api

package
v0.0.0-...-c1a5b01 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 12, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package api provides primitives to interact with the openapi HTTP API.

Code generated by github.com/oapi-codegen/oapi-codegen/v2 version v2.7.1 DO NOT EDIT.

Index

Constants

View Source
const (
	BearerAuthScopes bearerAuthContextKey = "bearerAuth.Scopes"
)

Variables

This section is empty.

Functions

func GetSpec

func GetSpec() (swagger *openapi3.T, err error)

GetSpec returns the OpenAPI specification corresponding to the generated code in this file. External references in the spec are resolved through PathToRawSpec; externally-referenced files must be embedded in their corresponding Go packages (via the import-mapping feature). URL-based external refs are not supported.

func GetSpecJSON

func GetSpecJSON() ([]byte, error)

GetSpecJSON returns the raw JSON bytes of the embedded OpenAPI specification: decompressed but not unmarshaled. External references are not resolved here; the bytes are the spec exactly as embedded by codegen. The result is cached at package init time, so repeated calls are cheap.

func GetSwagger deprecated

func GetSwagger() (*openapi3.T, error)

GetSwagger returns the OpenAPI specification corresponding to the generated code in this file.

Deprecated: GetSwagger predates kin-openapi renaming openapi3.Swagger to openapi3.T. Use GetSpec instead. This wrapper is retained for backwards compatibility.

func Handler

func Handler(si ServerInterface) http.Handler

Handler creates http.Handler with routing matching OpenAPI spec.

func HandlerFromMux

func HandlerFromMux(si ServerInterface, m ServeMux) http.Handler

HandlerFromMux creates http.Handler with routing matching OpenAPI spec based on the provided mux.

func HandlerFromMuxWithBaseURL

func HandlerFromMuxWithBaseURL(si ServerInterface, m ServeMux, baseURL string) http.Handler

func HandlerWithOptions

func HandlerWithOptions(si ServerInterface, options StdHTTPServerOptions) http.Handler

HandlerWithOptions creates http.Handler with additional options

func PathToRawSpec

func PathToRawSpec(pathToFile string) map[string]func() ([]byte, error)

Constructs a synthetic filesystem for resolving external references when loading openapi specifications.

Types

type Action

type Action struct {
	// Approval Approval gating for an action. When `required` is true, the runtime
	// holds the action-run HTTP response open while it queues an approval
	// request to the orchestrator; the response unblocks only when the user
	// approves (action runs normally) or denies (returns an
	// `approval_denied` failure envelope). The agent surfaces the approval
	// URL to the user via tool descriptions templated by `aileron-mcp`.
	Approval *ActionApprovalPolicy `json:"approval,omitempty"`

	// Body Markdown content following the closing `+++` delimiter. The first
	// paragraph (or a designated section) is surfaced to the LLM as the
	// function description when the action is exposed as a tool.
	Body *string `json:"body,omitempty"`

	// Enabled Whether the action is currently exposed to the LLM as a callable
	// tool. Sourced from the per-user overlay at
	// `~/.aileron/action-state.json`; absent overlay entries default to
	// `true`. Disabling does not uninstall the action — the manifest
	// file is left untouched. MCP servers must hide disabled actions
	// from `tools/list` and refuse calls against them.
	Enabled *bool               `json:"enabled,omitempty"`
	Execute []ActionExecuteStep `json:"execute"`

	// Inputs Declared call-time arguments. Per ADR-0003, inputs map directly
	// to the JSON Schema `parameters` object the LLM sees when
	// Aileron exposes the action as a tool.
	Inputs *[]ActionInput `json:"inputs,omitempty"`
	Match  ActionMatch    `json:"match"`

	// Name Bare local handle for the action (e.g. "ship-update").
	Name string `json:"name"`

	// Path Absolute path of the source file on disk.
	Path     *string        `json:"path,omitempty"`
	Requires ActionRequires `json:"requires"`

	// Source Fully-qualified URI of the template the action was installed from
	// (e.g. "hub://aileron/ship-update@1.0.0"). Provenance only — not
	// consulted at runtime.
	Source string `json:"source"`

	// Version Strict SemVer of the action manifest.
	Version string `json:"version"`
}

Action A user-installed action manifest. Per ADR-0001 and ADR-0003, an action is a single Markdown file with TOML frontmatter; the parsed frontmatter populates this object's structured fields and the Markdown content following the closing `+++` populates `body`.

type ActionApprovalDecision

type ActionApprovalDecision struct {
	// Approved True to allow the action to run; false to deny.
	Approved bool `json:"approved"`

	// EditedPayload Kind-specific fields the user changed (or chose) before
	// approving. Omitted when the user approved without edits or
	// the kind doesn't support them. Consumers read kind-specific
	// keys:
	//
	//   - `kind=comms_draft` — `body` carries the edited reply
	//     bytes; the CommsServer dispatcher sends those rather
	//     than the agent's original draft.
	//   - `kind=shell` — `save_policy` carries `""` | `"project"`
	//     | `"user"`; the launch-side approval socket translates
	//     this into the `allow_once` / `allow_project` /
	//     `allow_user` wire string aileron-sh writes the new
	//     allow rule under.
	EditedPayload *map[string]interface{} `json:"edited_payload,omitempty"`

	// Reason Optional commentary from the user. Surfaced to the agent in
	// the deny path so it can recover gracefully (e.g. "wrong
	// recipient — I'll redraft").
	Reason *string `json:"reason,omitempty"`
}

ActionApprovalDecision defines model for ActionApprovalDecision.

type ActionApprovalListResponse

type ActionApprovalListResponse struct {
	Items []PendingActionApproval `json:"items"`
}

ActionApprovalListResponse defines model for ActionApprovalListResponse.

type ActionApprovalPolicy

type ActionApprovalPolicy struct {
	// Preview Optional `[approval.preview]` directive (ADR-0016). When present, the
	// runtime invokes the named connector op before showing the approval
	// prompt and renders the response alongside the gated call's inputs so
	// the user sees an authoritative summary of what they are approving
	// rather than agent-supplied hints.
	Preview *ActionApprovalPreviewPolicy `json:"preview,omitempty"`

	// Required When true, `POST /v1/actions/{name}/run` blocks on user approval
	// before executing. Default false.
	Required *bool `json:"required,omitempty"`
}

ActionApprovalPolicy Approval gating for an action. When `required` is true, the runtime holds the action-run HTTP response open while it queues an approval request to the orchestrator; the response unblocks only when the user approves (action runs normally) or denies (returns an `approval_denied` failure envelope). The agent surfaces the approval URL to the user via tool descriptions templated by `aileron-mcp`.

type ActionApprovalPreview

type ActionApprovalPreview struct {
	// Fields Rendered entries in the manifest's declared order. Omitted on
	// wholesale preview failure.
	Fields *[]ActionApprovalPreviewField `json:"fields,omitempty"`

	// Unavailable User-facing reason a wholesale preview failure occurred. Empty
	// on success (even when some individual fields had missing paths).
	Unavailable *string `json:"unavailable,omitempty"`
}

ActionApprovalPreview Rendered output of the action manifest's `[approval.preview]` directive (ADR-0016). Surfaced on the approval prompt so the user sees an authoritative summary of what they are approving rather than agent-supplied hints. Two terminal shapes:

  • On success, `fields` carries the rendered entries in the manifest's declared order. A field whose render path did not resolve in the preview response carries `missing=true` so the UI renders "n/a" rather than silently omitting the row.
  • On wholesale failure (HTTP non-2xx, timeout, sandbox denial, WASM trap), `unavailable` carries a short user-facing reason (e.g. "preview unavailable: timeout") and `fields` is omitted. The approval still proceeds; the user can decline based on the raw inputs plus the failure note.

type ActionApprovalPreviewField

type ActionApprovalPreviewField struct {
	// Label User-facing key from the manifest's `render` table.
	Label string `json:"label"`

	// Missing True when the manifest's render path did not resolve in the
	// preview op's response. The UI surfaces these as "n/a" so the
	// user sees that the connector did not return the field, rather
	// than the field being silently absent.
	Missing *bool `json:"missing,omitempty"`

	// Multiline True when the manifest's `multiline` list named this field's
	// label. The approval surface renders the value as a scrollable
	// blockquote below the inline rows rather than as a single-line
	// `key: value` entry. Omitted (or false) for short fields.
	Multiline *bool `json:"multiline,omitempty"`

	// Value Resolved string. Empty when `missing=true`; the UI renders "n/a"
	// in that case.
	Value *string `json:"value,omitempty"`
}

ActionApprovalPreviewField One rendered entry on the approval prompt.

type ActionApprovalPreviewPolicy

type ActionApprovalPreviewPolicy struct {
	// Args Inline argument table passed to the preview op. Values may
	// interpolate `${args.<name>}` against the gated action's
	// call-time inputs.
	Args *map[string]interface{} `json:"args,omitempty"`

	// Multiline Labels in `render` whose values are long-form content (email
	// bodies, commit messages, response payloads). The approval surface
	// renders these as scrollable blockquotes below the inline rows
	// rather than as single-line `key: value` entries. Optional; a
	// manifest that omits it renders all fields inline. Entries must
	// appear as keys in `render`; mismatches are rejected at manifest
	// load time.
	Multiline *[]string `json:"multiline,omitempty"`

	// Op Connector op the runtime calls before approval. Must live on the
	// same connector as the gated action's first execute step, must be
	// declared `idempotent = true` in at least one bundled action
	// manifest, and must not itself carry `[approval] required = true`
	// (no preview-of-preview recursion).
	Op string `json:"op"`

	// Render Map of user-facing labels to dotted JSON paths into the preview
	// op's response. Header-style arrays (e.g. Gmail's
	// `message.payload.headers`) use a shorthand: a path segment beyond
	// such an array is interpreted as "find the entry whose `name`
	// equals the segment, return its `value`". Paths that fail to
	// resolve at runtime surface as per-field "n/a" indicators on the
	// approval prompt; the approval still proceeds.
	Render map[string]string `json:"render"`
}

ActionApprovalPreviewPolicy Optional `[approval.preview]` directive (ADR-0016). When present, the runtime invokes the named connector op before showing the approval prompt and renders the response alongside the gated call's inputs so the user sees an authoritative summary of what they are approving rather than agent-supplied hints.

type ActionApprovalResult

type ActionApprovalResult struct {
	// AuditId Audit log id; populated when `status = completed`.
	AuditId *string `json:"audit_id,omitempty"`

	// Failure Action-side failure envelope; populated when
	// `status = failed`. Same shape the synchronous path would
	// have returned as a 4xx/5xx body.
	Failure *FailureEnvelope `json:"failure,omitempty"`

	// Reason User's deny commentary; populated when `status = denied`.
	// May be empty if the user denied without a reason.
	Reason *string `json:"reason,omitempty"`

	// Result Action output payload; populated when `status = completed`.
	// Same shape as `ActionRunResponse.result`.
	Result *string `json:"result,omitempty"`

	// Status - `pending_approval` — the user has not yet decided.
	// - `awaiting_vault` — the user approved before the daemon
	//   restarted; the entry is replayed but the local vault is
	//   currently locked, so the executor is waiting for the
	//   user to unlock the vault before running the action.
	// - `running` — the user approved; the daemon is executing
	//   the action.
	// - `completed` — the action ran successfully; see `audit_id`
	//   and `result`.
	// - `denied` — the user denied the approval; see `reason`.
	// - `failed` — the action was approved but its execution
	//   errored; see `failure`. Also used at replay time when a
	//   `running` entry was found on disk (daemon crashed
	//   mid-execution; the runtime refuses to auto-rerun
	//   non-idempotent actions). In that case `reason` carries
	//   an explanatory message.
	Status ActionApprovalResultStatus `json:"status"`
}

ActionApprovalResult Current status and (when available) result of an action approval entry. Returned by `GET /v1/action-approvals/{id}/result`. The shape is discriminated on `status`: terminal statuses (`completed`, `denied`, `failed`) carry the relevant outcome fields; transient statuses (`pending_approval`, `awaiting_vault`, `running`) carry only `status`.

type ActionApprovalResultStatus

type ActionApprovalResultStatus string

ActionApprovalResultStatus - `pending_approval` — the user has not yet decided.

  • `awaiting_vault` — the user approved before the daemon restarted; the entry is replayed but the local vault is currently locked, so the executor is waiting for the user to unlock the vault before running the action.
  • `running` — the user approved; the daemon is executing the action.
  • `completed` — the action ran successfully; see `audit_id` and `result`.
  • `denied` — the user denied the approval; see `reason`.
  • `failed` — the action was approved but its execution errored; see `failure`. Also used at replay time when a `running` entry was found on disk (daemon crashed mid-execution; the runtime refuses to auto-rerun non-idempotent actions). In that case `reason` carries an explanatory message.
const (
	ActionApprovalResultStatusAwaitingVault   ActionApprovalResultStatus = "awaiting_vault"
	ActionApprovalResultStatusCompleted       ActionApprovalResultStatus = "completed"
	ActionApprovalResultStatusDenied          ActionApprovalResultStatus = "denied"
	ActionApprovalResultStatusFailed          ActionApprovalResultStatus = "failed"
	ActionApprovalResultStatusPendingApproval ActionApprovalResultStatus = "pending_approval"
	ActionApprovalResultStatusRunning         ActionApprovalResultStatus = "running"
)

Defines values for ActionApprovalResultStatus.

func (ActionApprovalResultStatus) Valid

func (e ActionApprovalResultStatus) Valid() bool

Valid indicates whether the value is a known member of the ActionApprovalResultStatus enum.

type ActionConnectorDep

type ActionConnectorDep struct {
	// AlreadyInstalled True when an entry with this hash is already in the
	// cstore. The CLI renders this so the operator sees which
	// deps are new (will be installed) versus existing (no
	// change).
	AlreadyInstalled bool `json:"already_installed"`

	// Capabilities Subset of the connector's declared capabilities the
	// action will exercise. Empty means the action declared no
	// capability subset.
	Capabilities *[]string `json:"capabilities,omitempty"`

	// Fqn Connector FQN per ADR-0002.
	Fqn string `json:"fqn"`

	// Hash Connector content hash the action pins (`sha256:<hex>`).
	// The runtime verifies this before every connector
	// invocation per ADR-0004.
	Hash string `json:"hash"`

	// Version Strict SemVer pinned by the action.
	Version string `json:"version"`
}

ActionConnectorDep defines model for ActionConnectorDep.

type ActionExecuteStep

type ActionExecuteStep struct {
	Connector  string                  `json:"connector"`
	Id         string                  `json:"id"`
	Idempotent *bool                   `json:"idempotent,omitempty"`
	Inputs     *map[string]interface{} `json:"inputs,omitempty"`
	Op         string                  `json:"op"`
}

ActionExecuteStep defines model for ActionExecuteStep.

type ActionInput

type ActionInput struct {
	// Description Field-level prose surfaced to the LLM in the
	// `parameters.properties[name].description` slot.
	Description string `json:"description"`

	// ItemsType JSON Schema type of an array input's elements. Only meaningful
	// when `type` is `array`. When set, the LLM-facing tool schema
	// emits `"items": {"type": <items_type>}`. When unset on an array
	// input, the schema emits `"items": {}` (any) so MCP clients that
	// default missing-`items` to `string[]` projection do not silently
	// coerce object elements to strings.
	ItemsType *ActionInputItemsType `json:"items_type,omitempty"`

	// Name Argument identifier matching `^[a-z][a-z0-9_]*$`.
	Name string `json:"name"`

	// Required Defaults to true when omitted. Set false to mark the argument
	// as optional in the LLM-facing parameter schema.
	Required *bool `json:"required,omitempty"`

	// Type JSON Schema type. Scalar types (`string`, `integer`, `number`,
	// `boolean`) and structured types (`array`, `object`) are accepted.
	// Structured types are passed through to the LLM-facing tool-use
	// schema with optional shape constraints declared on adjacent
	// fields (`items_type` for arrays); the connector is responsible
	// for validating semantic shape at op time.
	Type ActionInputType `json:"type"`
}

ActionInput defines model for ActionInput.

type ActionInputItemsType

type ActionInputItemsType string

ActionInputItemsType JSON Schema type of an array input's elements. Only meaningful when `type` is `array`. When set, the LLM-facing tool schema emits `"items": {"type": <items_type>}`. When unset on an array input, the schema emits `"items": {}` (any) so MCP clients that default missing-`items` to `string[]` projection do not silently coerce object elements to strings.

const (
	ActionInputItemsTypeBoolean ActionInputItemsType = "boolean"
	ActionInputItemsTypeInteger ActionInputItemsType = "integer"
	ActionInputItemsTypeNumber  ActionInputItemsType = "number"
	ActionInputItemsTypeObject  ActionInputItemsType = "object"
	ActionInputItemsTypeString  ActionInputItemsType = "string"
)

Defines values for ActionInputItemsType.

func (ActionInputItemsType) Valid

func (e ActionInputItemsType) Valid() bool

Valid indicates whether the value is a known member of the ActionInputItemsType enum.

type ActionInputType

type ActionInputType string

ActionInputType JSON Schema type. Scalar types (`string`, `integer`, `number`, `boolean`) and structured types (`array`, `object`) are accepted. Structured types are passed through to the LLM-facing tool-use schema with optional shape constraints declared on adjacent fields (`items_type` for arrays); the connector is responsible for validating semantic shape at op time.

const (
	ActionInputTypeArray   ActionInputType = "array"
	ActionInputTypeBoolean ActionInputType = "boolean"
	ActionInputTypeInteger ActionInputType = "integer"
	ActionInputTypeNumber  ActionInputType = "number"
	ActionInputTypeObject  ActionInputType = "object"
	ActionInputTypeString  ActionInputType = "string"
)

Defines values for ActionInputType.

func (ActionInputType) Valid

func (e ActionInputType) Valid() bool

Valid indicates whether the value is a known member of the ActionInputType enum.

type ActionIntent

type ActionIntent struct {
	// Domain Carries action-type-specific fields. Exactly one field must be populated,
	// corresponding to the prefix of ActionIntent.type:
	//   - git.* → git
	//   - deploy.* → deploy
	//   - cloud.* → cloud
	//   - email.* → email
	//   - calendar.* → calendar
	//   - payment.* → payment
	//   - procurement.* → procurement
	// The server rejects requests where the populated domain field does not
	// match the action type prefix.
	Domain        *DomainAction           `json:"domain,omitempty"`
	Justification *string                 `json:"justification,omitempty"`
	Metadata      *map[string]interface{} `json:"metadata,omitempty"`
	Summary       string                  `json:"summary"`
	Target        *ActionTarget           `json:"target,omitempty"`
	Type          string                  `json:"type"`
}

ActionIntent defines model for ActionIntent.

type ActionListResponse

type ActionListResponse struct {
	Items      *[]Action          `json:"items,omitempty"`
	LoadErrors *[]ActionLoadError `json:"load_errors,omitempty"`
}

ActionListResponse defines model for ActionListResponse.

type ActionLoadError

type ActionLoadError struct {
	// Boundary Which layer produced the error (always "action" for load failures).
	Boundary *string `json:"boundary,omitempty"`

	// Class Canonical failure class (e.g. parse_error, validation_error).
	Class string `json:"class"`

	// File Absolute path of the offending file.
	File string `json:"file"`

	// Line Line within the file where the error was detected; 0 when unknown.
	Line    *int   `json:"line,omitempty"`
	Message string `json:"message"`
}

ActionLoadError A structured error describing a single file in the actions directory that failed to parse or validate, per ADR-0010. Loading is non-fatal — files that load successfully appear in `items`; failed files appear here so callers can surface a precise message.

type ActionMatch

type ActionMatch struct {
	// Intent Canonical phrase the runtime matches against agent intent.
	Intent string `json:"intent"`
}

ActionMatch defines model for ActionMatch.

type ActionPatchRequest

type ActionPatchRequest struct {
	// Enabled When set, replaces the action's enabled flag in the overlay
	// (see [Action.enabled]). Omit to leave the current value
	// untouched.
	Enabled *bool `json:"enabled,omitempty"`
}

ActionPatchRequest Partial update to an installed action's user-controlled overlay state. Every field is optional; only fields present in the request body are applied, so callers can update one preference without having to repeat the others.

type ActionPreview

type ActionPreview struct {
	// AlreadyInstalled True when an action with this name is already installed
	// and its hash matches. The CLI uses this to short-circuit
	// past the consent prompt.
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// ConnectorDeps One entry per `[[requires.connectors]]` in the action's
	// manifest, in declaration order.
	ConnectorDeps []ActionConnectorDep `json:"connector_deps"`

	// Existing Set when an action with the same `name` is already
	// installed but its bytes differ from the previewed
	// manifest (typically a different version). Mutually
	// exclusive with `already_installed = true`. The CLI uses
	// this to render an upgrade prompt instead of treating
	// the install as fresh — the operator sees the installed
	// version side-by-side with the requested version and can
	// choose to overwrite.
	Existing *InstalledActionRef `json:"existing,omitempty"`

	// Fqn Canonical FQN of the previewed action.
	Fqn string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the fetched action manifest.
	// Same value the install endpoint will record.
	Hash string `json:"hash"`

	// Intent Action's `[match] intent` — the canonical natural-language
	// phrase the runtime matches against agent requests. Used in
	// the consent prompt so the operator knows when this action
	// will fire. Optional.
	Intent *string `json:"intent,omitempty"`

	// Name Action name from the manifest's `name = "<name>"` field —
	// the slug under `~/.aileron/actions/<name>.md`.
	Name string `json:"name"`

	// SignatureStatus Action signatures are optional in v1 — manifests without a
	// signature surface as `unsigned` rather than as an error.
	// Operators see this in the consent prompt and decide
	// whether to proceed.
	SignatureStatus *ActionPreviewSignatureStatus `json:"signature_status,omitempty"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ActionPreview defines model for ActionPreview.

type ActionPreviewSignatureStatus

type ActionPreviewSignatureStatus string

ActionPreviewSignatureStatus Action signatures are optional in v1 — manifests without a signature surface as `unsigned` rather than as an error. Operators see this in the consent prompt and decide whether to proceed.

