResponse.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.