const (
	ActionPreviewSignatureStatusUnsigned ActionPreviewSignatureStatus = "unsigned"
	ActionPreviewSignatureStatusVerified ActionPreviewSignatureStatus = "verified"
)

Defines values for ActionPreviewSignatureStatus.

func (ActionPreviewSignatureStatus) Valid

Valid indicates whether the value is a known member of the ActionPreviewSignatureStatus enum.

type ActionRequires

type ActionRequires struct {
	Connectors *[]ActionRequiresConnector `json:"connectors,omitempty"`
}

ActionRequires defines model for ActionRequires.

type ActionRequiresConnector

type ActionRequiresConnector struct {
	// Capabilities The action's declared subset of operations on the connector. Per
	// ADR-0003, calls outside this subset are denied at the action
	// boundary even when the connector permits the operation.
	Capabilities []string `json:"capabilities"`

	// Hash Content hash of the connector binary plus its manifest.
	Hash string `json:"hash"`

	// Name Connector FQN per ADR-0002 (e.g. "github://aileron/slack").
	Name string `json:"name"`

	// Version Pinned SemVer of the connector.
	Version string `json:"version"`
}

ActionRequiresConnector defines model for ActionRequiresConnector.

type ActionRunPendingResponse

type ActionRunPendingResponse struct {
	// ApprovalId Opaque server-minted id for the pending approval entry.
	// The agent passes this to the `check_action_status` MCP
	// tool (or to `GET /v1/action-approvals/{id}/result`) to
	// learn the outcome.
	ApprovalId string `json:"approval_id"`

	// Message Human-readable instruction the agent should surface to the
	// user verbatim. Names the approval, the review URL, and the
	// `aileron open approval <id>` shell command alternative.
	Message string `json:"message"`

	// ReviewUrl Deep link to the webapp's approvals page anchored at this
	// approval (`<webapp>/approvals?focus=<id>`). Empty when the
	// daemon has no webapp URL configured.
	ReviewUrl *string `json:"review_url,omitempty"`

	// Status Discriminator. Always `pending_approval` for this shape;
	// included so the agent's MCP wrapper can branch without
	// inspecting the HTTP status code.
	Status ActionRunPendingResponseStatus `json:"status"`
}

ActionRunPendingResponse Response body for the 202 case of `POST /v1/actions/{name}/run`: the action's manifest declared `[approval] required = true`, so the daemon registered a pending approval and a background executor instead of running the action inline. The agent is expected to surface `message` to the user verbatim so they learn where to approve.

type ActionRunPendingResponseStatus

type ActionRunPendingResponseStatus string

ActionRunPendingResponseStatus Discriminator. Always `pending_approval` for this shape; included so the agent's MCP wrapper can branch without inspecting the HTTP status code.

const (
	ActionRunPendingResponseStatusPendingApproval ActionRunPendingResponseStatus = "pending_approval"
)

Defines values for ActionRunPendingResponseStatus.

func (ActionRunPendingResponseStatus) Valid

Valid indicates whether the value is a known member of the ActionRunPendingResponseStatus enum.

type ActionRunRequest

type ActionRunRequest struct {
	// Args Per-call arguments matching the action's declared inputs.
	Args *map[string]interface{} `json:"args,omitempty"`
}

ActionRunRequest Arguments for synchronously executing an installed action. The `args` map is passed to the action's executor after validation against the action's declared `inputs`.

type ActionRunResponse

type ActionRunResponse struct {
	// AuditId Audit log ID for this execution per ADR-0010. Always present
	// so callers can cross-reference into the audit log.
	AuditId string `json:"audit_id"`

	// ConnectorHash Content hash (`sha256:<hex>`) of the connector binary plus its
	// manifest, copied from the action manifest's
	// `[[requires.connectors]]` entry. Present when the action is
	// connector-backed. Pairs with `connector_version` as the
	// actor-side content-addressed provenance for the produced output.
	ConnectorHash *string `json:"connector_hash,omitempty"`

	// ConnectorVersion Pinned semantic version of the connector that produced this
	// result, copied from the action manifest's
	// `[[requires.connectors]]` entry. Present when the action is
	// connector-backed. Part of the actor provenance a caller records
	// on an `output.materialized` event so an output digest walks back
	// to the exact connector build that produced it (issue #1753).
	ConnectorVersion *string `json:"connector_version,omitempty"`

	// ConsentDecision Consent posture under which the action ran. Always `unattended`
	// on this synchronous 200 path: an approval-gated action returns
	// 202 with an `ActionRunPendingResponse` and never reaches this
	// success shape, so a result surfaced here ran without an
	// interactive approval.
	ConsentDecision *string `json:"consent_decision,omitempty"`

	// CredentialBinding Name of the credential binding the action used at the boundary
	// (a reference, never the secret). Present only when a binding
	// resolved; omitted otherwise. Lets an audited output walk back to
	// the exact identity that authorized the read.
	CredentialBinding *string `json:"credential_binding,omitempty"`

	// IdentityLabel Non-secret identity label of the credential binding the action
	// resolved at the boundary (never the credential itself). Present
	// only when the action resolved a single credential binding;
	// omitted for a credential-less action or when no binding resolved.
	IdentityLabel *string `json:"identity_label,omitempty"`

	// Result Action output payload — the same Content the LLM observes
	// as a tool result when the action runs through the gateway's
	// intercept path. Typically a JSON document; may be plain
	// prose for actions whose output is naturally a sentence.
	Result *string `json:"result,omitempty"`
}

ActionRunResponse Successful result from synchronously executing an action. Action-side failures are returned as a 4xx/5xx FailureEnvelope instead of this shape, so a 200 response always carries a successful payload.

type ActionTarget

type ActionTarget struct {
	DisplayName *string          `json:"display_name,omitempty"`
	Id          *string          `json:"id,omitempty"`
	Kind        ActionTargetKind `json:"kind"`
}

ActionTarget defines model for ActionTarget.

type ActionTargetKind

type ActionTargetKind string

ActionTargetKind defines model for ActionTarget.Kind.

const (
	ActionTargetKindApi            ActionTargetKind = "api"
	ActionTargetKindCalendar       ActionTargetKind = "calendar"
	ActionTargetKindCloudResource  ActionTargetKind = "cloud_resource"
	ActionTargetKindCustom         ActionTargetKind = "custom"
	ActionTargetKindEmailRecipient ActionTargetKind = "email_recipient"
	ActionTargetKindEnvironment    ActionTargetKind = "environment"
	ActionTargetKindRepository     ActionTargetKind = "repository"
	ActionTargetKindSecret         ActionTargetKind = "secret"
	ActionTargetKindTicket         ActionTargetKind = "ticket"
	ActionTargetKindVendor         ActionTargetKind = "vendor"
)

Defines values for ActionTargetKind.

func (ActionTargetKind) Valid

func (e ActionTargetKind) Valid() bool

Valid indicates whether the value is a known member of the ActionTargetKind enum.

type ActorRef

type ActorRef struct {
	// CredentialBinding The credential binding the action's identity resolved to. Normalized onto the actor by the daemon at ingest from the runtime's `aileron.actor.credential_binding` payload key.
	CredentialBinding *string `json:"credential_binding,omitempty"`
	DisplayName       *string `json:"display_name,omitempty"`
	Id                string  `json:"id"`

	// IdentityLabel The connector identity label whose credential the action ran under. Normalized onto the actor by the daemon at ingest from the runtime's `aileron.actor.identity_label` payload key.
	IdentityLabel *string      `json:"identity_label,omitempty"`
	Type          ActorRefType `json:"type"`
}

ActorRef defines model for ActorRef.

type ActorRefType

type ActorRefType string

ActorRefType defines model for ActorRef.Type.

const (
	Agent            ActorRefType = "agent"
	ConnectorRuntime ActorRefType = "connector_runtime"
	Human            ActorRefType = "human"
	Service          ActorRefType = "service"
)

Defines values for ActorRefType.

func (ActorRefType) Valid

func (e ActorRefType) Valid() bool

Valid indicates whether the value is a known member of the ActorRefType enum.

type AgentCredentialSummary

type AgentCredentialSummary struct {
	// Metadata Non-secret metadata stored alongside the credential bytes. Mirrors
	// the `vault.Metadata` shape.
	Metadata *AgentCredentialsMetadata `json:"metadata,omitempty"`

	// Name Agent identifier (e.g. "claude", "codex"), derived from the
	// `<name>` segment of the `agents/<name>/<purpose>` vault path.
	Name string `json:"name"`

	// Purpose Credential purpose (e.g. "oauth", "apikey"), derived from the
	// `<purpose>` segment of the `agents/<name>/<purpose>` vault
	// path. Omitted (absent) entries predate per-purpose listing and
	// should be treated as `oauth`.
	Purpose *string `json:"purpose,omitempty"`
}

AgentCredentialSummary A single agent credential entry: the agent name, the credential purpose, plus its plaintext metadata. Mirrors the `vault.Entry` shape with the `agents/<name>/<purpose>` path split into its `name` and `purpose` segments.

type AgentCredentials

type AgentCredentials struct {
	// Metadata Non-secret metadata stored alongside the credential bytes. Mirrors
	// the `vault.Metadata` shape.
	Metadata *AgentCredentialsMetadata `json:"metadata,omitempty"`

	// Value Base64-encoded credential bytes. The launcher writes these
	// verbatim into the agent's in-container credential file.
	Value []byte `json:"value"`
}

AgentCredentials Per-agent credential envelope persisted under `agents/<name>/<purpose>` in the local vault (the `purpose` segment defaults to `oauth`). The launcher renders `value` into a file the in-container agent reads (e.g. Claude's `.credentials.json`, Codex's `auth.json`) and captures the file bytes back through the same envelope on clean exit. See ADR-0025.

type AgentCredentialsList

type AgentCredentialsList struct {
	Agents []AgentCredentialSummary `json:"agents"`
}

AgentCredentialsList The set of per-agent credential entries stored in the local vault. Metadata only — the credential `value` is never listed (ADR-0011).

type AgentCredentialsMetadata

type AgentCredentialsMetadata struct {
	// Environment Optional environment label (e.g. `personal`, `work`).
	Environment *string `json:"environment,omitempty"`

	// Labels Arbitrary key/value pairs for organization.
	Labels *map[string]string `json:"labels,omitempty"`

	// Type Credential classification (e.g. `oauth_refresh_token`,
	// `api_key`). Matches the agent's binding declaration.
	Type *string `json:"type,omitempty"`
}

AgentCredentialsMetadata Non-secret metadata stored alongside the credential bytes. Mirrors the `vault.Metadata` shape.

type AnalyticsSummary

type AnalyticsSummary struct {
	ApprovalLatencyMs *struct {
		P50 *int `json:"p50,omitempty"`
		P95 *int `json:"p95,omitempty"`
	} `json:"approval_latency_ms,omitempty"`
	ByRiskLevel *map[string]int `json:"by_risk_level,omitempty"`
	Spend       *struct {
		Currency        *string `json:"currency,omitempty"`
		TotalMinorUnits *int    `json:"total_minor_units,omitempty"`
	} `json:"spend,omitempty"`
	Totals *struct {
		ApprovalsGranted    *int `json:"approvals_granted,omitempty"`
		ApprovalsRequested  *int `json:"approvals_requested,omitempty"`
		Denials             *int `json:"denials,omitempty"`
		ExecutionsFailed    *int `json:"executions_failed,omitempty"`
		ExecutionsSucceeded *int `json:"executions_succeeded,omitempty"`
		Intents             *int `json:"intents,omitempty"`
	} `json:"totals,omitempty"`
}

AnalyticsSummary defines model for AnalyticsSummary.

type AnthropicMessage

type AnthropicMessage struct {
	// Content String or array of content blocks (`text`, `tool_use`,
	// `tool_result`, `image`, ...). Shape follows Anthropic's
	// Messages contract.
	Content              interface{}            `json:"content"`
	Role                 AnthropicMessageRole   `json:"role"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

AnthropicMessage defines model for AnthropicMessage.

func (AnthropicMessage) Get

func (a AnthropicMessage) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for AnthropicMessage. Returns the specified element and whether it was found

func (AnthropicMessage) MarshalJSON

func (a AnthropicMessage) MarshalJSON() ([]byte, error)

Override default JSON handling for AnthropicMessage to handle AdditionalProperties

func (*AnthropicMessage) Set

func (a *AnthropicMessage) Set(fieldName string, value interface{})

Setter for additional properties for AnthropicMessage

func (*AnthropicMessage) UnmarshalJSON

func (a *AnthropicMessage) UnmarshalJSON(b []byte) error

Override default JSON handling for AnthropicMessage to handle AdditionalProperties

type AnthropicMessageRole

type AnthropicMessageRole string

AnthropicMessageRole defines model for AnthropicMessage.Role.

const (
	AnthropicMessageRoleAssistant AnthropicMessageRole = "assistant"
	AnthropicMessageRoleUser      AnthropicMessageRole = "user"
)

Defines values for AnthropicMessageRole.

func (AnthropicMessageRole) Valid

func (e AnthropicMessageRole) Valid() bool

Valid indicates whether the value is a known member of the AnthropicMessageRole enum.

type AnthropicTool

type AnthropicTool struct {
	Description *string `json:"description,omitempty"`

	// InputSchema JSON Schema for the tool's input.
	InputSchema          *map[string]interface{} `json:"input_schema,omitempty"`
	Name                 string                  `json:"name"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

AnthropicTool defines model for AnthropicTool.

func (AnthropicTool) Get

func (a AnthropicTool) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for AnthropicTool. Returns the specified element and whether it was found

func (AnthropicTool) MarshalJSON

func (a AnthropicTool) MarshalJSON() ([]byte, error)

Override default JSON handling for AnthropicTool to handle AdditionalProperties

func (*AnthropicTool) Set

func (a *AnthropicTool) Set(fieldName string, value interface{})

Setter for additional properties for AnthropicTool

func (*AnthropicTool) UnmarshalJSON

func (a *AnthropicTool) UnmarshalJSON(b []byte) error

Override default JSON handling for AnthropicTool to handle AdditionalProperties

type AppendEvidenceRequest

type AppendEvidenceRequest struct {
	Evidence []EvidenceItem `json:"evidence"`
}

AppendEvidenceRequest defines model for AppendEvidenceRequest.

type AppendIntentEvidenceJSONRequestBody

type AppendIntentEvidenceJSONRequestBody = AppendEvidenceRequest

AppendIntentEvidenceJSONRequestBody defines body for AppendIntentEvidence for application/json ContentType.

type Approval

type Approval struct {
	ApprovalId     string                  `json:"approval_id"`
	Approvers      []ApprovalActor         `json:"approvers"`
	EditableBounds *map[string]interface{} `json:"editable_bounds,omitempty"`
	ExpiresAt      *time.Time              `json:"expires_at,omitempty"`
	IntentId       string                  `json:"intent_id"`
	Rationale      *string                 `json:"rationale,omitempty"`
	RequestedAt    time.Time               `json:"requested_at"`
	ResolvedAt     *time.Time              `json:"resolved_at,omitempty"`
	Status         ApprovalStatus          `json:"status"`
	WorkspaceId    *string                 `json:"workspace_id,omitempty"`
}

Approval defines model for Approval.

type ApprovalActionResponse

type ApprovalActionResponse struct {
	ApprovalId       string         `json:"approval_id"`
	ExecutionGrantId *string        `json:"execution_grant_id,omitempty"`
	IntentStatus     *IntentStatus  `json:"intent_status,omitempty"`
	Status           ApprovalStatus `json:"status"`
}

ApprovalActionResponse defines model for ApprovalActionResponse.

type ApprovalActor

type ApprovalActor struct {
	DisplayName *string              `json:"display_name,omitempty"`
	PrincipalId string               `json:"principal_id"`
	Role        *string              `json:"role,omitempty"`
	Status      *ApprovalActorStatus `json:"status,omitempty"`
}

ApprovalActor defines model for ApprovalActor.

type ApprovalActorStatus

type ApprovalActorStatus string

ApprovalActorStatus defines model for ApprovalActor.Status.

const (
	ApprovalActorStatusApproved  ApprovalActorStatus = "approved"
	ApprovalActorStatusDelegated ApprovalActorStatus = "delegated"
	ApprovalActorStatusDenied    ApprovalActorStatus = "denied"
	ApprovalActorStatusPending   ApprovalActorStatus = "pending"
)

Defines values for ApprovalActorStatus.

func (ApprovalActorStatus) Valid

func (e ApprovalActorStatus) Valid() bool

Valid indicates whether the value is a known member of the ApprovalActorStatus enum.

type ApprovalId

type ApprovalId = string

ApprovalId defines model for ApprovalId.

type ApprovalListResponse

type ApprovalListResponse struct {
	Items      *[]Approval `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

ApprovalListResponse defines model for ApprovalListResponse.

type ApprovalRequirement

type ApprovalRequirement struct {
	ApproverGroupId *string                  `json:"approver_group_id,omitempty"`
	Mode            *ApprovalRequirementMode `json:"mode,omitempty"`
	QuorumCount     *int                     `json:"quorum_count,omitempty"`
}

ApprovalRequirement defines model for ApprovalRequirement.

type ApprovalRequirementMode

type ApprovalRequirementMode string

ApprovalRequirementMode defines model for ApprovalRequirement.Mode.

const (
	AllOfGroup ApprovalRequirementMode = "all_of_group"
	AnyOfGroup ApprovalRequirementMode = "any_of_group"
	Quorum     ApprovalRequirementMode = "quorum"
	Single     ApprovalRequirementMode = "single"
)

Defines values for ApprovalRequirementMode.

func (ApprovalRequirementMode) Valid

func (e ApprovalRequirementMode) Valid() bool

Valid indicates whether the value is a known member of the ApprovalRequirementMode enum.

type ApprovalStatus

type ApprovalStatus string

ApprovalStatus defines model for ApprovalStatus.

const (
	ApprovalStatusApproved  ApprovalStatus = "approved"
	ApprovalStatusCancelled ApprovalStatus = "cancelled"
	ApprovalStatusDelegated ApprovalStatus = "delegated"
	ApprovalStatusDenied    ApprovalStatus = "denied"
	ApprovalStatusExpired   ApprovalStatus = "expired"
	ApprovalStatusModified  ApprovalStatus = "modified"
	ApprovalStatusPending   ApprovalStatus = "pending"
)

Defines values for ApprovalStatus.

func (ApprovalStatus) Valid

func (e ApprovalStatus) Valid() bool

Valid indicates whether the value is a known member of the ApprovalStatus enum.

type ApproveRequest

type ApproveRequest struct {
	ApproveOnce         *bool   `json:"approve_once,omitempty"`
	Comment             *string `json:"comment,omitempty"`
	StepUpAuthAssertion *string `json:"step_up_auth_assertion,omitempty"`
}

ApproveRequest defines model for ApproveRequest.

type ApproveRequestJSONRequestBody

type ApproveRequestJSONRequestBody = ApproveRequest

ApproveRequestJSONRequestBody defines body for ApproveRequest for application/json ContentType.

type AttachmentRef

type AttachmentRef struct {
	MimeType   *string `json:"mime_type,omitempty"`
	Name       *string `json:"name,omitempty"`
	StorageRef *string `json:"storage_ref,omitempty"`
	Url        *string `json:"url,omitempty"`
}

AttachmentRef defines model for AttachmentRef.

type AuditEvent

type AuditEvent struct {
	Actor ActorRef `json:"actor"`

	// AuditId Stable id minted by the recorder. For failures, also
	// stamped onto the `FailureEnvelope.error.audit_id` so the
	// envelope returned to the caller is a working back-reference.
	AuditId string `json:"audit_id"`

	// EventType Discriminator for the payload shape (e.g.
	// `execution.failed`, `action.installed`, `binding.created`).
	EventType string `json:"event_type"`

	// Payload Event-shaped payload. For failures, contains
	// `class`/`boundary`/`retriable`/`message`/`details`. For
	// success events, contains the event-specific fields the
	// recorder set (e.g. `name`, `connector_fqn`, `kind` for a
	// binding event).
	Payload map[string]interface{} `json:"payload"`

	// Timestamp When the event was recorded; RFC 3339, UTC.
	Timestamp time.Time `json:"timestamp"`
}

AuditEvent A single audit-log entry. Shape is stable across the events the ADR-0010 recorder emits (failures, action installs, binding lifecycle). Specific keys inside `payload` depend on `event_type` and are documented in the recorder.

type AuditIngestRequest

type AuditIngestRequest struct {
	Actor ActorRef `json:"actor"`

	// EventType Discriminator for the payload shape (e.g.
	// `flightplan.launch.action`, `flightplan.launch`).
	EventType string `json:"event_type"`

	// Payload Event-shaped payload recorded verbatim.
	Payload map[string]interface{} `json:"payload"`

	// Timestamp Optional, accepted for forward-compatibility. Ignored in
	// v1; the recorder stamps the server clock at commit time.
	Timestamp *time.Time `json:"timestamp,omitempty"`
}

AuditIngestRequest Request body for `POST /v1/audit`. Mirrors the AuditEvent shape a client wants recorded, minus the server-minted `audit_id`. `timestamp` is optional and server-authoritative: the recorder stamps commit time and does not honor a client-asserted value in v1.

type AuditIngestResponse

type AuditIngestResponse struct {
	// AuditId The id the recorder minted for the appended event.
	AuditId string `json:"audit_id"`
}

AuditIngestResponse Response for a successful `POST /v1/audit` append.

type AuditListResponse

type AuditListResponse struct {
	Events []AuditEvent `json:"events"`
}

AuditListResponse Response shape for `GET /v1/audit`. `events` is ordered newest-first; truncation to `limit` is applied after filtering.

type AuditTraceEdge

type AuditTraceEdge struct {
	// From Parent (downstream/consumer) node id.
	From string `json:"from"`

	// To Child (upstream/producer) node id.
	To string `json:"to"`
}

AuditTraceEdge A directed edge in a provenance graph, running parent → child (downstream consumer → upstream producer).

type AuditTraceNode

type AuditTraceNode struct {
	// ContentHash For an artifact node, the content hash it materialized, or
	// for a `plan_input` node, the hash of the plan-provided root
	// input value (`sha256:<hex>`). Absent on step and literal nodes.
	ContentHash *string `json:"content_hash,omitempty"`

	// Dangling True when an artifact node's content hash could not be
	// resolved to a producing record (dangling upstream). Such a
	// node is marked, not fatal.
	Dangling *bool `json:"dangling,omitempty"`

	// Depth Distance from the root artifact (0 = root).
	Depth int `json:"depth"`

	// Event A single audit-log entry. Shape is stable across the events
	// the ADR-0010 recorder emits (failures, action installs,
	// binding lifecycle). Specific keys inside `payload` depend on
	// `event_type` and are documented in the recorder.
	Event *AuditEvent `json:"event,omitempty"`

	// Id Stable node id, unique within the graph.
	Id string `json:"id"`

	// Kind The node's role in the provenance graph.
	Kind AuditTraceNodeKind `json:"kind"`

	// Literal For a `literal` or `plan_input` node, the input
	// binding/source it stands for.
	Literal *struct {
		// Binding The input binding name.
		Binding string `json:"binding"`

		// Source The reference the input resolved (raw source).
		Source *string `json:"source,omitempty"`
	} `json:"literal,omitempty"`

	// Subtitle Optional secondary detail line.
	Subtitle *string `json:"subtitle,omitempty"`

	// Title One-line summary the consumer renders.
	Title string `json:"title"`
}

AuditTraceNode One node in a provenance graph. `kind` distinguishes an `artifact` (a materialized output), the `step` that produced it, a `literal` input leaf (an input with no content hash), a `plan_input` leaf (a plan-provided root input sourced from `inputs.*` that carries a content hash but has no producing record by design), and the terminal `launch` node carrying plan/actor provenance.

type AuditTraceNodeKind

type AuditTraceNodeKind string

AuditTraceNodeKind The node's role in the provenance graph.

const (
	Artifact  AuditTraceNodeKind = "artifact"
	Launch    AuditTraceNodeKind = "launch"
	Literal   AuditTraceNodeKind = "literal"
	PlanInput AuditTraceNodeKind = "plan_input"
	Step      AuditTraceNodeKind = "step"
)

Defines values for AuditTraceNodeKind.

func (AuditTraceNodeKind) Valid

func (e AuditTraceNodeKind) Valid() bool

Valid indicates whether the value is a known member of the AuditTraceNodeKind enum.

type AuditTraceResponse

type AuditTraceResponse struct {
	Edges []AuditTraceEdge `json:"edges"`
	Nodes []AuditTraceNode `json:"nodes"`

	// RootId Id of the root artifact node the walk started at.
	RootId string `json:"root_id"`
}

AuditTraceResponse Response shape for `GET /v1/audit/trace`. A provenance graph assembled server-side from recorded `output.materialized` events. `root_id` is the id of the node the walk started at (the rooting artifact). `nodes` and `edges` describe the DAG; edges run parent → child (downstream consumer → upstream producer). Field names and node kinds mirror the client-side provenance model so a consumer can render either without reshaping.

type BadRequest

type BadRequest = Error

BadRequest Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type Binding

type Binding struct {
	// AccessKeyId AWS access key ID for an `aws_sigv4` binding. Non-secret (it
	// appears verbatim in the signed `Authorization` header). Empty
	// for other kinds. The signing region and service are derived from
	// the resolved upstream host at egress, so no region rides on the
	// binding.
	AccessKeyId *string `json:"access_key_id,omitempty"`

	// Account Human-readable account label derived from credential metadata when available.
	Account *string `json:"account,omitempty"`

	// ConnectorFqn FQN of the connector this binding was created for.
	ConnectorFqn string    `json:"connector_fqn"`
	CreatedAt    time.Time `json:"created_at"`

	// GrantedScopes OAuth scope strings the provider confirmed on the most
	// recent successful handshake. Empty for non-OAuth kinds and
	// for OAuth bindings created before scope tracking landed
	// (those are migration-marked `stale` on first
	// install-after-upgrade).
	GrantedScopes *[]string `json:"granted_scopes,omitempty"`

	// Identity User-chosen handle distinguishing variants of the same kind+service (e.g. `work`, `personal`).
	Identity string `json:"identity"`

	// Kind Credential kind (e.g. `api_key`, `oauth2`). Matches the connector manifest's `[capabilities.credential].kind`.
	Kind string `json:"kind"`

	// LastRefreshedAt Reserved for OAuth refresh tracking (#388); always null for `api_key`.
	LastRefreshedAt *time.Time `json:"last_refreshed_at,omitempty"`

	// LastUsedAt Last time the runtime resolved this binding for an action invocation.
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`

	// MissingScopes Scope strings the current connector manifest demands but
	// this binding's recorded grant lacks. Populated when
	// `stale_reason == "scope_drift"` and empty otherwise. The
	// webapp/CLI render this so the user can see what
	// reauthorization will unlock.
	MissingScopes *[]string `json:"missing_scopes,omitempty"`

	// Name Full binding name in `<kind>/<service>/<identity>` form.
	Name string `json:"name"`

	// RefreshTokenPresent Reserved for OAuth refresh tracking (#388); always false for `api_key`.
	RefreshTokenPresent *bool `json:"refresh_token_present,omitempty"`

	// Scope Optional scope string copied from the connector manifest at setup time.
	Scope *string `json:"scope,omitempty"`

	// Service Service identifier (e.g. `slack`, `linear`).
	Service string `json:"service"`

	// StaleReason Populated when `status == "stale"`. `scope_drift` means the
	// connector manifest declares a scope this binding lacks;
	// `no_grant_record` means the binding predates scope tracking
	// and was migration-marked on the first install-after-upgrade.
	StaleReason *BindingStaleReason `json:"stale_reason,omitempty"`

	// Status Coarse health flag. `stale` is set by drift detection at
	// connector-install time when the manifest's OAuth scope set
	// demands a scope the binding's recorded grant does not have,
	// or when a pre-existing binding has no recorded grant.
	Status *BindingStatus `json:"status,omitempty"`
}

Binding A capability binding mapping a connector's declared credential capability to a concrete vault entry, per ADR-0006. The same `name` string is the vault path the runtime resolves at credential-mediation time.

type BindingListResponse

type BindingListResponse struct {
	Items []Binding `json:"items"`
}

BindingListResponse defines model for BindingListResponse.

type BindingName

type BindingName = string

BindingName defines model for BindingName.

type BindingSetupRequest

type BindingSetupRequest struct {
	Bindings []struct {
		// Account Optional human-readable account label.
		Account *string `json:"account,omitempty"`

		// Identity User-chosen handle for this binding. Combined with the
		// connector's declared kind and service to form the
		// full binding name `<kind>/<service>/<identity>`.
		Identity string `json:"identity"`

		// Service Optional service override. Defaults to the service
		// segment derived from the connector FQN's host.
		Service *string `json:"service,omitempty"`

		// Source Per-binding credential source. Supports `api_key` and `aws_sigv4`
		// directly; `oauth2` is created through the dedicated OAuth dance and
		// setting `kind: oauth2` here returns a structured `400` referencing
		// #388.
		Source BindingSource `json:"source"`
	} `json:"bindings"`

	// ConnectorFqn Fully-qualified connector name (e.g. `github://aileron/slack`).
	// The connector must already be installed.
	ConnectorFqn string `json:"connector_fqn"`

	// SkipExisting When true (default), bindings whose name already exists are
	// skipped silently and reported in the response's `skipped`
	// list. When false, the entire request fails with `409 Conflict`
	// on the first existing binding.
	SkipExisting *bool `json:"skip_existing,omitempty"`
}

BindingSetupRequest defines model for BindingSetupRequest.

type BindingSetupResponse

type BindingSetupResponse struct {
	Created []Binding `json:"created"`

	// Skipped Names of bindings that already existed (only populated when `skip_existing` was true).
	Skipped *[]string `json:"skipped,omitempty"`
}

BindingSetupResponse defines model for BindingSetupResponse.

type BindingSource

type BindingSource struct {
	// AccessKeyId Optional AWS access key ID for an `aws_sigv4` binding. Non-secret
	// (it appears verbatim in the signed `Authorization` header's
	// `Credential=` field). When set it is stored on the binding and
	// wins over the connector manifest's `access_key_id` at signing
	// time. Ignored for other kinds. The signing region and service are
	// derived from the resolved upstream host at egress, so a binding
	// carries no region.
	AccessKeyId *string `json:"access_key_id,omitempty"`

	// Kind Credential kind. Must match the connector manifest's declared
	// `[capabilities.credential].kind` for the requested capability.
	Kind BindingSourceKind `json:"kind"`

	// Value Raw credential bytes. For `api_key` this is the API key; for
	// `aws_sigv4` it is the AWS secret access key. Required for both
	// kinds. The runtime stores this encrypted in the vault and never
	// exposes it to the connector.
	Value *string `json:"value,omitempty"`
}

BindingSource Per-binding credential source. Supports `api_key` and `aws_sigv4` directly; `oauth2` is created through the dedicated OAuth dance and setting `kind: oauth2` here returns a structured `400` referencing #388.

type BindingSourceKind

type BindingSourceKind string

BindingSourceKind Credential kind. Must match the connector manifest's declared `[capabilities.credential].kind` for the requested capability.

const (
	BindingSourceKindApiKey   BindingSourceKind = "api_key"
	BindingSourceKindAwsSigv4 BindingSourceKind = "aws_sigv4"
	BindingSourceKindOauth2   BindingSourceKind = "oauth2"
)

Defines values for BindingSourceKind.

func (BindingSourceKind) Valid

func (e BindingSourceKind) Valid() bool

Valid indicates whether the value is a known member of the BindingSourceKind enum.

type BindingStaleReason

type BindingStaleReason string

BindingStaleReason Populated when `status == "stale"`. `scope_drift` means the connector manifest declares a scope this binding lacks; `no_grant_record` means the binding predates scope tracking and was migration-marked on the first install-after-upgrade.

const (
	BindingStaleReasonNoGrantRecord BindingStaleReason = "no_grant_record"
	BindingStaleReasonScopeDrift    BindingStaleReason = "scope_drift"
)

Defines values for BindingStaleReason.

func (BindingStaleReason) Valid

func (e BindingStaleReason) Valid() bool

Valid indicates whether the value is a known member of the BindingStaleReason enum.

type BindingStatus

type BindingStatus string

BindingStatus Coarse health flag. `stale` is set by drift detection at connector-install time when the manifest's OAuth scope set demands a scope the binding's recorded grant does not have, or when a pre-existing binding has no recorded grant.

const (
	BindingStatusActive  BindingStatus = "active"
	BindingStatusRevoked BindingStatus = "revoked"
	BindingStatusStale   BindingStatus = "stale"
)

Defines values for BindingStatus.

func (BindingStatus) Valid

func (e BindingStatus) Valid() bool

Valid indicates whether the value is a known member of the BindingStatus enum.

type CalendarAction

type CalendarAction struct {
	Attendees      *[]CalendarAttendee           `json:"attendees,omitempty"`
	CalendarId     *string                       `json:"calendar_id,omitempty"`
	ConferenceType *CalendarActionConferenceType `json:"conference_type,omitempty"`
	Description    *string                       `json:"description,omitempty"`
	EndTime        *time.Time                    `json:"end_time,omitempty"`
	Location       *string                       `json:"location,omitempty"`
	Provider       *CalendarActionProvider       `json:"provider,omitempty"`
	StartTime      *time.Time                    `json:"start_time,omitempty"`
	Timezone       *string                       `json:"timezone,omitempty"`
	Title          *string                       `json:"title,omitempty"`
	Visibility     *CalendarActionVisibility     `json:"visibility,omitempty"`
}

CalendarAction defines model for CalendarAction.

type CalendarActionConferenceType

type CalendarActionConferenceType string

CalendarActionConferenceType defines model for CalendarAction.ConferenceType.

const (
	CalendarActionConferenceTypeCustom     CalendarActionConferenceType = "custom"
	CalendarActionConferenceTypeGoogleMeet CalendarActionConferenceType = "google_meet"
	CalendarActionConferenceTypeNone       CalendarActionConferenceType = "none"
	CalendarActionConferenceTypeTeams      CalendarActionConferenceType = "teams"
	CalendarActionConferenceTypeZoom       CalendarActionConferenceType = "zoom"
)

Defines values for CalendarActionConferenceType.

func (CalendarActionConferenceType) Valid

Valid indicates whether the value is a known member of the CalendarActionConferenceType enum.

type CalendarActionProvider

type CalendarActionProvider string

CalendarActionProvider defines model for CalendarAction.Provider.

const (
	CalendarActionProviderCustom         CalendarActionProvider = "custom"
	CalendarActionProviderGoogleCalendar CalendarActionProvider = "google_calendar"
	CalendarActionProviderOutlook        CalendarActionProvider = "outlook"
)

Defines values for CalendarActionProvider.

func (CalendarActionProvider) Valid

func (e CalendarActionProvider) Valid() bool

Valid indicates whether the value is a known member of the CalendarActionProvider enum.

type CalendarActionVisibility

type CalendarActionVisibility string

CalendarActionVisibility defines model for CalendarAction.Visibility.

const (
	Default CalendarActionVisibility = "default"
	Private CalendarActionVisibility = "private"
	Public  CalendarActionVisibility = "public"
)

Defines values for CalendarActionVisibility.

func (CalendarActionVisibility) Valid

func (e CalendarActionVisibility) Valid() bool

Valid indicates whether the value is a known member of the CalendarActionVisibility enum.

type CalendarAttendee

type CalendarAttendee struct {
	Email    openapi_types.Email `json:"email"`
	Name     *string             `json:"name,omitempty"`
	Optional *bool               `json:"optional,omitempty"`
}

CalendarAttendee defines model for CalendarAttendee.

type ChatCompletionChoice

type ChatCompletionChoice struct {
	FinishReason         string                 `json:"finish_reason"`
	Index                int                    `json:"index"`
	Message              ChatCompletionMessage  `json:"message"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

ChatCompletionChoice defines model for ChatCompletionChoice.

func (ChatCompletionChoice) Get

func (a ChatCompletionChoice) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionChoice. Returns the specified element and whether it was found

func (ChatCompletionChoice) MarshalJSON

func (a ChatCompletionChoice) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionChoice to handle AdditionalProperties

func (*ChatCompletionChoice) Set

func (a *ChatCompletionChoice) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionChoice

func (*ChatCompletionChoice) UnmarshalJSON

func (a *ChatCompletionChoice) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionChoice to handle AdditionalProperties

type ChatCompletionFunctionDef

type ChatCompletionFunctionDef struct {
	Description *string `json:"description,omitempty"`
	Name        string  `json:"name"`

	// Parameters JSON Schema for the function's parameters.
	Parameters           *map[string]interface{} `json:"parameters,omitempty"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

ChatCompletionFunctionDef defines model for ChatCompletionFunctionDef.

func (ChatCompletionFunctionDef) Get

func (a ChatCompletionFunctionDef) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionFunctionDef. Returns the specified element and whether it was found

func (ChatCompletionFunctionDef) MarshalJSON

func (a ChatCompletionFunctionDef) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionFunctionDef to handle AdditionalProperties

func (*ChatCompletionFunctionDef) Set

func (a *ChatCompletionFunctionDef) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionFunctionDef

func (*ChatCompletionFunctionDef) UnmarshalJSON

func (a *ChatCompletionFunctionDef) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionFunctionDef to handle AdditionalProperties

type ChatCompletionMessage

type ChatCompletionMessage struct {
	// Content String or array of content parts; shape follows the upstream
	// provider's contract. Aileron does not require parsing.
	Content interface{}               `json:"content,omitempty"`
	Name    *string                   `json:"name,omitempty"`
	Role    ChatCompletionMessageRole `json:"role"`

	// ToolCallId Required on `tool` role messages.
	ToolCallId           *string                   `json:"tool_call_id,omitempty"`
	ToolCalls            *[]ChatCompletionToolCall `json:"tool_calls,omitempty"`
	AdditionalProperties map[string]interface{}    `json:"-"`
}

ChatCompletionMessage defines model for ChatCompletionMessage.

func (ChatCompletionMessage) Get

func (a ChatCompletionMessage) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionMessage. Returns the specified element and whether it was found

func (ChatCompletionMessage) MarshalJSON

func (a ChatCompletionMessage) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionMessage to handle AdditionalProperties

func (*ChatCompletionMessage) Set

func (a *ChatCompletionMessage) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionMessage

func (*ChatCompletionMessage) UnmarshalJSON

func (a *ChatCompletionMessage) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionMessage to handle AdditionalProperties

type ChatCompletionMessageRole

type ChatCompletionMessageRole string

ChatCompletionMessageRole defines model for ChatCompletionMessage.Role.

const (
	ChatCompletionMessageRoleAssistant ChatCompletionMessageRole = "assistant"
	ChatCompletionMessageRoleDeveloper ChatCompletionMessageRole = "developer"
	ChatCompletionMessageRoleSystem    ChatCompletionMessageRole = "system"
	ChatCompletionMessageRoleTool      ChatCompletionMessageRole = "tool"
	ChatCompletionMessageRoleUser      ChatCompletionMessageRole = "user"
)

Defines values for ChatCompletionMessageRole.

func (ChatCompletionMessageRole) Valid

func (e ChatCompletionMessageRole) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionMessageRole enum.

type ChatCompletionRequest

type ChatCompletionRequest struct {
	Messages []ChatCompletionMessage `json:"messages"`

	// Model Model identifier passed to the upstream provider.
	Model string `json:"model"`

	// Stream When true, the response is `text/event-stream`. Aileron
	// buffers tool-call deltas for augmented actions until the call
	// is structurally complete.
	Stream *bool `json:"stream,omitempty"`

	// ToolChoice Passed through to the upstream provider unchanged.
	ToolChoice interface{} `json:"tool_choice,omitempty"`

	// Tools Agent-declared tools. Aileron preserves these unchanged and
	// appends installed actions to the array before forwarding
	// upstream.
	Tools                *[]ChatCompletionTool  `json:"tools,omitempty"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

ChatCompletionRequest defines model for ChatCompletionRequest.

func (ChatCompletionRequest) Get

func (a ChatCompletionRequest) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionRequest. Returns the specified element and whether it was found

func (ChatCompletionRequest) MarshalJSON

func (a ChatCompletionRequest) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionRequest to handle AdditionalProperties

func (*ChatCompletionRequest) Set

func (a *ChatCompletionRequest) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionRequest

func (*ChatCompletionRequest) UnmarshalJSON

func (a *ChatCompletionRequest) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionRequest to handle AdditionalProperties

type ChatCompletionResponse

type ChatCompletionResponse struct {
	Choices              []ChatCompletionChoice  `json:"choices"`
	Created              *int                    `json:"created,omitempty"`
	Id                   string                  `json:"id"`
	Model                string                  `json:"model"`
	Object               string                  `json:"object"`
	Usage                *map[string]interface{} `json:"usage,omitempty"`
	AdditionalProperties map[string]interface{}  `json:"-"`
}

ChatCompletionResponse defines model for ChatCompletionResponse.

func (ChatCompletionResponse) Get

func (a ChatCompletionResponse) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionResponse. Returns the specified element and whether it was found

func (ChatCompletionResponse) MarshalJSON

func (a ChatCompletionResponse) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionResponse to handle AdditionalProperties

func (*ChatCompletionResponse) Set

func (a *ChatCompletionResponse) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionResponse

func (*ChatCompletionResponse) UnmarshalJSON

func (a *ChatCompletionResponse) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionResponse to handle AdditionalProperties

type ChatCompletionTool

type ChatCompletionTool struct {
	Function             *ChatCompletionFunctionDef `json:"function,omitempty"`
	Type                 ChatCompletionToolType     `json:"type"`
	AdditionalProperties map[string]interface{}     `json:"-"`
}

ChatCompletionTool defines model for ChatCompletionTool.

func (ChatCompletionTool) Get

func (a ChatCompletionTool) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionTool. Returns the specified element and whether it was found

func (ChatCompletionTool) MarshalJSON

func (a ChatCompletionTool) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionTool to handle AdditionalProperties

func (*ChatCompletionTool) Set

func (a *ChatCompletionTool) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionTool

func (*ChatCompletionTool) UnmarshalJSON

func (a *ChatCompletionTool) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionTool to handle AdditionalProperties

type ChatCompletionToolCall

type ChatCompletionToolCall struct {
	Function struct {
		// Arguments JSON-encoded argument object.
		Arguments string `json:"arguments"`
		Name      string `json:"name"`
	} `json:"function"`
	Id                   string                     `json:"id"`
	Type                 ChatCompletionToolCallType `json:"type"`
	AdditionalProperties map[string]interface{}     `json:"-"`
}

ChatCompletionToolCall defines model for ChatCompletionToolCall.

func (ChatCompletionToolCall) Get

func (a ChatCompletionToolCall) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for ChatCompletionToolCall. Returns the specified element and whether it was found

func (ChatCompletionToolCall) MarshalJSON

func (a ChatCompletionToolCall) MarshalJSON() ([]byte, error)

Override default JSON handling for ChatCompletionToolCall to handle AdditionalProperties

func (*ChatCompletionToolCall) Set

func (a *ChatCompletionToolCall) Set(fieldName string, value interface{})

Setter for additional properties for ChatCompletionToolCall

func (*ChatCompletionToolCall) UnmarshalJSON

func (a *ChatCompletionToolCall) UnmarshalJSON(b []byte) error

Override default JSON handling for ChatCompletionToolCall to handle AdditionalProperties

type ChatCompletionToolCallType

type ChatCompletionToolCallType string

ChatCompletionToolCallType defines model for ChatCompletionToolCall.Type.

const (
	ChatCompletionToolCallTypeFunction ChatCompletionToolCallType = "function"
)

Defines values for ChatCompletionToolCallType.

func (ChatCompletionToolCallType) Valid

func (e ChatCompletionToolCallType) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionToolCallType enum.

type ChatCompletionToolType

type ChatCompletionToolType string

ChatCompletionToolType defines model for ChatCompletionTool.Type.

const (
	ChatCompletionToolTypeFunction ChatCompletionToolType = "function"
)

Defines values for ChatCompletionToolType.

func (ChatCompletionToolType) Valid

func (e ChatCompletionToolType) Valid() bool

Valid indicates whether the value is a known member of the ChatCompletionToolType enum.

type CheckConnectorsParams

type CheckConnectorsParams struct {
	// IncludePrerelease Include pre-release versions when computing the latest version.
	IncludePrerelease *bool `form:"include_prerelease,omitempty" json:"include_prerelease,omitempty"`
}

CheckConnectorsParams defines parameters for CheckConnectors.

type CloudAction

type CloudAction struct {
	AccountId     *string              `json:"account_id,omitempty"`
	EstimatedCost *Money               `json:"estimated_cost,omitempty"`
	Operation     *string              `json:"operation,omitempty"`
	Provider      *CloudActionProvider `json:"provider,omitempty"`
	Region        *string              `json:"region,omitempty"`
	ResourceId    *string              `json:"resource_id,omitempty"`
	ResourceType  *string              `json:"resource_type,omitempty"`
	Tags          *map[string]string   `json:"tags,omitempty"`
}

CloudAction defines model for CloudAction.

type CloudActionProvider

type CloudActionProvider string

CloudActionProvider defines model for CloudAction.Provider.

const (
	CloudActionProviderAws        CloudActionProvider = "aws"
	CloudActionProviderAzure      CloudActionProvider = "azure"
	CloudActionProviderCloudflare CloudActionProvider = "cloudflare"
	CloudActionProviderCustom     CloudActionProvider = "custom"
	CloudActionProviderGcp        CloudActionProvider = "gcp"
)

Defines values for CloudActionProvider.

func (CloudActionProvider) Valid

func (e CloudActionProvider) Valid() bool

Valid indicates whether the value is a known member of the CloudActionProvider enum.

type CommsMessage

type CommsMessage struct {
	// Author Sender's display name.
	Author string `json:"author"`

	// Body Full message text.
	Body string `json:"body"`

	// Channel Channel name or ID the message arrived on.
	Channel string `json:"channel"`

	// DraftRequest True when the message arrived on a channel configured for
	// auto-draft and no reply has been drafted yet — the agent
	// should call `draft_reply` with this message's id.
	DraftRequest *bool `json:"draft_request,omitempty"`

	// Id Stable per-message identifier (set by the inbound listener).
	Id string `json:"id"`

	// Service Source service ("slack", "discord", ...).
	Service string `json:"service"`

	// Timestamp When the listener received the message (RFC3339).
	Timestamp time.Time `json:"timestamp"`
}

CommsMessage A single message read from the daemon's notify queue. Mirrors the wire shape `aileron-mcp`'s `read_messages` tool surfaces to the agent so the agent can decide whether to draft a reply.

type ConfirmedFingerprint

type ConfirmedFingerprint struct {
	// Fingerprint Publisher-key fingerprint the operator confirmed
	// (`sha256:<22 base64-no-padding chars>`).
	Fingerprint string `json:"fingerprint"`

	// Fqn Connector authority FQN (e.g. `github://alice/conn-x`).
	Fqn string `json:"fqn"`
}

ConfirmedFingerprint One entry in `InstallActionRequest.confirmed_fingerprints`. The `fqn` is the connector-authority FQN (e.g. `github://alice/conn-google`) rather than the action FQN — trust in the keyring is keyed by authority, and one authority covers every action/connector that ships from the same publisher repo.

type Conflict

type Conflict = Error

Conflict Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type ConnectAccountCallbackParams

type ConnectAccountCallbackParams struct {
	Code  string  `form:"code" json:"code"`
	State *string `form:"state,omitempty" json:"state,omitempty"`
}

ConnectAccountCallbackParams defines parameters for ConnectAccountCallback.

type ConnectAccountParams

type ConnectAccountParams struct {
	// ReturnTo URL to redirect to after the account is connected. Must be a same-site absolute URL or a relative path. Defaults to /settings/connected-accounts.
	ReturnTo *string `form:"return_to,omitempty" json:"return_to,omitempty"`
}

ConnectAccountParams defines parameters for ConnectAccount.

type ConnectedAccount

type ConnectedAccount struct {
	CreatedAt *time.Time `json:"created_at,omitempty"`

	// ExternalUserId Provider-specific user identifier (e.g. email for Gmail, username for GitHub, user ID for Slack)
	ExternalUserId *string                   `json:"external_user_id,omitempty"`
	Id             *string                   `json:"id,omitempty"`
	Provider       *ConnectedAccountProvider `json:"provider,omitempty"`

	// Scopes OAuth scopes granted to Aileron
	Scopes    *[]string               `json:"scopes,omitempty"`
	Status    *ConnectedAccountStatus `json:"status,omitempty"`
	UpdatedAt *time.Time              `json:"updated_at,omitempty"`
	UserId    *string                 `json:"user_id,omitempty"`
}

ConnectedAccount defines model for ConnectedAccount.

type ConnectedAccountProvider

type ConnectedAccountProvider string

ConnectedAccountProvider defines model for ConnectedAccount.Provider.

const (
	Gmail             ConnectedAccountProvider = "gmail"
	GoogleCalendar    ConnectedAccountProvider = "google_calendar"
	MicrosoftCalendar ConnectedAccountProvider = "microsoft_calendar"
	Outlook           ConnectedAccountProvider = "outlook"
)

Defines values for ConnectedAccountProvider.

func (ConnectedAccountProvider) Valid

func (e ConnectedAccountProvider) Valid() bool

Valid indicates whether the value is a known member of the ConnectedAccountProvider enum.

type ConnectedAccountStatus

type ConnectedAccountStatus string

ConnectedAccountStatus defines model for ConnectedAccount.Status.

const (
	ConnectedAccountStatusActive  ConnectedAccountStatus = "active"
	ConnectedAccountStatusExpired ConnectedAccountStatus = "expired"
	ConnectedAccountStatusRevoked ConnectedAccountStatus = "revoked"
)

Defines values for ConnectedAccountStatus.

func (ConnectedAccountStatus) Valid

func (e ConnectedAccountStatus) Valid() bool

Valid indicates whether the value is a known member of the ConnectedAccountStatus enum.

type Connector

type Connector struct {
	Auth        *ConnectorAuth          `json:"auth,omitempty"`
	ConnectorId string                  `json:"connector_id"`
	Environment *string                 `json:"environment,omitempty"`
	Metadata    *map[string]interface{} `json:"metadata,omitempty"`
	Name        string                  `json:"name"`
	PolicyIds   *[]string               `json:"policy_ids,omitempty"`
	Provider    *string                 `json:"provider,omitempty"`
	Status      ConnectorStatus         `json:"status"`
	Type        ConnectorType           `json:"type"`
	WorkspaceId string                  `json:"workspace_id"`
}

Connector defines model for Connector.

type ConnectorAuth

type ConnectorAuth struct {
	Method      ConnectorAuthMethod `json:"method"`
	ReferenceId *string             `json:"reference_id,omitempty"`
	Scopes      *[]string           `json:"scopes,omitempty"`
}

ConnectorAuth defines model for ConnectorAuth.

type ConnectorAuthMethod

type ConnectorAuthMethod string

ConnectorAuthMethod defines model for ConnectorAuth.Method.

const (
	ConnectorAuthMethodApiKeyRef         ConnectorAuthMethod = "api_key_ref"
	ConnectorAuthMethodCustom            ConnectorAuthMethod = "custom"
	ConnectorAuthMethodOauth2            ConnectorAuthMethod = "oauth2"
	ConnectorAuthMethodServiceAccountRef ConnectorAuthMethod = "service_account_ref"
	ConnectorAuthMethodWebhookSecretRef  ConnectorAuthMethod = "webhook_secret_ref"
)

Defines values for ConnectorAuthMethod.

func (ConnectorAuthMethod) Valid

func (e ConnectorAuthMethod) Valid() bool

Valid indicates whether the value is a known member of the ConnectorAuthMethod enum.

type ConnectorCheckResult

type ConnectorCheckResult struct {
	// AvailableVersions Versions strictly newer than `current_version`, sorted descending.
	// Omitted when `error` is present. Excludes pre-releases unless
	// the request set `include_prerelease=true`.
	AvailableVersions *[]string `json:"available_versions,omitempty"`

	// CurrentVersion Currently installed SemVer.
	CurrentVersion string `json:"current_version"`

	// Error Per-connector check error (network failure, source removed,
	// unknown scheme, scheme not yet implemented). When present,
	// `latest_version` and `available_versions` may be omitted —
	// the check failed for this connector but did not abort the
	// sweep.
	Error *string `json:"error,omitempty"`

	// Fqn Canonical FQN of the installed connector (per ADR-0002).
	Fqn string `json:"fqn"`

	// LatestVersion Latest available version after applying the prerelease filter.
	// Omitted when `error` is present or when no released versions
	// were found at the source.
	LatestVersion *string `json:"latest_version,omitempty"`

	// UpdateAvailable True when `latest_version` is strictly newer than `current_version`
	// under SemVer 2.0 ordering. False when this connector is up to date,
	// and false when `error` is present (we couldn't tell).
	UpdateAvailable bool `json:"update_available"`
}

ConnectorCheckResult defines model for ConnectorCheckResult.

type ConnectorId

type ConnectorId = string

ConnectorId defines model for ConnectorId.

type ConnectorInstallFailure

type ConnectorInstallFailure struct {
	// Error Human-readable error from the install pipeline.
	Error   string `json:"error"`
	Fqn     string `json:"fqn"`
	Version string `json:"version"`
}

ConnectorInstallFailure defines model for ConnectorInstallFailure.

type ConnectorListResponse

type ConnectorListResponse struct {
	Items      *[]Connector `json:"items,omitempty"`
	Pagination *Pagination  `json:"pagination,omitempty"`
}

ConnectorListResponse defines model for ConnectorListResponse.

type ConnectorOperationRunRejectedResponse

type ConnectorOperationRunRejectedResponse struct {
	// AuditId Audit log ID for the rejected operation attempt.
	AuditId      string                                      `json:"audit_id"`
	ConnectorFqn string                                      `json:"connector_fqn"`
	Message      string                                      `json:"message"`
	Operation    string                                      `json:"operation"`
	Status       ConnectorOperationRunRejectedResponseStatus `json:"status"`
	Tool         string                                      `json:"tool"`
}

ConnectorOperationRunRejectedResponse Fail-closed response for a recognized connector operation when mediated execution is not yet available.

type ConnectorOperationRunRejectedResponseStatus

type ConnectorOperationRunRejectedResponseStatus string

ConnectorOperationRunRejectedResponseStatus defines model for ConnectorOperationRunRejectedResponse.Status.

const (
	ConnectorOperationRunRejectedResponseStatusRejected ConnectorOperationRunRejectedResponseStatus = "rejected"
)

Defines values for ConnectorOperationRunRejectedResponseStatus.

func (ConnectorOperationRunRejectedResponseStatus) Valid

Valid indicates whether the value is a known member of the ConnectorOperationRunRejectedResponseStatus enum.

type ConnectorOperationRunRequest

type ConnectorOperationRunRequest struct {
	// Args JSON arguments supplied to the operation shim.
	Args *map[string]interface{} `json:"args,omitempty"`

	// ConnectorFqn Connector FQN from the installed connector spec.
	ConnectorFqn string `json:"connector_fqn"`

	// Operation Operation name within the tool.
	Operation string `json:"operation"`

	// Tool Sandbox-visible tool command name generated from the spec.
	Tool string `json:"tool"`
}

ConnectorOperationRunRequest Request emitted by generated sandbox connector-operation shims. The daemon resolves the identity fields against installed `aileron.connector.v1` specs before any execution work is attempted.

type ConnectorPreview

type ConnectorPreview struct {
	// AlreadyInstalled True when an entry with this hash is already in the
	// cstore. The CLI uses this to skip the consent prompt and
	// short-circuit to a "already installed" message — operators
	// running install twice in a row should not see the prompt
	// twice.
	AlreadyInstalled bool `json:"already_installed"`

	// Capabilities Flattened view of the connector manifest's `[capabilities.*]`
	// blocks. Optional sub-tables that are absent in the manifest
	// are absent here too — the CLI renders only what the connector
	// actually declares.
	Capabilities PreviewCapabilities `json:"capabilities"`

	// Description Human-readable description from the connector manifest.
	// May be empty.
	Description *string `json:"description,omitempty"`

	// Fqn Canonical FQN of the previewed connector.
	Fqn string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the fetched tarball's
	// (binary || manifest) bytes. Same value the install
	// endpoint will produce.
	Hash string `json:"hash"`

	// Publisher FQN authority — the entity that signed the connector. For
	// `github://owner/repo` this is `owner`. The CLI surfaces
	// this so the operator knows whose key trust is being
	// consumed for this install.
	Publisher string `json:"publisher"`

	// SignatureStatus Always `verified` when this preview is returned: a
	// signature failure short-circuits earlier in the pipeline
	// and surfaces as a 422 error per ADR-0007. The field
	// exists on the wire so future verification states (e.g.
	// `experimental_unsigned` for a trusted-but-unsigned dev
	// mode) can be added without breaking the response shape.
	SignatureStatus ConnectorPreviewSignatureStatus `json:"signature_status"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ConnectorPreview defines model for ConnectorPreview.

type ConnectorPreviewSignatureStatus

type ConnectorPreviewSignatureStatus string

ConnectorPreviewSignatureStatus Always `verified` when this preview is returned: a signature failure short-circuits earlier in the pipeline and surfaces as a 422 error per ADR-0007. The field exists on the wire so future verification states (e.g. `experimental_unsigned` for a trusted-but-unsigned dev mode) can be added without breaking the response shape.

const (
	ConnectorPreviewSignatureStatusVerified ConnectorPreviewSignatureStatus = "verified"
)

Defines values for ConnectorPreviewSignatureStatus.

func (ConnectorPreviewSignatureStatus) Valid

Valid indicates whether the value is a known member of the ConnectorPreviewSignatureStatus enum.

type ConnectorRef

type ConnectorRef struct {
	// Fqn Fully-qualified URI per ADR-0002.
	Fqn string `json:"fqn"`

	// Version Strict SemVer.
	Version string `json:"version"`
}

ConnectorRef defines model for ConnectorRef.

type ConnectorStatus

type ConnectorStatus string

ConnectorStatus defines model for Connector.Status.

const (
	ConnectorStatusActive   ConnectorStatus = "active"
	ConnectorStatusDisabled ConnectorStatus = "disabled"
	ConnectorStatusError    ConnectorStatus = "error"
)

Defines values for ConnectorStatus.

func (ConnectorStatus) Valid

func (e ConnectorStatus) Valid() bool

Valid indicates whether the value is a known member of the ConnectorStatus enum.

type ConnectorType

type ConnectorType string

ConnectorType defines model for ConnectorType.

const (
	ConnectorTypeCalendar      ConnectorType = "calendar"
	ConnectorTypeCloud         ConnectorType = "cloud"
	ConnectorTypeCrm           ConnectorType = "crm"
	ConnectorTypeCustom        ConnectorType = "custom"
	ConnectorTypeDeployment    ConnectorType = "deployment"
	ConnectorTypeEmail         ConnectorType = "email"
	ConnectorTypeErp           ConnectorType = "erp"
	ConnectorTypeInternalApi   ConnectorType = "internal_api"
	ConnectorTypePayments      ConnectorType = "payments"
	ConnectorTypeSecretManager ConnectorType = "secret_manager"
	ConnectorTypeSourceControl ConnectorType = "source_control"
	ConnectorTypeTicketing     ConnectorType = "ticketing"
)

Defines values for ConnectorType.

func (ConnectorType) Valid

func (e ConnectorType) Valid() bool

Valid indicates whether the value is a known member of the ConnectorType enum.

type ConnectorsCheckResponse

type ConnectorsCheckResponse struct {
	// Results One entry per installed (FQN, version) pair. Order matches
	// the cstore index's deterministic sort (ascending canonical
	// key); operators rendering this should not assume a
	// different order.
	Results []ConnectorCheckResult `json:"results"`
}

ConnectorsCheckResponse defines model for ConnectorsCheckResponse.

type CreateAuditJSONRequestBody

type CreateAuditJSONRequestBody = AuditIngestRequest

CreateAuditJSONRequestBody defines body for CreateAudit for application/json ContentType.

type CreateConnectorJSONRequestBody

type CreateConnectorJSONRequestBody = CreateConnectorRequest

CreateConnectorJSONRequestBody defines body for CreateConnector for application/json ContentType.

type CreateConnectorRequest

type CreateConnectorRequest struct {
	Auth        ConnectorAuth           `json:"auth"`
	Environment *string                 `json:"environment,omitempty"`
	Metadata    *map[string]interface{} `json:"metadata,omitempty"`
	Name        string                  `json:"name"`
	Provider    *string                 `json:"provider,omitempty"`
	Type        ConnectorType           `json:"type"`
	WorkspaceId string                  `json:"workspace_id"`
}

CreateConnectorRequest defines model for CreateConnectorRequest.

type CreateCredentialJSONRequestBody

type CreateCredentialJSONRequestBody = CreateCredentialRequest

CreateCredentialJSONRequestBody defines body for CreateCredential for application/json ContentType.

type CreateCredentialRequest

type CreateCredentialRequest struct {
	Environment *string                     `json:"environment,omitempty"`
	Metadata    *map[string]interface{}     `json:"metadata,omitempty"`
	Name        string                      `json:"name"`
	Type        CreateCredentialRequestType `json:"type"`
	VaultPath   string                      `json:"vault_path"`
	WorkspaceId string                      `json:"workspace_id"`
}

CreateCredentialRequest defines model for CreateCredentialRequest.

type CreateCredentialRequestType

type CreateCredentialRequestType string

CreateCredentialRequestType defines model for CreateCredentialRequest.Type.

const (
	CreateCredentialRequestTypeApiKey            CreateCredentialRequestType = "api_key"
	CreateCredentialRequestTypeCustom            CreateCredentialRequestType = "custom"
	CreateCredentialRequestTypeOauthRefreshToken CreateCredentialRequestType = "oauth_refresh_token"
	CreateCredentialRequestTypeServiceAccount    CreateCredentialRequestType = "service_account"
	CreateCredentialRequestTypeWebhookSecret     CreateCredentialRequestType = "webhook_secret"
)

Defines values for CreateCredentialRequestType.

func (CreateCredentialRequestType) Valid

Valid indicates whether the value is a known member of the CreateCredentialRequestType enum.

type CreateFundingSourceJSONRequestBody

type CreateFundingSourceJSONRequestBody = CreateFundingSourceRequest

CreateFundingSourceJSONRequestBody defines body for CreateFundingSource for application/json ContentType.

type CreateFundingSourceRequest

type CreateFundingSourceRequest struct {
	Currency         *string                        `json:"currency,omitempty"`
	Metadata         *map[string]interface{}        `json:"metadata,omitempty"`
	Name             string                         `json:"name"`
	SpendingControls *map[string]interface{}        `json:"spending_controls,omitempty"`
	Type             CreateFundingSourceRequestType `json:"type"`
	WorkspaceId      string                         `json:"workspace_id"`
}

CreateFundingSourceRequest defines model for CreateFundingSourceRequest.

type CreateFundingSourceRequestType

type CreateFundingSourceRequestType string

CreateFundingSourceRequestType defines model for CreateFundingSourceRequest.Type.

const (
	CreateFundingSourceRequestTypeBtcWalletRef       CreateFundingSourceRequestType = "btc_wallet_ref"
	CreateFundingSourceRequestTypeBudget             CreateFundingSourceRequestType = "budget"
	CreateFundingSourceRequestTypeFiatAccountRef     CreateFundingSourceRequestType = "fiat_account_ref"
	CreateFundingSourceRequestTypeLightningWalletRef CreateFundingSourceRequestType = "lightning_wallet_ref"
	CreateFundingSourceRequestTypeStoredBalance      CreateFundingSourceRequestType = "stored_balance"
	CreateFundingSourceRequestTypeVirtualCardPool    CreateFundingSourceRequestType = "virtual_card_pool"
)

Defines values for CreateFundingSourceRequestType.

func (CreateFundingSourceRequestType) Valid

Valid indicates whether the value is a known member of the CreateFundingSourceRequestType enum.

type CreateIntentJSONRequestBody

type CreateIntentJSONRequestBody = CreateIntentRequest

CreateIntentJSONRequestBody defines body for CreateIntent for application/json ContentType.

type CreateIntentRequest

type CreateIntentRequest struct {
	Action  ActionIntent `json:"action"`
	AgentId string       `json:"agent_id"`

	// CallbackUrl Optional webhook URL. The control plane will POST status updates
	// to this URL as the intent progresses through the lifecycle
	// (policy evaluated, approval requested, approved/denied, execution
	// started, execution completed). This avoids the need for agents
	// to poll the GET /v1/intents/{id} endpoint.
	CallbackUrl    *string        `json:"callback_url,omitempty"`
	Context        *IntentContext `json:"context,omitempty"`
	IdempotencyKey string         `json:"idempotency_key"`
	WorkspaceId    string         `json:"workspace_id"`
}

CreateIntentRequest defines model for CreateIntentRequest.

type CreatePolicyJSONRequestBody

type CreatePolicyJSONRequestBody = CreatePolicyRequest

CreatePolicyJSONRequestBody defines body for CreatePolicy for application/json ContentType.

type CreatePolicyRequest

type CreatePolicyRequest struct {
	Description *string       `json:"description,omitempty"`
	Environment *string       `json:"environment,omitempty"`
	Name        string        `json:"name"`
	Rules       []PolicyRule  `json:"rules"`
	Status      *PolicyStatus `json:"status,omitempty"`
	WorkspaceId string        `json:"workspace_id"`
}

CreatePolicyRequest defines model for CreatePolicyRequest.

type CreateSandboxProxyStepScopeJSONRequestBody

type CreateSandboxProxyStepScopeJSONRequestBody = SandboxProxyStepScopeRequest

CreateSandboxProxyStepScopeJSONRequestBody defines body for CreateSandboxProxyStepScope for application/json ContentType.

type CreateSessionJSONRequestBody

type CreateSessionJSONRequestBody = CreateSessionRequest

CreateSessionJSONRequestBody defines body for CreateSession for application/json ContentType.

type CreateSessionRequest

type CreateSessionRequest struct {
	Agent      string  `json:"agent"`
	WorkingDir *string `json:"working_dir,omitempty"`
}

CreateSessionRequest defines model for CreateSessionRequest.

type CreateSessionResponse

type CreateSessionResponse struct {
	// Agent Agent name (e.g. "claude", "pi").
	Agent string `json:"agent"`

	// CaveatToken Session-scoped, HMAC-signed bearer token for the
	// daemon's `/v1/*` surface. Present when the daemon
	// protects its local surface (loopback bind); absent on
	// an unprotected daemon, where no bearer is required.
	CaveatToken *string    `json:"caveat_token,omitempty"`
	EndedAt     *time.Time `json:"ended_at,omitempty"`

	// ExitCode Agent process exit code, or null when ended_at is set but the daemon never observed a clean exit (orphaned).
	ExitCode *int `json:"exit_code,omitempty"`

	// Id ULID-based session identifier; time-sortable lexicographically.
	Id        string    `json:"id"`
	StartedAt time.Time `json:"started_at"`

	// WorkingDir The directory aileron launch was invoked from.
	WorkingDir string `json:"working_dir"`
}

CreateSessionResponse defines model for CreateSessionResponse.

type CredentialListResponse

type CredentialListResponse struct {
	Items      *[]CredentialReference `json:"items,omitempty"`
	Pagination *Pagination            `json:"pagination,omitempty"`
}

CredentialListResponse defines model for CredentialListResponse.

type CredentialReference

type CredentialReference struct {
	CredentialId string                  `json:"credential_id"`
	Environment  *string                 `json:"environment,omitempty"`
	Metadata     *map[string]interface{} `json:"metadata,omitempty"`
	Name         string                  `json:"name"`
	Type         CredentialReferenceType `json:"type"`
	VaultPath    string                  `json:"vault_path"`
	WorkspaceId  string                  `json:"workspace_id"`
}

CredentialReference defines model for CredentialReference.

type CredentialReferenceType

type CredentialReferenceType string

CredentialReferenceType defines model for CredentialReference.Type.

const (
	CredentialReferenceTypeApiKey            CredentialReferenceType = "api_key"
	CredentialReferenceTypeCustom            CredentialReferenceType = "custom"
	CredentialReferenceTypeOauthRefreshToken CredentialReferenceType = "oauth_refresh_token"
	CredentialReferenceTypeServiceAccount    CredentialReferenceType = "service_account"
	CredentialReferenceTypeWebhookSecret     CredentialReferenceType = "webhook_secret"
)

Defines values for CredentialReferenceType.

func (CredentialReferenceType) Valid

func (e CredentialReferenceType) Valid() bool

Valid indicates whether the value is a known member of the CredentialReferenceType enum.

type DecideActionApprovalJSONRequestBody

type DecideActionApprovalJSONRequestBody = ActionApprovalDecision

DecideActionApprovalJSONRequestBody defines body for DecideActionApproval for application/json ContentType.

type Decision

type Decision struct {
	ApprovalId       *string             `json:"approval_id,omitempty"`
	DenialReason     *string             `json:"denial_reason,omitempty"`
	Disposition      DecisionDisposition `json:"disposition"`
	ExecutionGrantId *string             `json:"execution_grant_id,omitempty"`
	MatchedPolicies  *[]PolicyMatch      `json:"matched_policies,omitempty"`
	RequiresApproval *bool               `json:"requires_approval,omitempty"`
	RiskLevel        RiskLevel           `json:"risk_level"`
}

Decision defines model for Decision.

type DecisionDisposition

type DecisionDisposition string

DecisionDisposition defines model for DecisionDisposition.

const (
	DecisionDispositionAllow               DecisionDisposition = "allow"
	DecisionDispositionAllowModified       DecisionDisposition = "allow_modified"
	DecisionDispositionDeny                DecisionDisposition = "deny"
	DecisionDispositionRequireApproval     DecisionDisposition = "require_approval"
	DecisionDispositionRequireMoreEvidence DecisionDisposition = "require_more_evidence"
)

Defines values for DecisionDisposition.

func (DecisionDisposition) Valid

func (e DecisionDisposition) Valid() bool

Valid indicates whether the value is a known member of the DecisionDisposition enum.

type DeleteAgentCredentialsParams

type DeleteAgentCredentialsParams struct {
	// Purpose Credential purpose, forming the third segment of the vault
	// path `agents/<name>/<purpose>` (e.g. `oauth`, `apikey`).
	// Defaults to `oauth` when omitted, so a request with no
	// `purpose` is indistinguishable from the pre-purpose behavior.
	//
	// Because `<purpose>` flows straight into the raw vault map key,
	// the daemon validates it against `^[a-z0-9][a-z0-9_-]*$` before
	// constructing the path. A value containing `/`, `..`, or
	// percent-encoded separators is rejected with `400`
	// (`invalid_request`) so it cannot escape the `agents/<name>/`
	// namespace.
	Purpose *string `form:"purpose,omitempty" json:"purpose,omitempty"`
}

DeleteAgentCredentialsParams defines parameters for DeleteAgentCredentials.

type DenyRequest

type DenyRequest struct {
	Comment *string `json:"comment,omitempty"`
	Reason  string  `json:"reason"`
}

DenyRequest defines model for DenyRequest.

type DenyRequestJSONRequestBody

type DenyRequestJSONRequestBody = DenyRequest

DenyRequestJSONRequestBody defines body for DenyRequest for application/json ContentType.

type DeployAction

type DeployAction struct {
	ArtifactRef         *string               `json:"artifact_ref,omitempty"`
	ChangeTicketId      *string               `json:"change_ticket_id,omitempty"`
	Cluster             *string               `json:"cluster,omitempty"`
	Environment         *string               `json:"environment,omitempty"`
	ImageRef            *string               `json:"image_ref,omitempty"`
	MaintenanceWindowId *string               `json:"maintenance_window_id,omitempty"`
	Namespace           *string               `json:"namespace,omitempty"`
	Provider            *DeployActionProvider `json:"provider,omitempty"`
	RollbackSupported   *bool                 `json:"rollback_supported,omitempty"`
	Service             *string               `json:"service,omitempty"`
	Strategy            *DeployActionStrategy `json:"strategy,omitempty"`
}

DeployAction defines model for DeployAction.

type DeployActionProvider

type DeployActionProvider string

DeployActionProvider defines model for DeployAction.Provider.

const (
	DeployActionProviderAws        DeployActionProvider = "aws"
	DeployActionProviderAzure      DeployActionProvider = "azure"
	DeployActionProviderCustom     DeployActionProvider = "custom"
	DeployActionProviderFlyio      DeployActionProvider = "flyio"
	DeployActionProviderGcp        DeployActionProvider = "gcp"
	DeployActionProviderKubernetes DeployActionProvider = "kubernetes"
	DeployActionProviderNetlify    DeployActionProvider = "netlify"
	DeployActionProviderVercel     DeployActionProvider = "vercel"
)

Defines values for DeployActionProvider.

func (DeployActionProvider) Valid

func (e DeployActionProvider) Valid() bool

Valid indicates whether the value is a known member of the DeployActionProvider enum.

type DeployActionStrategy

type DeployActionStrategy string

DeployActionStrategy defines model for DeployAction.Strategy.

const (
	DeployActionStrategyBlueGreen DeployActionStrategy = "blue_green"
	DeployActionStrategyCanary    DeployActionStrategy = "canary"
	DeployActionStrategyCustom    DeployActionStrategy = "custom"
	DeployActionStrategyReplace   DeployActionStrategy = "replace"
	DeployActionStrategyRolling   DeployActionStrategy = "rolling"
)

Defines values for DeployActionStrategy.

func (DeployActionStrategy) Valid

func (e DeployActionStrategy) Valid() bool

Valid indicates whether the value is a known member of the DeployActionStrategy enum.

type DomainAction

type DomainAction struct {
	Calendar    *CalendarAction    `json:"calendar,omitempty"`
	Cloud       *CloudAction       `json:"cloud,omitempty"`
	Deploy      *DeployAction      `json:"deploy,omitempty"`
	Email       *EmailAction       `json:"email,omitempty"`
	Git         *GitAction         `json:"git,omitempty"`
	Payment     *PaymentAction     `json:"payment,omitempty"`
	Procurement *ProcurementAction `json:"procurement,omitempty"`
}

DomainAction Carries action-type-specific fields. Exactly one field must be populated, corresponding to the prefix of ActionIntent.type:

  • git.* → git
  • deploy.* → deploy
  • cloud.* → cloud
  • email.* → email
  • calendar.* → calendar
  • payment.* → payment
  • procurement.* → procurement

The server rejects requests where the populated domain field does not match the action type prefix.

type DraftCommsReplyJSONRequestBody

type DraftCommsReplyJSONRequestBody = DraftCommsReplyRequest

DraftCommsReplyJSONRequestBody defines body for DraftCommsReply for application/json ContentType.

type DraftCommsReplyRequest

type DraftCommsReplyRequest struct {
	// Body Suggested reply text the agent drafted.
	Body string `json:"body"`

	// ReplyTo ID of the original incoming message (from `read_messages`).
	ReplyTo string `json:"reply_to"`
}

DraftCommsReplyRequest Request body for `POST /v1/sessions/{id}/comms/draft`. The daemon looks up the original message in the notify queue by `reply_to` and surfaces it alongside the draft body for the user to approve / edit / discard.

type EmailAction

type EmailAction struct {
	Attachments *[]AttachmentRef     `json:"attachments,omitempty"`
	Bcc         *[]Recipient         `json:"bcc,omitempty"`
	BodyHtml    *string              `json:"body_html,omitempty"`
	BodyText    *string              `json:"body_text,omitempty"`
	Cc          *[]Recipient         `json:"cc,omitempty"`
	From        *Recipient           `json:"from,omitempty"`
	SendMode    *EmailActionSendMode `json:"send_mode,omitempty"`
	Subject     *string              `json:"subject,omitempty"`
	ThreadRef   *string              `json:"thread_ref,omitempty"`
	To          *[]Recipient         `json:"to,omitempty"`
}

EmailAction defines model for EmailAction.

type EmailActionSendMode

type EmailActionSendMode string

EmailActionSendMode defines model for EmailAction.SendMode.

const (
	DraftOnly EmailActionSendMode = "draft_only"
	SendNow   EmailActionSendMode = "send_now"
)

Defines values for EmailActionSendMode.

func (EmailActionSendMode) Valid

func (e EmailActionSendMode) Valid() bool

Valid indicates whether the value is a known member of the EmailActionSendMode enum.

type EndSessionJSONRequestBody

type EndSessionJSONRequestBody = EndSessionRequest

EndSessionJSONRequestBody defines body for EndSession for application/json ContentType.

type EndSessionRequest

type EndSessionRequest struct {
	// ExitCode Agent process exit code. Omit or send null to mark the
	// session as ended-with-unknown-status (same shape the
	// orphan-reaper produces on daemon restart).
	ExitCode *int `json:"exit_code,omitempty"`
}

EndSessionRequest defines model for EndSessionRequest.

type Enterprise

type Enterprise struct {
	// AllowedAuthProviders Restrict sign-in to these providers. Empty means all allowed.
	AllowedAuthProviders *[]string `json:"allowed_auth_providers,omitempty"`

	// AllowedEmailDomains Restrict sign-in to these email domains. Empty means all allowed.
	AllowedEmailDomains *[]string           `json:"allowed_email_domains,omitempty"`
	BillingEmail        openapi_types.Email `json:"billing_email"`
	CreatedAt           time.Time           `json:"created_at"`
	Id                  string              `json:"id"`
	Name                string              `json:"name"`

	// Personal True for single-user personal accounts (e.g. Gmail sign-in)
	Personal *bool          `json:"personal,omitempty"`
	Plan     EnterprisePlan `json:"plan"`

	// Slug URL-friendly unique identifier
	Slug        string    `json:"slug"`
	SsoRequired *bool     `json:"sso_required,omitempty"`
	UpdatedAt   time.Time `json:"updated_at"`
}

Enterprise defines model for Enterprise.

type EnterprisePlan

type EnterprisePlan string

EnterprisePlan defines model for Enterprise.Plan.

const (
	EnterprisePlanEnterprise EnterprisePlan = "enterprise"
	EnterprisePlanFree       EnterprisePlan = "free"
	EnterprisePlanPro        EnterprisePlan = "pro"
)

Defines values for EnterprisePlan.

func (EnterprisePlan) Valid

func (e EnterprisePlan) Valid() bool

Valid indicates whether the value is a known member of the EnterprisePlan enum.

type Error

type Error struct {
	Error struct {
		Code      string                    `json:"code"`
		Details   *[]map[string]interface{} `json:"details,omitempty"`
		Message   string                    `json:"message"`
		RequestId *string                   `json:"request_id,omitempty"`
	} `json:"error"`
}

Error Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type EvidenceItem

type EvidenceItem struct {
	Label *string          `json:"label,omitempty"`
	Type  EvidenceItemType `json:"type"`
	Value string           `json:"value"`
}

EvidenceItem defines model for EvidenceItem.

type EvidenceItemType

type EvidenceItemType string

EvidenceItemType defines model for EvidenceItem.Type.

const (
	EvidenceItemTypeArtifactRef   EvidenceItemType = "artifact_ref"
	EvidenceItemTypeChangeTicket  EvidenceItemType = "change_ticket"
	EvidenceItemTypeCustom        EvidenceItemType = "custom"
	EvidenceItemTypeDiffSummary   EvidenceItemType = "diff_summary"
	EvidenceItemTypeLink          EvidenceItemType = "link"
	EvidenceItemTypeReceiptRef    EvidenceItemType = "receipt_ref"
	EvidenceItemTypeScreenshotRef EvidenceItemType = "screenshot_ref"
	EvidenceItemTypeTestResult    EvidenceItemType = "test_result"
	EvidenceItemTypeText          EvidenceItemType = "text"
)

Defines values for EvidenceItemType.

func (EvidenceItemType) Valid

func (e EvidenceItemType) Valid() bool

Valid indicates whether the value is a known member of the EvidenceItemType enum.

type Execution

type Execution struct {
	ConnectorId *string                 `json:"connector_id,omitempty"`
	ExecutionId string                  `json:"execution_id"`
	FinishedAt  *time.Time              `json:"finished_at,omitempty"`
	IntentId    string                  `json:"intent_id"`
	Output      *map[string]interface{} `json:"output,omitempty"`
	ReceiptRef  *string                 `json:"receipt_ref,omitempty"`
	StartedAt   time.Time               `json:"started_at"`
	Status      ExecutionStatus         `json:"status"`
}

Execution defines model for Execution.

type ExecutionCallbackJSONRequestBody

type ExecutionCallbackJSONRequestBody = ExecutionCallbackRequest

ExecutionCallbackJSONRequestBody defines body for ExecutionCallback for application/json ContentType.

type ExecutionCallbackRequest

type ExecutionCallbackRequest struct {
	ErrorMessage *string                        `json:"error_message,omitempty"`
	Output       *map[string]interface{}        `json:"output,omitempty"`
	ReceiptRef   *string                        `json:"receipt_ref,omitempty"`
	Status       ExecutionCallbackRequestStatus `json:"status"`
}

ExecutionCallbackRequest defines model for ExecutionCallbackRequest.

type ExecutionCallbackRequestStatus

type ExecutionCallbackRequestStatus string

ExecutionCallbackRequestStatus defines model for ExecutionCallbackRequest.Status.

const (
	ExecutionCallbackRequestStatusCancelled ExecutionCallbackRequestStatus = "cancelled"
	ExecutionCallbackRequestStatusFailed    ExecutionCallbackRequestStatus = "failed"
	ExecutionCallbackRequestStatusRunning   ExecutionCallbackRequestStatus = "running"
	ExecutionCallbackRequestStatusSucceeded ExecutionCallbackRequestStatus = "succeeded"
)

Defines values for ExecutionCallbackRequestStatus.

func (ExecutionCallbackRequestStatus) Valid

Valid indicates whether the value is a known member of the ExecutionCallbackRequestStatus enum.

type ExecutionGrant

type ExecutionGrant struct {
	BoundedParameters *map[string]interface{} `json:"bounded_parameters,omitempty"`
	ConnectorId       *string                 `json:"connector_id,omitempty"`
	ExpiresAt         time.Time               `json:"expires_at"`
	GrantId           string                  `json:"grant_id"`
	IntentId          string                  `json:"intent_id"`
	Status            ExecutionGrantStatus    `json:"status"`
}

ExecutionGrant defines model for ExecutionGrant.

type ExecutionGrantStatus

type ExecutionGrantStatus string

ExecutionGrantStatus defines model for ExecutionGrant.Status.

const (
	ExecutionGrantStatusActive   ExecutionGrantStatus = "active"
	ExecutionGrantStatusConsumed ExecutionGrantStatus = "consumed"
	ExecutionGrantStatusExpired  ExecutionGrantStatus = "expired"
	ExecutionGrantStatusRevoked  ExecutionGrantStatus = "revoked"
)

Defines values for ExecutionGrantStatus.

func (ExecutionGrantStatus) Valid

func (e ExecutionGrantStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionGrantStatus enum.

type ExecutionId

type ExecutionId = string

ExecutionId defines model for ExecutionId.

type ExecutionRunRequest

type ExecutionRunRequest struct {
	GrantId            string                  `json:"grant_id"`
	OverrideParameters *map[string]interface{} `json:"override_parameters,omitempty"`
}

ExecutionRunRequest defines model for ExecutionRunRequest.

type ExecutionRunResponse

type ExecutionRunResponse struct {
	AcceptedAt  *time.Time                 `json:"accepted_at,omitempty"`
	ExecutionId string                     `json:"execution_id"`
	Status      ExecutionRunResponseStatus `json:"status"`
}

ExecutionRunResponse defines model for ExecutionRunResponse.

type ExecutionRunResponseStatus

type ExecutionRunResponseStatus string

ExecutionRunResponseStatus defines model for ExecutionRunResponse.Status.

const (
	Accepted ExecutionRunResponseStatus = "accepted"
	Running  ExecutionRunResponseStatus = "running"
)

Defines values for ExecutionRunResponseStatus.

func (ExecutionRunResponseStatus) Valid

func (e ExecutionRunResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionRunResponseStatus enum.

type ExecutionStatus

type ExecutionStatus string

ExecutionStatus defines model for Execution.Status.

const (
	ExecutionStatusAccepted  ExecutionStatus = "accepted"
	ExecutionStatusCancelled ExecutionStatus = "cancelled"
	ExecutionStatusFailed    ExecutionStatus = "failed"
	ExecutionStatusRunning   ExecutionStatus = "running"
	ExecutionStatusSucceeded ExecutionStatus = "succeeded"
)

Defines values for ExecutionStatus.

func (ExecutionStatus) Valid

func (e ExecutionStatus) Valid() bool

Valid indicates whether the value is a known member of the ExecutionStatus enum.

type Failure

type Failure = FailureEnvelope

Failure Structured failure envelope ratified by [ADR-0010]adr10 for errors returned to the calling action and through it to the agent. Used on the gateway endpoints (`/v1/chat/completions`, `/v1/messages`) and on action / connector install responses.

type FailureBoundary

type FailureBoundary string

FailureBoundary Layer that produced the failure. The closed set excludes `user` which is reserved for post-MVP per-invocation approval flows.

const (
	FailureBoundaryAction            FailureBoundary = "action"
	FailureBoundaryConnectorManifest FailureBoundary = "connector_manifest"
	FailureBoundaryExternal          FailureBoundary = "external"
	FailureBoundaryRuntime           FailureBoundary = "runtime"
	FailureBoundarySandbox           FailureBoundary = "sandbox"
)

Defines values for FailureBoundary.

func (FailureBoundary) Valid

func (e FailureBoundary) Valid() bool

Valid indicates whether the value is a known member of the FailureBoundary enum.

type FailureClass

type FailureClass string

FailureClass Closed taxonomy of failure classes per ADR-0010. Adding a value requires an ADR amendment.

const (
	BindingFailed         FailureClass = "binding_failed"
	BindingRequired       FailureClass = "binding_required"
	CapabilityDenied      FailureClass = "capability_denied"
	ConnectorRuntimeError FailureClass = "connector_runtime_error"
	ExternalApiError      FailureClass = "external_api_error"
	HashMismatch          FailureClass = "hash_mismatch"
	NetworkError          FailureClass = "network_error"
	ResourceLimitExceeded FailureClass = "resource_limit_exceeded"
	SignatureFailure      FailureClass = "signature_failure"
)

Defines values for FailureClass.

func (FailureClass) Valid

func (e FailureClass) Valid() bool

Valid indicates whether the value is a known member of the FailureClass enum.

type FailureEnvelope

type FailureEnvelope struct {
	Error struct {
		// AuditId Reference into the audit log for full context. Stamped
		// by the audit recorder before the response is written.
		AuditId *string `json:"audit_id,omitempty"`

		// Boundary Layer that produced the failure. The closed set excludes `user`
		// which is reserved for post-MVP per-invocation approval flows.
		Boundary FailureBoundary `json:"boundary"`

		// Class Closed taxonomy of failure classes per ADR-0010. Adding a value
		// requires an ADR amendment.
		Class FailureClass `json:"class"`

		// Details Class-specific additional fields.
		Details *map[string]interface{} `json:"details,omitempty"`

		// Message Human-readable description; safe to show end users. Does
		// not contain credentials or sensitive payload.
		Message string `json:"message"`

		// Retriable Whether the failure is safe to retry.
		Retriable bool `json:"retriable"`
	} `json:"error"`
}

FailureEnvelope Structured failure envelope ratified by [ADR-0010]adr10 for errors returned to the calling action and through it to the agent. Used on the gateway endpoints (`/v1/chat/completions`, `/v1/messages`) and on action / connector install responses.

type FinishOAuth2BindingJSONRequestBody

type FinishOAuth2BindingJSONRequestBody = OAuth2FinishRequest

FinishOAuth2BindingJSONRequestBody defines body for FinishOAuth2Binding for application/json ContentType.

type FlightPlanArtifact

type FlightPlanArtifact struct {
	// Digest Content digest of the materialized bytes (`sha256:<hex>`), the
	// content-addressed handle for the artifact.
	Digest string `json:"digest"`

	// MimeType Declared MIME type of the artifact content.
	MimeType *string `json:"mime_type,omitempty"`

	// Name Declared output name.
	Name string `json:"name"`

	// Path Declared relative artifact path. Present for a file-target
	// output; empty for a retained (non-file) output.
	Path *string `json:"path,omitempty"`
}

FlightPlanArtifact Metadata for one materialized output artifact from a Flight Plan launch. The daemon writes no host out-dir, so an artifact is surfaced by its declared name/path/mime and its content digest; the digest is the content-addressed handle the caller uses to reference the materialized bytes. The raw bytes are not returned inline.

type FlightPlanInput

type FlightPlanInput struct {
	// Description Field-level prose surfaced to the LLM in the tool schema.
	Description *string `json:"description,omitempty"`

	// ItemsType Element type of an array input, mirroring `ActionInput.items_type`.
	// Only meaningful when `type` is `array`. Reserved for future use;
	// plan inputs do not yet carry array element typing, so this is
	// typically unset and the MCP side emits the permissive `items: {}`.
	ItemsType *FlightPlanInputItemsType `json:"items_type,omitempty"`

	// Name Declared input identifier.
	Name string `json:"name"`

	// Required Whether the caller must supply this input. True for a literal-rule
	// input with no declared default; false for dynamic, source, or
	// defaulted inputs that auto-resolve at launch.
	Required bool `json:"required"`

	// Type The raw declared manifest input type. `timestamp` is carried
	// verbatim here; the MCP side projects it to JSON Schema `string`
	// (JSON Schema has no timestamp type) when deriving the tool
	// input schema.
	Type FlightPlanInputType `json:"type"`
}

FlightPlanInput One declared input of a Flight Plan, projected from the plan manifest for the MCP tool input-schema derivation. `required` is computed daemon-side: an input resolved by a literal rule with no declared default is caller-required; a dynamic, source, or defaulted input auto-resolves at launch and is not caller-required.

type FlightPlanInputItemsType

type FlightPlanInputItemsType string

FlightPlanInputItemsType Element type of an array input, mirroring `ActionInput.items_type`. Only meaningful when `type` is `array`. Reserved for future use; plan inputs do not yet carry array element typing, so this is typically unset and the MCP side emits the permissive `items: {}`.

const (
	FlightPlanInputItemsTypeBoolean FlightPlanInputItemsType = "boolean"
	FlightPlanInputItemsTypeNumber  FlightPlanInputItemsType = "number"
	FlightPlanInputItemsTypeObject  FlightPlanInputItemsType = "object"
	FlightPlanInputItemsTypeString  FlightPlanInputItemsType = "string"
)

Defines values for FlightPlanInputItemsType.

func (FlightPlanInputItemsType) Valid

func (e FlightPlanInputItemsType) Valid() bool

Valid indicates whether the value is a known member of the FlightPlanInputItemsType enum.

type FlightPlanInputType

type FlightPlanInputType string

FlightPlanInputType The raw declared manifest input type. `timestamp` is carried verbatim here; the MCP side projects it to JSON Schema `string` (JSON Schema has no timestamp type) when deriving the tool input schema.

const (
	FlightPlanInputTypeArray     FlightPlanInputType = "array"
	FlightPlanInputTypeBoolean   FlightPlanInputType = "boolean"
	FlightPlanInputTypeNumber    FlightPlanInputType = "number"
	FlightPlanInputTypeObject    FlightPlanInputType = "object"
	FlightPlanInputTypeString    FlightPlanInputType = "string"
	FlightPlanInputTypeTimestamp FlightPlanInputType = "timestamp"
)

Defines values for FlightPlanInputType.

func (FlightPlanInputType) Valid

func (e FlightPlanInputType) Valid() bool

Valid indicates whether the value is a known member of the FlightPlanInputType enum.

type FlightPlanLaunchRequest

type FlightPlanLaunchRequest struct {
	// Inputs Literal input overrides, forwarded to the runtime as launch
	// args and resolved once. A key names a declared plan input; its
	// value overrides that input's default. Inputs not named here fall
	// back to their declared default (a missing required input with no
	// default fail-fasts the launch).
	Inputs *map[string]interface{} `json:"inputs,omitempty"`

	// Version Frozen version id to launch (mirrors the CLI `--version`). When
	// omitted, the latest frozen version by freeze time is launched.
	Version *string `json:"version,omitempty"`
}

FlightPlanLaunchRequest Body for `POST /v1/flightplans/{name}/launch`. Both fields are optional: an empty body launches the latest frozen version with every input at its declared default.

type FlightPlanLaunchResponse

type FlightPlanLaunchResponse struct {
	// Artifacts The materialized output artifacts.
	Artifacts *[]FlightPlanArtifact `json:"artifacts,omitempty"`

	// AuditIds Audit record ids emitted to the sink for this launch, in
	// emission order.
	AuditIds *[]string `json:"audit_ids,omitempty"`

	// ContentHash Verified content hash of the frozen unit that ran
	// (`sha256:<hex>`). Always present on a successful launch.
	ContentHash string `json:"content_hash"`

	// ResolvedInputs The frozen resolved-input set (Phase A output): every declared
	// input mapped to the value the run used, after applying the
	// request overrides and declared defaults.
	ResolvedInputs *map[string]interface{} `json:"resolved_inputs,omitempty"`

	// StepOutputs Per-step named outputs, keyed by step id. Each value is the map
	// of that step's named outputs.
	StepOutputs *map[string]map[string]interface{} `json:"step_outputs,omitempty"`
}

FlightPlanLaunchResponse Successful result of launching a frozen Flight Plan: the verified content hash, the resolved inputs, the per-step outputs, the materialized artifacts, and the audit record ids emitted for the launch. Mirrors the `RunResult` shape the CLI launch surfaces.

type FlightPlanListResponse

type FlightPlanListResponse struct {
	Items      *[]FlightPlanSummary   `json:"items,omitempty"`
	LoadErrors *[]FlightPlanLoadError `json:"load_errors,omitempty"`
}

FlightPlanListResponse Response for `GET /v1/flightplans`: the installed frozen Flight Plans and any per-plan load errors. Mirrors `ActionListResponse`.

type FlightPlanLoadError

type FlightPlanLoadError struct {
	// Boundary Which layer produced the error (always "flightplan" for load failures).
	Boundary *string `json:"boundary,omitempty"`

	// Class Canonical failure class (e.g. parse_error, verification_error).
	Class string `json:"class"`

	// File Path of the offending frozen version directory.
	File string `json:"file"`

	// Line Line within the manifest where the error was detected; 0 when unknown.
	Line    *int   `json:"line,omitempty"`
	Message string `json:"message"`
}

FlightPlanLoadError A structured error describing one installed Flight Plan whose latest frozen version failed to verify or parse, per ADR-0010. Loading is non-fatal — plans that load successfully appear in `items`; failed plans appear here so a broken plan is observable rather than dropped.

type FlightPlanOutput

type FlightPlanOutput struct {
	// Description Field-level prose describing the output.
	Description *string `json:"description,omitempty"`

	// MimeType Declared MIME type of the output content.
	MimeType *string `json:"mime_type,omitempty"`

	// Name Declared output name.
	Name string `json:"name"`
}

FlightPlanOutput One declared output artifact of a Flight Plan. Used to enrich the MCP tool description; it does not enter the input schema.

type FlightPlanResumeRequest

type FlightPlanResumeRequest struct {
	// Outputs Seam outputs to inject, keyed `stepId → outputName → value`. For a
	// seam resume this carries exactly the suspended seam step's declared
	// outputs; supplying outputs that do not match the suspended step's
	// declared outputs is a `400`.
	Outputs *map[string]map[string]interface{} `json:"outputs,omitempty"`
}

FlightPlanResumeRequest Body for `POST /v1/flightplans/runs/{runId}/resume`. `outputs` is supplied for a seam fulfillment (the suspended seam's declared named results) and omitted for an approval-driven resume (the daemon reads the recorded approval's outcome instead).

type FlightPlanSeamPendingResponse

type FlightPlanSeamPendingResponse struct {
	// RunId Server-minted run id, stable across the whole suspend/resume
	// sequence. The agent passes it to
	// `POST /v1/flightplans/runs/{runId}/resume`.
	RunId string `json:"run_id"`

	// Seam The suspended `llm-seam` step's request payload: everything the agent
	// needs to produce the seam's outputs. The prompt is the sealed
	// instruction template with its bindings resolved for display, the model
	// is the recorded (non-enforced) target hint, and outputs names the
	// results the seam must produce and supply on resume.
	Seam FlightPlanSeamRequest `json:"seam"`

	// Status Discriminator. Always `seam_pending` for this shape; included so
	// the agent's MCP wrapper can branch without inspecting the HTTP
	// status code.
	Status FlightPlanSeamPendingResponseStatus `json:"status"`
}

FlightPlanSeamPendingResponse Response body when a Flight Plan launch or resume SUSPENDS at an unfulfilled `llm-seam` step (#2101). The daemon returns control to the agent, which produces the seam's declared outputs and resumes the run via `POST /v1/flightplans/runs/{runId}/resume` supplying them. No LLM is reached daemon-side: the agent is the seam provider. The `status` discriminator distinguishes this from a completed `FlightPlanLaunchResponse` on the shared `200` response.

type FlightPlanSeamPendingResponseStatus

type FlightPlanSeamPendingResponseStatus string

FlightPlanSeamPendingResponseStatus Discriminator. Always `seam_pending` for this shape; included so the agent's MCP wrapper can branch without inspecting the HTTP status code.

const (
	SeamPending FlightPlanSeamPendingResponseStatus = "seam_pending"
)

Defines values for FlightPlanSeamPendingResponseStatus.

func (FlightPlanSeamPendingResponseStatus) Valid

Valid indicates whether the value is a known member of the FlightPlanSeamPendingResponseStatus enum.

type FlightPlanSeamRequest

type FlightPlanSeamRequest struct {
	// Bindings The seam's resolved input bindings (binding name → resolved value),
	// for the agent's context. Never secrets (bindings are references).
	Bindings *map[string]interface{} `json:"bindings,omitempty"`

	// Model The seam's recorded model target (for example
	// `anthropic:claude-haiku-4-5`). A request/hint, never a pin. Empty
	// when the seam declares no model.
	Model *string `json:"model,omitempty"`

	// Outputs The named results the seam must produce. The resume request
	// supplies a value for each under `outputs[stepId]`.
	Outputs []string `json:"outputs"`

	// Prompt The seam's sealed instruction template, rendered with its resolved
	// bindings for display. Empty when the seam declares no prompt.
	Prompt *string `json:"prompt,omitempty"`

	// StepId The id of the suspended `llm-seam` step.
	StepId string `json:"step_id"`
}

FlightPlanSeamRequest The suspended `llm-seam` step's request payload: everything the agent needs to produce the seam's outputs. The prompt is the sealed instruction template with its bindings resolved for display, the model is the recorded (non-enforced) target hint, and outputs names the results the seam must produce and supply on resume.

type FlightPlanSummary

type FlightPlanSummary struct {
	// Description Plan description from the manifest frontmatter (empty when the
	// manifest declares none).
	Description *string `json:"description,omitempty"`

	// Inputs The plan's declared inputs, in declaration order.
	Inputs *[]FlightPlanInput `json:"inputs,omitempty"`

	// Name Plan name from the manifest frontmatter (the store handle).
	Name string `json:"name"`

	// Outputs The plan's declared output artifacts.
	Outputs *[]FlightPlanOutput `json:"outputs,omitempty"`

	// Version The latest frozen version id of the plan (what `LatestFrozen`
	// returns). This is the version launched when the plan tool is
	// called with no explicit version.
	Version string `json:"version"`
}

FlightPlanSummary Identity and declared interface of one installed frozen Flight Plan, enough for `aileron-mcp` to expose one MCP tool per plan.

type Forbidden

type Forbidden = Error

Forbidden Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type FundingSource

type FundingSource struct {
	Currency         *string                 `json:"currency,omitempty"`
	FundingSourceId  string                  `json:"funding_source_id"`
	Metadata         *map[string]interface{} `json:"metadata,omitempty"`
	Name             string                  `json:"name"`
	SpendingControls *struct {
		AllowedCategories    *[]string `json:"allowed_categories,omitempty"`
		AllowedMerchants     *[]string `json:"allowed_merchants,omitempty"`
		MaxSingleTransaction *Money    `json:"max_single_transaction,omitempty"`
	} `json:"spending_controls,omitempty"`
	Status      FundingSourceStatus `json:"status"`
	Type        FundingSourceType   `json:"type"`
	WorkspaceId string              `json:"workspace_id"`
}

FundingSource defines model for FundingSource.

type FundingSourceListResponse

type FundingSourceListResponse struct {
	Items      *[]FundingSource `json:"items,omitempty"`
	Pagination *Pagination      `json:"pagination,omitempty"`
}

FundingSourceListResponse defines model for FundingSourceListResponse.

type FundingSourceStatus

type FundingSourceStatus string

FundingSourceStatus defines model for FundingSource.Status.

const (
	FundingSourceStatusActive   FundingSourceStatus = "active"
	FundingSourceStatusDisabled FundingSourceStatus = "disabled"
)

Defines values for FundingSourceStatus.

func (FundingSourceStatus) Valid

func (e FundingSourceStatus) Valid() bool

Valid indicates whether the value is a known member of the FundingSourceStatus enum.

type FundingSourceType

type FundingSourceType string

FundingSourceType defines model for FundingSource.Type.

const (
	FundingSourceTypeBtcWalletRef       FundingSourceType = "btc_wallet_ref"
	FundingSourceTypeBudget             FundingSourceType = "budget"
	FundingSourceTypeFiatAccountRef     FundingSourceType = "fiat_account_ref"
	FundingSourceTypeLightningWalletRef FundingSourceType = "lightning_wallet_ref"
	FundingSourceTypeStoredBalance      FundingSourceType = "stored_balance"
	FundingSourceTypeVirtualCardPool    FundingSourceType = "virtual_card_pool"
)

Defines values for FundingSourceType.

func (FundingSourceType) Valid

func (e FundingSourceType) Valid() bool

Valid indicates whether the value is a known member of the FundingSourceType enum.

type GetAgentCredentialsParams

type GetAgentCredentialsParams struct {
	// Purpose Credential purpose, forming the third segment of the vault
	// path `agents/<name>/<purpose>` (e.g. `oauth`, `apikey`).
	// Defaults to `oauth` when omitted, so a request with no
	// `purpose` is indistinguishable from the pre-purpose behavior.
	//
	// Because `<purpose>` flows straight into the raw vault map key,
	// the daemon validates it against `^[a-z0-9][a-z0-9_-]*$` before
	// constructing the path. A value containing `/`, `..`, or
	// percent-encoded separators is rejected with `400`
	// (`invalid_request`) so it cannot escape the `agents/<name>/`
	// namespace.
	Purpose *string `form:"purpose,omitempty" json:"purpose,omitempty"`
}

GetAgentCredentialsParams defines parameters for GetAgentCredentials.

type GetAnalyticsSummaryParams

type GetAnalyticsSummaryParams struct {
	WorkspaceId string    `form:"workspace_id" json:"workspace_id"`
	From        time.Time `form:"from" json:"from"`
	To          time.Time `form:"to" json:"to"`
}

GetAnalyticsSummaryParams defines parameters for GetAnalyticsSummary.

type GetAuditTraceParams

type GetAuditTraceParams struct {
	// ContentHash Root the walk at the `output.materialized` event carrying
	// this content hash (`sha256:<hex>`). Primary rooting; takes
	// precedence over `invocation_id` when both are supplied.
	ContentHash *string `form:"content_hash,omitempty" json:"content_hash,omitempty"`

	// InvocationId Root the walk at every `output.materialized` event carrying
	// this launch-scoped `aileron.invocation.id`. Used when
	// `content_hash` is absent.
	InvocationId *string `form:"invocation_id,omitempty" json:"invocation_id,omitempty"`
}

GetAuditTraceParams defines parameters for GetAuditTrace.

type GetHubActionInstallDecisionParams

type GetHubActionInstallDecisionParams struct {
	// Fqn Action FQN, e.g. `github://ALRubinger/aileron-connector-google/actions/draft-email`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubActionInstallDecisionParams defines parameters for GetHubActionInstallDecision.

type GetHubActionParams

type GetHubActionParams struct {
	// Fqn Action FQN, e.g. `github://ALRubinger/aileron-connector-google/actions/draft-email`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubActionParams defines parameters for GetHubAction.

type GetHubConnectorParams

type GetHubConnectorParams struct {
	// Fqn Connector FQN, e.g. `github://ALRubinger/aileron-connector-google`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubConnectorParams defines parameters for GetHubConnector.

type GetHubInstallDecisionParams

type GetHubInstallDecisionParams struct {
	// Fqn Connector FQN, e.g. `github://ALRubinger/aileron-connector-google`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubInstallDecisionParams defines parameters for GetHubInstallDecision.

type GetHubSuiteInstallDecisionParams

type GetHubSuiteInstallDecisionParams struct {
	// Fqn Suite FQN, e.g. `github://ALRubinger/aileron-connector-google/suite`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubSuiteInstallDecisionParams defines parameters for GetHubSuiteInstallDecision.

type GetHubSuiteParams

type GetHubSuiteParams struct {
	// Fqn Suite FQN, e.g. `github://ALRubinger/aileron-connector-google/suite`.
	Fqn string `form:"fqn" json:"fqn"`
}

GetHubSuiteParams defines parameters for GetHubSuite.

type GitAction

type GitAction struct {
	BaseBranch     *string            `json:"base_branch,omitempty"`
	Branch         *string            `json:"branch,omitempty"`
	ChecksRequired *[]string          `json:"checks_required,omitempty"`
	CommitShas     *[]string          `json:"commit_shas,omitempty"`
	FilesChanged   *[]string          `json:"files_changed,omitempty"`
	IssueAssignees *[]string          `json:"issue_assignees,omitempty"`
	IssueBody      *string            `json:"issue_body,omitempty"`
	IssueLabels    *[]string          `json:"issue_labels,omitempty"`
	IssueTitle     *string            `json:"issue_title,omitempty"`
	Labels         *[]string          `json:"labels,omitempty"`
	PrBody         *string            `json:"pr_body,omitempty"`
	PrTitle        *string            `json:"pr_title,omitempty"`
	Provider       *GitActionProvider `json:"provider,omitempty"`
	Repository     *string            `json:"repository,omitempty"`
	Reviewers      *[]string          `json:"reviewers,omitempty"`
}

GitAction defines model for GitAction.

type GitActionProvider

type GitActionProvider string

GitActionProvider defines model for GitAction.Provider.

const (
	Bitbucket GitActionProvider = "bitbucket"
	Custom    GitActionProvider = "custom"
	Github    GitActionProvider = "github"
	Gitlab    GitActionProvider = "gitlab"
)

Defines values for GitActionProvider.

func (GitActionProvider) Valid

func (e GitActionProvider) Valid() bool

Valid indicates whether the value is a known member of the GitActionProvider enum.

type GrantId

type GrantId = string

GrantId defines model for GrantId.

type HealthResponse

type HealthResponse struct {
	Service   string               `json:"service"`
	Status    HealthResponseStatus `json:"status"`
	Timestamp time.Time            `json:"timestamp"`
	Version   string               `json:"version"`
}

HealthResponse defines model for HealthResponse.

type HealthResponseStatus

type HealthResponseStatus string

HealthResponseStatus defines model for HealthResponse.Status.

const (
	Degraded HealthResponseStatus = "degraded"
	Down     HealthResponseStatus = "down"
	Ok       HealthResponseStatus = "ok"
)

Defines values for HealthResponseStatus.

func (HealthResponseStatus) Valid

func (e HealthResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the HealthResponseStatus enum.

type HubActionEntry

type HubActionEntry struct {
	// Category Optional discovery grouping (e.g. `communication`, `productivity`).
	Category *string `json:"category,omitempty"`

	// ConnectorFqn FQN of the connector this action depends on. Used by the
	// Hub UI to filter actions by provider and to compute the
	// install-decision dependency closure.
	ConnectorFqn string `json:"connector_fqn"`

	// Description One-line description of what the action does.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO/actions/NAME`.
	Fqn string `json:"fqn"`

	// Intents Optional informational phrases describing what users would
	// ask their agent to do to trigger this action (e.g.
	// "draft email", "compose gmail").
	Intents *[]string `json:"intents,omitempty"`

	// PublisherGithub GitHub user or org name that owns the action's repo.
	PublisherGithub string `json:"publisher_github"`
}

HubActionEntry A single Hub action entry. Matches the YAML files committed to the `aileron-hub` repo under `actions/`. Pointer to a published action template at its canonical FQN; the action template itself (TOML frontmatter + Markdown body per ADR-0003) is fetched from the publisher's repo at install time.

type HubActionInstallDecision

type HubActionInstallDecision struct {
	Authorities []HubInstallAuthority `json:"authorities"`

	// ConnectorFqn FQN of the connector this action depends on.
	ConnectorFqn string                       `json:"connector_fqn"`
	Description  string                       `json:"description"`
	Fqn          string                       `json:"fqn"`
	Kind         HubActionInstallDecisionKind `json:"kind"`

	// LatestVersion Latest non-prerelease SemVer tag the action's source repo
	// has published, resolved via the connector version lister at
	// decision time. Empty when the source has no published
	// releases (the operator can still install via the CLI by
	// pinning `@<sha>` or `@<tag>`, but the webapp modal needs a
	// concrete version to call `/v1/actions/install`). The webapp
	// uses this directly as the install's `version` argument so
	// the install endpoint sees strict SemVer, not `latest`.
	LatestVersion   *string `json:"latest_version,omitempty"`
	PublisherGithub string  `json:"publisher_github"`
}

HubActionInstallDecision Composite install-decision payload for an action install. The `authorities[]` list always carries one entry for actions (single connector dependency); the kind discriminator lets clients render a single combined modal with both action-level metadata and the underlying connector trust gate.

type HubActionInstallDecisionKind

type HubActionInstallDecisionKind string

HubActionInstallDecisionKind defines model for HubActionInstallDecision.Kind.

const (
	HubActionInstallDecisionKindAction HubActionInstallDecisionKind = "action"
)

Defines values for HubActionInstallDecisionKind.

func (HubActionInstallDecisionKind) Valid

Valid indicates whether the value is a known member of the HubActionInstallDecisionKind enum.

type HubActionList

type HubActionList struct {
	Actions []HubActionEntry `json:"actions"`
}

HubActionList defines model for HubActionList.

type HubConnectorEntry

type HubConnectorEntry struct {
	// Description One-line description of what the connector does.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO`.
	Fqn string `json:"fqn"`

	// KeyUrl Public URL of the publisher's ed25519 signing key.
	// Typically `https://raw.githubusercontent.com/OWNER/REPO/main/keys/publisher.pub`.
	KeyUrl string `json:"key_url"`

	// PublisherGithub GitHub user or org name that owns the connector repo.
	PublisherGithub string `json:"publisher_github"`

	// ReleasePattern Glob matching the release tags Aileron should consider.
	ReleasePattern string `json:"release_pattern"`
}

HubConnectorEntry A single Hub entry. Matches the YAML files committed to the `aileron-hub` repo under `connectors/`. Pointer to a connector hosted at the canonical FQN; the Hub does not host the binary.

type HubConnectorList

type HubConnectorList struct {
	Connectors []HubConnectorEntry `json:"connectors"`
}

HubConnectorList defines model for HubConnectorList.

type HubInstallAuthority

type HubInstallAuthority struct {
	// Fingerprint SHA-256 fingerprint of the publisher's signing key, formatted
	// as `sha256:<base64-without-padding>` to match
	// `aileron keyring trust` output.
	Fingerprint string `json:"fingerprint"`

	// Fqn Connector FQN this authority refers to.
	Fqn string `json:"fqn"`

	// KeyDivergence True when the connector's fetched signing key diverges from
	// the owner-level keyring grant for this publisher. Informational
	// only — never blocks the install decision; the divergence is
	// also surfaced as a `risk_indicators` string and reflected in
	// `trust_state: conflict`. Absent/false when no owner grant
	// exists or the fetched key matches it.
	KeyDivergence *bool `json:"key_divergence,omitempty"`

	// PublisherFootprint FQNs of the owner's other connectors listed in the Hub
	// (owner-granularity context: every repo published under the
	// same owner, informational only).
	PublisherFootprint []string `json:"publisher_footprint"`
	PublisherGithub    string   `json:"publisher_github"`
	RiskIndicators     []string `json:"risk_indicators"`

	// TrustState Trust state for the connector's publisher against the local
	// keyring, evaluated at owner granularity (ADR-0013 per-publisher
	// trust). `already_trusted`: an owner-level grant exists for this
	// publisher whose key matches the fetched signing key (the grant
	// covers every repo the owner publishes, so a sibling FQN grant
	// counts). `unknown`: no owner-level grant for this publisher.
	// `conflict`: an owner-level grant exists but the fetched signing
	// key diverges from the trusted key — a key rotation, MITM, or
	// impersonation signal. The divergence is surfaced as a risk
	// indicator and via `key_divergence`; it is informational and does
	// not block the install on its own.
	TrustState HubTrustState `json:"trust_state"`
}

HubInstallAuthority Per-connector trust-panel data inside a composite install-decision. Shape mirrors the connector-level `HubInstallDecision` minus the top-level description (which belongs to the action or suite being installed, not the underlying connector authority).

type HubInstallDecision

type HubInstallDecision struct {
	Description string `json:"description"`

	// Fingerprint SHA-256 fingerprint of the publisher's signing key, formatted
	// as `sha256:<base64-without-padding>` to match
	// `aileron keyring trust` output.
	Fingerprint string `json:"fingerprint"`

	// Fqn Canonical FQN.
	Fqn string `json:"fqn"`

	// KeyDivergence True when the connector's fetched signing key diverges from
	// the owner-level keyring grant for this publisher. Informational
	// only — never blocks the install decision; the divergence is
	// also surfaced as a `risk_indicators` string and reflected in
	// `trust_state: conflict`. Absent/false when no owner grant
	// exists or the fetched key matches it.
	KeyDivergence *bool `json:"key_divergence,omitempty"`

	// PublisherFootprint FQNs of the owner's other connectors listed in the Hub
	// (owner-granularity context: every repo published under the
	// same owner, informational only).
	PublisherFootprint []string `json:"publisher_footprint"`
	PublisherGithub    string   `json:"publisher_github"`

	// RiskIndicators Human-readable risk strings derived from the trust state and
	// keyring contents, e.g. "First connector by this publisher
	// you've installed" (informational, yellow) or the owner-level
	// key-divergence warning (conflict, red). Non-blocking by
	// construction: the payload has no boolean gate, so risk
	// strings are rendered as warnings, never as install blockers.
	RiskIndicators []string `json:"risk_indicators"`

	// TrustState Trust state for the connector's publisher against the local
	// keyring, evaluated at owner granularity (ADR-0013 per-publisher
	// trust). `already_trusted`: an owner-level grant exists for this
	// publisher whose key matches the fetched signing key (the grant
	// covers every repo the owner publishes, so a sibling FQN grant
	// counts). `unknown`: no owner-level grant for this publisher.
	// `conflict`: an owner-level grant exists but the fetched signing
	// key diverges from the trusted key — a key rotation, MITM, or
	// impersonation signal. The divergence is surfaced as a risk
	// indicator and via `key_divergence`; it is informational and does
	// not block the install on its own.
	TrustState HubTrustState `json:"trust_state"`
}

HubInstallDecision Pre-computed payload for the install-time prompt (CLI y/N and webapp modal). Shape resolved in #487. `trust_state` and `publisher_footprint` are evaluated at owner granularity (ADR-0013 per-publisher trust): a single owner-level grant covers every repo the publisher owns. Publisher info remains informational context for the decision, not an auto-approve gate.

type HubSuiteEntry

type HubSuiteEntry struct {
	// Category Optional discovery grouping (e.g. `communication`, `productivity`).
	Category *string `json:"category,omitempty"`

	// ConnectorsRequired FQNs of the connectors the suite's actions transitively
	// require. Informational metadata for discovery; not part of
	// any trust grant.
	ConnectorsRequired *[]string `json:"connectors_required,omitempty"`

	// Description One-line description of what the suite bundles.
	Description string `json:"description"`

	// Fqn Canonical FQN, e.g. `github://OWNER/REPO/suite`.
	Fqn string `json:"fqn"`

	// MemberActions FQNs of the actions bundled in this suite.
	MemberActions []string `json:"member_actions"`

	// PublisherGithub GitHub user or org name that owns the suite's repo.
	PublisherGithub string `json:"publisher_github"`
}

HubSuiteEntry A single Hub action-suite entry. Matches the YAML files committed to the `aileron-hub` repo under `suites/`. Pointer to a published suite manifest (the canonical `suite.toml` per #564 lives in the publisher's repo); the Hub entry is the discovery surface.

type HubSuiteInstallDecision

type HubSuiteInstallDecision struct {
	Authorities []HubInstallAuthority       `json:"authorities"`
	Description string                      `json:"description"`
	Fqn         string                      `json:"fqn"`
	Kind        HubSuiteInstallDecisionKind `json:"kind"`

	// LatestVersion Latest non-prerelease SemVer tag from the suite's source
	// repo, resolved at decision time. The webapp passes this as
	// the `version` argument to each per-member install call —
	// every action in a Hub-published suite ships from the same
	// repo, so one tag covers them all. Empty when the source has
	// no published releases.
	LatestVersion   *string  `json:"latest_version,omitempty"`
	MemberActions   []string `json:"member_actions"`
	PublisherGithub string   `json:"publisher_github"`
}

HubSuiteInstallDecision Composite install-decision payload for a suite install. The `authorities[]` list carries one entry per unique connector authority in the suite's dependency closure (one trust panel per authority, however many member actions are being installed).

type HubSuiteInstallDecisionKind

type HubSuiteInstallDecisionKind string

HubSuiteInstallDecisionKind defines model for HubSuiteInstallDecision.Kind.

const (
	Suite HubSuiteInstallDecisionKind = "suite"
)

Defines values for HubSuiteInstallDecisionKind.

func (HubSuiteInstallDecisionKind) Valid

Valid indicates whether the value is a known member of the HubSuiteInstallDecisionKind enum.

type HubSuiteList

type HubSuiteList struct {
	Suites []HubSuiteEntry `json:"suites"`
}

HubSuiteList defines model for HubSuiteList.

type HubTrustState

type HubTrustState string

HubTrustState Trust state for the connector's publisher against the local keyring, evaluated at owner granularity (ADR-0013 per-publisher trust). `already_trusted`: an owner-level grant exists for this publisher whose key matches the fetched signing key (the grant covers every repo the owner publishes, so a sibling FQN grant counts). `unknown`: no owner-level grant for this publisher. `conflict`: an owner-level grant exists but the fetched signing key diverges from the trusted key — a key rotation, MITM, or impersonation signal. The divergence is surfaced as a risk indicator and via `key_divergence`; it is informational and does not block the install on its own.

const (
	HubTrustStateAlreadyTrusted HubTrustState = "already_trusted"
	HubTrustStateConflict       HubTrustState = "conflict"
	HubTrustStateUnknown        HubTrustState = "unknown"
)

Defines values for HubTrustState.

func (HubTrustState) Valid

func (e HubTrustState) Valid() bool

Valid indicates whether the value is a known member of the HubTrustState enum.

type InitOAuth2BindingJSONRequestBody

type InitOAuth2BindingJSONRequestBody = OAuth2InitRequest

InitOAuth2BindingJSONRequestBody defines body for InitOAuth2Binding for application/json ContentType.

type InstallActionJSONRequestBody

type InstallActionJSONRequestBody = InstallActionRequest

InstallActionJSONRequestBody defines body for InstallAction for application/json ContentType.

type InstallActionRequest

type InstallActionRequest struct {
	// AutoInstallConnectors When true, the server transparently installs any
	// `[[requires.connectors]]` whose pinned hash is not already in
	// the local content-addressed store, using the connector's
	// declared version and hash from the action manifest. Each
	// implicit install runs the full connector pipeline (resolve →
	// fetch → verify signature → match `expected_hash`) and any
	// failure aborts the action install with the connector's
	// structured error.
	//
	// When false (default), missing connector deps abort the
	// install with a `422` carrying `error.code = connectors_missing`
	// and `error.details[]` listing each missing connector's
	// `name`, `version`, and `hash` so the CLI can prompt the user
	// for confirmation before retrying with the flag set.
	AutoInstallConnectors *bool `json:"auto_install_connectors,omitempty"`

	// ConfirmedFingerprints Publisher-key fingerprints the operator confirmed at the
	// webapp install modal — one entry per connector authority in
	// the action's dependency closure (suite installs supply the
	// full set on every per-action install; the CLI omits this
	// field entirely since it pre-trusts via `aileron keyring
	// trust`). Mirrors `confirmed_fingerprint` on
	// `InstallConnectorRequest` (#487 / #628) but applies it
	// across every authority the install needs trust for —
	// without this the webapp can't reach the action install
	// endpoint without first running N standalone connector
	// installs to write trust as a side effect.
	//
	// For each entry the daemon looks up `fqn` in the Hub,
	// fetches the publisher's current key, verifies its
	// fingerprint matches the supplied value (anti-tampering
	// check between what the operator saw and what the install
	// endpoint uses), then writes the key to the keyring under
	// the FQN before running the install pipeline. Trust
	// persists even if the install later fails (matches #487 Q4
	// resolution for the singular case). Entries whose FQN is
	// already trusted under the same key short-circuit; mismatch
	// aborts with `fingerprint_mismatch`.
	ConfirmedFingerprints *[]ConfirmedFingerprint `json:"confirmed_fingerprints,omitempty"`

	// Force When true, overwrite an existing action with the same name.
	// When false (default), refuse with `409 Conflict` if an action
	// of the same name already exists.
	Force *bool `json:"force,omitempty"`

	// Fqn Fully-qualified URI of the action template per ADR-0002 / ADR-0003
	// (e.g. `github://ALRubinger/aileron-connector-github/actions/list-recent-prs`).
	// Subpath references are supported for actions published alongside
	// their connector.
	Fqn string `json:"fqn"`

	// Version Strict SemVer (e.g. `0.1.0`).
	Version string `json:"version"`
}

InstallActionRequest defines model for InstallActionRequest.

type InstallConnectorJSONRequestBody

type InstallConnectorJSONRequestBody = InstallConnectorRequest

InstallConnectorJSONRequestBody defines body for InstallConnector for application/json ContentType.

type InstallConnectorRequest

type InstallConnectorRequest struct {
	// ConfirmedFingerprint Optional publisher-key fingerprint the operator confirmed at
	// the install prompt (terminal y/N/d or webapp install modal),
	// per ADR-0013 / #487. Format matches `aileron keyring trust`
	// output: `sha256:<22 base64-no-padding chars>`.
	//
	// When supplied, the daemon looks up the FQN in the Hub, fetches
	// the publisher's current key, verifies its fingerprint matches
	// this value (anti-tampering — the client and daemon must agree
	// on what the operator saw), then writes the key to the keyring
	// at the FQN authority before running the install pipeline.
	// Trust persists even if the install later fails, matching the
	// #487 Q4 resolution.
	//
	// When omitted, the install requires the publisher key to be
	// pre-established in the keyring (typical for non-TTY installs
	// and connectors not listed in the Hub). Mismatch returns
	// `fingerprint_mismatch`; an FQN with no Hub entry returns
	// `not_found`.
	ConfirmedFingerprint *string `json:"confirmed_fingerprint,omitempty"`

	// ExpectedHash Optional canonical hash (`sha256:<hex>`) the install must match.
	// When supplied (typical when the install is driven by an action
	// file's `[[requires.connectors]] hash`), a computed hash that
	// does not match aborts the install with `hash_mismatch` and
	// nothing is written to the store. When omitted (typical for
	// first install), the pipeline records whatever hash the bytes
	// produce.
	ExpectedHash *string `json:"expected_hash,omitempty"`

	// Fqn Fully-qualified URI per ADR-0002 (e.g. `github://aileron/slack`).
	// Scheme must be one of `github`, `gitlab`, `hub` in v1.
	Fqn string `json:"fqn"`

	// Version Strict SemVer (e.g. `1.2.0`). No ranges, no `latest`.
	Version string `json:"version"`
}

InstallConnectorRequest defines model for InstallConnectorRequest.

type InstalledAction

type InstalledAction struct {
	// AlreadyInstalled True when the action was already present and the install was a no-op
	// (the file on disk matched the bytes that would have been written).
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// Fqn FQN the action was installed from.
	Fqn string `json:"fqn"`

	// Name Bare local handle of the installed action (the action manifest's `name`).
	Name string `json:"name"`

	// NewlyStaleBindings Existing bindings whose status flipped to `stale` because
	// this install upgraded a connector whose manifest now demands
	// an OAuth scope the recorded grant lacks (`scope_drift`), or
	// because the binding predates scope tracking and needs a
	// one-time reauthorize (`no_grant_record`). The CLI uses this
	// list to prompt the operator to drop into
	// `aileron binding reauthorize` inline (#741); without this
	// signal the install reports success and the next action
	// invocation that needs the new scope fails with a 403.
	// Aggregated across implicit connector installs the action
	// triggers (`auto_install_connectors=true`).
	NewlyStaleBindings *[]StaleBinding `json:"newly_stale_bindings,omitempty"`

	// Path Absolute path of the installed action file on disk.
	Path string `json:"path"`

	// Source Provenance URI recorded on the installed manifest's `source` field.
	Source string `json:"source"`

	// UnboundCapabilities Credential capabilities the action's connectors declare that
	// do not yet have a binding in the user's vault. The CLI uses
	// this list to prompt the user to drop into `aileron binding
	// setup` immediately after install — the user stays in the CLI
	// and avoids hitting `binding_required` later.
	UnboundCapabilities *[]UnboundCapability `json:"unbound_capabilities,omitempty"`
	Version             string               `json:"version"`
}

InstalledAction defines model for InstalledAction.

type InstalledActionRef

type InstalledActionRef struct {
	// Hash `sha256:<hex>` of the installed manifest's bytes on disk.
	// Differs from the previewed `hash` whenever this object is
	// populated.
	Hash string `json:"hash"`

	// Path Absolute path of the installed action file on disk.
	Path string `json:"path"`

	// Source Provenance URI recorded on the installed manifest's `source` field.
	Source string `json:"source"`

	// Version Version field from the installed manifest's frontmatter.
	Version string `json:"version"`
}

InstalledActionRef Snapshot of an action already on disk at install time. Used in the preview response to surface the installed version when its bytes differ from the requested install — the CLI renders this so the operator can confirm an upgrade.

type InstalledConnector

type InstalledConnector struct {
	// AlreadyInstalled True when the install was a no-op because an entry with the
	// matching hash already existed (offline reinstall path per
	// ADR-0004).
	AlreadyInstalled *bool `json:"already_installed,omitempty"`

	// EntryDir Absolute path of the store entry on disk.
	EntryDir string `json:"entry_dir"`
	Fqn      string `json:"fqn"`

	// Hash Canonical `sha256:<hex>` of the installed bytes.
	Hash string `json:"hash"`

	// NewlyStaleBindings Bindings whose status flipped to `stale` as a result of this
	// install — either because the new manifest demands an OAuth
	// scope the recorded grant lacks (`scope_drift`) or because
	// the binding predates scope tracking (`no_grant_record`) and
	// needs a one-time reauthorize so the daemon can record what
	// was granted. Emitted by the scope-drift hook (#726/#729).
	// The CLI uses this list to prompt the operator to drop into
	// `aileron binding reauthorize` inline (#741); without this
	// signal the install reports success and the next action
	// invocation that needs the new scope fails with a 403 from
	// the upstream provider.
	NewlyStaleBindings *[]StaleBinding `json:"newly_stale_bindings,omitempty"`
	Version            string          `json:"version"`
}

InstalledConnector defines model for InstalledConnector.

type IntentContext

type IntentContext struct {
	Environment      *string   `json:"environment,omitempty"`
	IpAddress        *string   `json:"ip_address,omitempty"`
	RiskHints        *[]string `json:"risk_hints,omitempty"`
	SourcePlatform   *string   `json:"source_platform,omitempty"`
	SourceSessionId  *string   `json:"source_session_id,omitempty"`
	SourceTraceId    *string   `json:"source_trace_id,omitempty"`
	TemporaryGrantId *string   `json:"temporary_grant_id,omitempty"`
	UserPresent      *bool     `json:"user_present,omitempty"`
}

IntentContext defines model for IntentContext.

type IntentEnvelope

type IntentEnvelope struct {
	Action      ActionIntent    `json:"action"`
	Agent       ActorRef        `json:"agent"`
	Context     *IntentContext  `json:"context,omitempty"`
	CreatedAt   time.Time       `json:"created_at"`
	Decision    Decision        `json:"decision"`
	Evidence    *[]EvidenceItem `json:"evidence,omitempty"`
	IntentId    string          `json:"intent_id"`
	Status      IntentStatus    `json:"status"`
	UpdatedAt   time.Time       `json:"updated_at"`
	WorkspaceId string          `json:"workspace_id"`
}

IntentEnvelope defines model for IntentEnvelope.

type IntentId

type IntentId = string

IntentId defines model for IntentId.

type IntentListResponse

type IntentListResponse struct {
	Items      *[]IntentEnvelope `json:"items,omitempty"`
	Pagination *Pagination       `json:"pagination,omitempty"`
}

IntentListResponse defines model for IntentListResponse.

type IntentStatus

type IntentStatus string

IntentStatus defines model for IntentStatus.

const (
	Approved        IntentStatus = "approved"
	Cancelled       IntentStatus = "cancelled"
	Denied          IntentStatus = "denied"
	Executing       IntentStatus = "executing"
	Expired         IntentStatus = "expired"
	Failed          IntentStatus = "failed"
	PendingApproval IntentStatus = "pending_approval"
	PendingPolicy   IntentStatus = "pending_policy"
	Succeeded       IntentStatus = "succeeded"
)

Defines values for IntentStatus.

func (IntentStatus) Valid

func (e IntentStatus) Valid() bool

Valid indicates whether the value is a known member of the IntentStatus enum.

type InternalServerError

type InternalServerError = Error

InternalServerError Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type InvalidParamFormatError

type InvalidParamFormatError struct {
	ParamName string
	Err       error
}

func (*InvalidParamFormatError) Error

func (e *InvalidParamFormatError) Error() string

func (*InvalidParamFormatError) Unwrap

func (e *InvalidParamFormatError) Unwrap() error

type LaunchFlightPlan200JSONResponseBody

type LaunchFlightPlan200JSONResponseBody struct {
	// contains filtered or unexported fields
}

LaunchFlightPlan200JSONResponseBody defines parameters for LaunchFlightPlan.

func (LaunchFlightPlan200JSONResponseBody) AsFlightPlanLaunchResponse

func (t LaunchFlightPlan200JSONResponseBody) AsFlightPlanLaunchResponse() (FlightPlanLaunchResponse, error)

AsFlightPlanLaunchResponse returns the union data inside the LaunchFlightPlan200JSONResponseBody as a FlightPlanLaunchResponse

func (LaunchFlightPlan200JSONResponseBody) AsFlightPlanSeamPendingResponse

func (t LaunchFlightPlan200JSONResponseBody) AsFlightPlanSeamPendingResponse() (FlightPlanSeamPendingResponse, error)

AsFlightPlanSeamPendingResponse returns the union data inside the LaunchFlightPlan200JSONResponseBody as a FlightPlanSeamPendingResponse

func (*LaunchFlightPlan200JSONResponseBody) FromFlightPlanLaunchResponse

func (t *LaunchFlightPlan200JSONResponseBody) FromFlightPlanLaunchResponse(v FlightPlanLaunchResponse) error

FromFlightPlanLaunchResponse overwrites any union data inside the LaunchFlightPlan200JSONResponseBody as the provided FlightPlanLaunchResponse

func (*LaunchFlightPlan200JSONResponseBody) FromFlightPlanSeamPendingResponse

func (t *LaunchFlightPlan200JSONResponseBody) FromFlightPlanSeamPendingResponse(v FlightPlanSeamPendingResponse) error

FromFlightPlanSeamPendingResponse overwrites any union data inside the LaunchFlightPlan200JSONResponseBody as the provided FlightPlanSeamPendingResponse

func (LaunchFlightPlan200JSONResponseBody) MarshalJSON

func (t LaunchFlightPlan200JSONResponseBody) MarshalJSON() ([]byte, error)

func (*LaunchFlightPlan200JSONResponseBody) MergeFlightPlanLaunchResponse

func (t *LaunchFlightPlan200JSONResponseBody) MergeFlightPlanLaunchResponse(v FlightPlanLaunchResponse) error

MergeFlightPlanLaunchResponse performs a merge with any union data inside the LaunchFlightPlan200JSONResponseBody, using the provided FlightPlanLaunchResponse

func (*LaunchFlightPlan200JSONResponseBody) MergeFlightPlanSeamPendingResponse

func (t *LaunchFlightPlan200JSONResponseBody) MergeFlightPlanSeamPendingResponse(v FlightPlanSeamPendingResponse) error

MergeFlightPlanSeamPendingResponse performs a merge with any union data inside the LaunchFlightPlan200JSONResponseBody, using the provided FlightPlanSeamPendingResponse

func (*LaunchFlightPlan200JSONResponseBody) UnmarshalJSON

func (t *LaunchFlightPlan200JSONResponseBody) UnmarshalJSON(b []byte) error

type LaunchFlightPlanJSONRequestBody

type LaunchFlightPlanJSONRequestBody = FlightPlanLaunchRequest

LaunchFlightPlanJSONRequestBody defines body for LaunchFlightPlan for application/json ContentType.

type LineItem

type LineItem struct {
	Description string  `json:"description"`
	Quantity    int     `json:"quantity"`
	Sku         *string `json:"sku,omitempty"`
	UnitAmount  Money   `json:"unit_amount"`
}

LineItem defines model for LineItem.

type ListApprovalsParams

type ListApprovalsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
	Assignee    *string    `form:"assignee,omitempty" json:"assignee,omitempty"`
}

ListApprovalsParams defines parameters for ListApprovals.

type ListAuditParams

type ListAuditParams struct {
	// Since Lower-bound (inclusive) on event timestamp; RFC 3339.
	Since *time.Time `form:"since,omitempty" json:"since,omitempty"`

	// AuditId Match events with this exact `audit_id`.
	AuditId *string `form:"audit_id,omitempty" json:"audit_id,omitempty"`

	// ConnectorFqn Match events that reference this connector FQN.
	ConnectorFqn *string `form:"connector_fqn,omitempty" json:"connector_fqn,omitempty"`

	// Class Match failure events with this `class` (e.g. `binding_required`).
	Class *string `form:"class,omitempty" json:"class,omitempty"`

	// OutputName Match `output.materialized` events for this output name.
	OutputName *string `form:"output_name,omitempty" json:"output_name,omitempty"`

	// ContentHash Match the `output.materialized` event with this content hash (`sha256:<hex>`).
	ContentHash *string `form:"content_hash,omitempty" json:"content_hash,omitempty"`

	// InvocationId Match events with this `aileron.invocation.id` (one launch's records).
	InvocationId *string `form:"invocation_id,omitempty" json:"invocation_id,omitempty"`

	// Limit Maximum events to return; newest first.
	Limit *int `form:"limit,omitempty" json:"limit,omitempty"`
}

ListAuditParams defines parameters for ListAudit.

type ListBindingsParams

type ListBindingsParams struct {
	// ConnectorFqn Restrict to bindings created for the given connector FQN.
	ConnectorFqn *string `form:"connector_fqn,omitempty" json:"connector_fqn,omitempty"`

	// Kind Restrict to bindings of the given credential kind (e.g. `api_key`).
	Kind *string `form:"kind,omitempty" json:"kind,omitempty"`
}

ListBindingsParams defines parameters for ListBindings.

type ListConnectorsParams

type ListConnectorsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListConnectorsParams defines parameters for ListConnectors.

type ListCredentialsParams

type ListCredentialsParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListCredentialsParams defines parameters for ListCredentials.

type ListFundingSourcesParams

type ListFundingSourcesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListFundingSourcesParams defines parameters for ListFundingSources.

type ListHubActionsParams

type ListHubActionsParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubActionsParams defines parameters for ListHubActions.

type ListHubConnectorsParams

type ListHubConnectorsParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubConnectorsParams defines parameters for ListHubConnectors.

type ListHubSuitesParams

type ListHubSuitesParams struct {
	// Q Optional keyword filter applied to FQN and description.
	Q *string `form:"q,omitempty" json:"q,omitempty"`
}

ListHubSuitesParams defines parameters for ListHubSuites.

type ListIntentsParams

type ListIntentsParams struct {
	PageSize    *PageSize     `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken    `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId *string       `form:"workspace_id,omitempty" json:"workspace_id,omitempty"`
	Status      *IntentStatus `form:"status,omitempty" json:"status,omitempty"`
	ActionType  *string       `form:"action_type,omitempty" json:"action_type,omitempty"`
	AgentId     *string       `form:"agent_id,omitempty" json:"agent_id,omitempty"`
}

ListIntentsParams defines parameters for ListIntents.

type ListPoliciesParams

type ListPoliciesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListPoliciesParams defines parameters for ListPolicies.

type ListSessionsParams

type ListSessionsParams struct {
	ActiveOnly *bool   `form:"active_only,omitempty" json:"active_only,omitempty"`
	Agent      *string `form:"agent,omitempty" json:"agent,omitempty"`

	// Since RFC3339 timestamp; only sessions with StartedAt >= since are returned.
	Since *time.Time `form:"since,omitempty" json:"since,omitempty"`
	Limit *int       `form:"limit,omitempty" json:"limit,omitempty"`
}

ListSessionsParams defines parameters for ListSessions.

type ListTracesParams

type ListTracesParams struct {
	PageSize    *PageSize  `form:"page_size,omitempty" json:"page_size,omitempty"`
	PageToken   *PageToken `form:"page_token,omitempty" json:"page_token,omitempty"`
	WorkspaceId string     `form:"workspace_id" json:"workspace_id"`
}

ListTracesParams defines parameters for ListTraces.

type ListVaultEntriesParams

type ListVaultEntriesParams struct {
	// IncludeControlPlane When true, also include the tenant-keyed control-plane
	// namespaces (`connected-accounts/` and `llm-config/`) that are
	// excluded from the default view.
	IncludeControlPlane *bool `form:"include_control_plane,omitempty" json:"include_control_plane,omitempty"`
}

ListVaultEntriesParams defines parameters for ListVaultEntries.

type LocalVaultStatusResponse

type LocalVaultStatusResponse struct {
	// Locked Convenience boolean — true when state is `missing` or `locked`,
	// false when `unlocked`. The webapp uses this to drive the modal.
	Locked bool `json:"locked"`

	// State Lifecycle state of the local vault file.
	//   - `missing`  — no vault file at the canonical path
	//   - `locked`   — vault file present, awaiting passphrase
	//   - `unlocked` — passphrase accepted; the daemon holds the KEK
	State LocalVaultStatusResponseState `json:"state"`
}

LocalVaultStatusResponse defines model for LocalVaultStatusResponse.

type LocalVaultStatusResponseState

type LocalVaultStatusResponseState string

LocalVaultStatusResponseState Lifecycle state of the local vault file.

  • `missing` — no vault file at the canonical path
  • `locked` — vault file present, awaiting passphrase
  • `unlocked` — passphrase accepted; the daemon holds the KEK
const (
	LocalVaultStatusResponseStateLocked   LocalVaultStatusResponseState = "locked"
	LocalVaultStatusResponseStateMissing  LocalVaultStatusResponseState = "missing"
	LocalVaultStatusResponseStateUnlocked LocalVaultStatusResponseState = "unlocked"
)

Defines values for LocalVaultStatusResponseState.

func (LocalVaultStatusResponseState) Valid

Valid indicates whether the value is a known member of the LocalVaultStatusResponseState enum.

type LocalVaultUnlockRequest

type LocalVaultUnlockRequest struct {
	// Passphrase The vault passphrase. Sent in plaintext over the loopback
	// connection — the daemon derives the KEK locally via Argon2id.
	// Distinct from `UnlockVaultRequest`, which carries a
	// client-derived KEK for the cloud-tier multi-tenant flow.
	Passphrase string `json:"passphrase"`
}

LocalVaultUnlockRequest defines model for LocalVaultUnlockRequest.

type MessagesRequest

type MessagesRequest struct {
	MaxTokens int                `json:"max_tokens"`
	Messages  []AnthropicMessage `json:"messages"`
	Model     string             `json:"model"`
	Stream    *bool              `json:"stream,omitempty"`

	// System System prompt; string or array of content blocks (Anthropic
	// shape).
	System interface{} `json:"system,omitempty"`

	// ToolChoice Passed through to the upstream provider unchanged.
	ToolChoice interface{} `json:"tool_choice,omitempty"`

	// Tools Agent-declared tools. Aileron preserves these unchanged and
	// appends installed actions to the array before forwarding
	// upstream (Anthropic shape).
	Tools                *[]AnthropicTool       `json:"tools,omitempty"`
	AdditionalProperties map[string]interface{} `json:"-"`
}

MessagesRequest defines model for MessagesRequest.

func (MessagesRequest) Get

func (a MessagesRequest) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for MessagesRequest. Returns the specified element and whether it was found

func (MessagesRequest) MarshalJSON

func (a MessagesRequest) MarshalJSON() ([]byte, error)

Override default JSON handling for MessagesRequest to handle AdditionalProperties

func (*MessagesRequest) Set

func (a *MessagesRequest) Set(fieldName string, value interface{})

Setter for additional properties for MessagesRequest

func (*MessagesRequest) UnmarshalJSON

func (a *MessagesRequest) UnmarshalJSON(b []byte) error

Override default JSON handling for MessagesRequest to handle AdditionalProperties

type MessagesResponse

type MessagesResponse struct {
	Content              []map[string]interface{} `json:"content"`
	Id                   string                   `json:"id"`
	Model                string                   `json:"model"`
	Role                 MessagesResponseRole     `json:"role"`
	StopReason           *string                  `json:"stop_reason,omitempty"`
	StopSequence         *string                  `json:"stop_sequence,omitempty"`
	Type                 MessagesResponseType     `json:"type"`
	Usage                *map[string]interface{}  `json:"usage,omitempty"`
	AdditionalProperties map[string]interface{}   `json:"-"`
}

MessagesResponse defines model for MessagesResponse.

func (MessagesResponse) Get

func (a MessagesResponse) Get(fieldName string) (value interface{}, found bool)

Getter for additional properties for MessagesResponse. Returns the specified element and whether it was found

func (MessagesResponse) MarshalJSON

func (a MessagesResponse) MarshalJSON() ([]byte, error)

Override default JSON handling for MessagesResponse to handle AdditionalProperties

func (*MessagesResponse) Set

func (a *MessagesResponse) Set(fieldName string, value interface{})

Setter for additional properties for MessagesResponse

func (*MessagesResponse) UnmarshalJSON

func (a *MessagesResponse) UnmarshalJSON(b []byte) error

Override default JSON handling for MessagesResponse to handle AdditionalProperties

type MessagesResponseRole

type MessagesResponseRole string

MessagesResponseRole defines model for MessagesResponse.Role.

const (
	Assistant MessagesResponseRole = "assistant"
)

Defines values for MessagesResponseRole.

func (MessagesResponseRole) Valid

func (e MessagesResponseRole) Valid() bool

Valid indicates whether the value is a known member of the MessagesResponseRole enum.

type MessagesResponseType

type MessagesResponseType string

MessagesResponseType defines model for MessagesResponse.Type.

const (
	Message MessagesResponseType = "message"
)

Defines values for MessagesResponseType.

func (MessagesResponseType) Valid

func (e MessagesResponseType) Valid() bool

Valid indicates whether the value is a known member of the MessagesResponseType enum.

type MiddlewareFunc

type MiddlewareFunc func(http.Handler) http.Handler

type ModifyApprovalRequest

type ModifyApprovalRequest struct {
	Comment       *string                `json:"comment,omitempty"`
	Modifications map[string]interface{} `json:"modifications"`
}

ModifyApprovalRequest defines model for ModifyApprovalRequest.

type ModifyRequestJSONRequestBody

type ModifyRequestJSONRequestBody = ModifyApprovalRequest

ModifyRequestJSONRequestBody defines body for ModifyRequest for application/json ContentType.

type Money

type Money struct {
	// Amount Amount in minor units
	Amount   int    `json:"amount"`
	Currency string `json:"currency"`
}

Money defines model for Money.

type NotFound

type NotFound = Error

NotFound Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type OAuth2FinishRequest

type OAuth2FinishRequest struct {
	// Code Authorization code captured from the OAuth callback.
	Code string `json:"code"`

	// SessionId The session id returned by oauth2/init.
	SessionId string `json:"session_id"`

	// State State token captured from the OAuth callback. Server
	// compares against the session's stored state and rejects
	// on mismatch (CSRF protection).
	State string `json:"state"`
}

OAuth2FinishRequest defines model for OAuth2FinishRequest.

type OAuth2InitRequest

type OAuth2InitRequest struct {
	// Account Optional human-readable account label.
	Account *string `json:"account,omitempty"`

	// Caller Selects who serves the OAuth callback. See the endpoint
	// description for the full contract.
	//
	// - `cli` (default) — daemon picks an ephemeral loopback port;
	//   the calling CLI binds it and posts to `oauth2/finish`.
	//   Unchanged from the pre-#743 behavior.
	// - `daemon` — the daemon's own listen address is the callback
	//   target. The provider's redirect lands at
	//   `/v1/bindings/setup/oauth2/callback`, the daemon completes
	//   the flow internally, and the user's browser is then
	//   redirected to `return_to`. Requires `return_to`.
	Caller *OAuth2InitRequestCaller `json:"caller,omitempty"`

	// ConnectorFqn Fully-qualified connector name. Connector must be installed
	// and must declare `[capabilities.credential] kind = "oauth2"`.
	ConnectorFqn string `json:"connector_fqn"`

	// Identity User-chosen handle for the new binding (e.g. `work`,
	// `personal`). Combined with the connector's declared kind
	// and service to form the full binding name.
	Identity string `json:"identity"`

	// Purpose Distinguishes a first-time setup (default) from a scope-drift
	// reauthorize. `reauthorize` requires the named binding to
	// already exist; finish then upserts that binding (preserving
	// CreatedAt / Account) rather than creating a new one, and the
	// authorize URL is built with `prompt=consent` so the provider
	// re-prompts for the upgraded scope set instead of silently
	// reissuing from prior consent.
	Purpose *OAuth2InitRequestPurpose `json:"purpose,omitempty"`

	// ReturnTo URL the daemon redirects the browser to after completing a
	// `caller=daemon` flow. Required when `caller=daemon`; ignored
	// when `caller=cli`. Validated as loopback-only (`127.0.0.1`,
	// `localhost`, or `[::1]`) under http(s) — same boundary as
	// ADR-0002's loopback constraint on the redirect URI itself.
	ReturnTo *string `json:"return_to,omitempty"`

	// Service Optional service override. Defaults to the service segment
	// derived from the connector FQN's repo segment.
	Service *string `json:"service,omitempty"`
}

OAuth2InitRequest defines model for OAuth2InitRequest.

type OAuth2InitRequestCaller

type OAuth2InitRequestCaller string

OAuth2InitRequestCaller Selects who serves the OAuth callback. See the endpoint description for the full contract.

  • `cli` (default) — daemon picks an ephemeral loopback port; the calling CLI binds it and posts to `oauth2/finish`. Unchanged from the pre-#743 behavior.
  • `daemon` — the daemon's own listen address is the callback target. The provider's redirect lands at `/v1/bindings/setup/oauth2/callback`, the daemon completes the flow internally, and the user's browser is then redirected to `return_to`. Requires `return_to`.
const (
	Cli    OAuth2InitRequestCaller = "cli"
	Daemon OAuth2InitRequestCaller = "daemon"
)

Defines values for OAuth2InitRequestCaller.

func (OAuth2InitRequestCaller) Valid

func (e OAuth2InitRequestCaller) Valid() bool

Valid indicates whether the value is a known member of the OAuth2InitRequestCaller enum.

type OAuth2InitRequestPurpose

type OAuth2InitRequestPurpose string

OAuth2InitRequestPurpose Distinguishes a first-time setup (default) from a scope-drift reauthorize. `reauthorize` requires the named binding to already exist; finish then upserts that binding (preserving CreatedAt / Account) rather than creating a new one, and the authorize URL is built with `prompt=consent` so the provider re-prompts for the upgraded scope set instead of silently reissuing from prior consent.

const (
	Reauthorize OAuth2InitRequestPurpose = "reauthorize"
	Setup       OAuth2InitRequestPurpose = "setup"
)

Defines values for OAuth2InitRequestPurpose.

func (OAuth2InitRequestPurpose) Valid

func (e OAuth2InitRequestPurpose) Valid() bool

Valid indicates whether the value is a known member of the OAuth2InitRequestPurpose enum.

type OAuth2InitResponse

type OAuth2InitResponse struct {
	// AuthorizeUrl URL the caller should direct the user's browser to. Already
	// includes client_id, redirect_uri, response_type=code,
	// scope, state, code_challenge, and code_challenge_method=S256.
	AuthorizeUrl string `json:"authorize_url"`

	// RedirectUri Loopback URL the caller must serve to capture the OAuth
	// callback (e.g. `http://localhost:54321/callback`). The
	// server has already chosen a free port and embedded the
	// URI in `authorize_url`.
	RedirectUri string `json:"redirect_uri"`

	// SessionId Opaque token the caller passes back to oauth2/finish.
	// Server-side state (PKCE verifier, expected state value)
	// is keyed by this id; TTL is 10 minutes.
	SessionId string `json:"session_id"`
}

OAuth2InitResponse defines model for OAuth2InitResponse.

type Oauth2BindingCallbackParams

type Oauth2BindingCallbackParams struct {
	// Code Authorization code from the OAuth provider.
	Code string `form:"code" json:"code"`

	// State State token from the OAuth provider's redirect. Daemon
	// compares against the session it indexed under this value
	// on init; mismatch (or no session) returns 404.
	State string `form:"state" json:"state"`

	// Error OAuth-provider-supplied error code (e.g. `access_denied`).
	// When present, the daemon clears the session, skips the
	// token exchange, and surfaces the failure on the rendered
	// page. Mutually exclusive with `code` per OAuth2 §4.1.2.1.
	Error *string `form:"error,omitempty" json:"error,omitempty"`

	// ErrorDescription OAuth-provider-supplied human-readable error detail. Used
	// alongside `error` in the failure page.
	ErrorDescription *string `form:"error_description,omitempty" json:"error_description,omitempty"`
}

Oauth2BindingCallbackParams defines parameters for Oauth2BindingCallback.

type PageSize

type PageSize = int

PageSize defines model for PageSize.

type PageToken

type PageToken = string

PageToken defines model for PageToken.

type Pagination

type Pagination struct {
	NextPageToken *string `json:"next_page_token,omitempty"`
}

Pagination defines model for Pagination.

type PassphraseSaltResponse

type PassphraseSaltResponse struct {
	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// Salt Base64-encoded Argon2id salt (omitted when no passphrase is set)
	Salt *[]byte `json:"salt,omitempty"`
}

PassphraseSaltResponse defines model for PassphraseSaltResponse.

type PassphraseVerificationResponse

type PassphraseVerificationResponse struct {
	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// KekVerification Encrypted verification blob for client-side decryption (omitted when no passphrase is set)
	KekVerification *[]byte `json:"kek_verification,omitempty"`
}

PassphraseVerificationResponse defines model for PassphraseVerificationResponse.

type PatchActionJSONRequestBody

type PatchActionJSONRequestBody = ActionPatchRequest

PatchActionJSONRequestBody defines body for PatchAction for application/json ContentType.

type PaymentAction

type PaymentAction struct {
	Amount                      *Money                                    `json:"amount,omitempty"`
	Beneficiary                 *PaymentBeneficiary                       `json:"beneficiary,omitempty"`
	BudgetCode                  *string                                   `json:"budget_code,omitempty"`
	ContractTerm                *string                                   `json:"contract_term,omitempty"`
	FundingSourceId             *string                                   `json:"funding_source_id,omitempty"`
	LineItems                   *[]LineItem                               `json:"line_items,omitempty"`
	MerchantCategory            *string                                   `json:"merchant_category,omitempty"`
	MerchantReference           *string                                   `json:"merchant_reference,omitempty"`
	PaymentInstrumentPreference *PaymentActionPaymentInstrumentPreference `json:"payment_instrument_preference,omitempty"`
	RecurringInterval           *PaymentActionRecurringInterval           `json:"recurring_interval,omitempty"`
	Renewal                     *bool                                     `json:"renewal,omitempty"`
	VendorId                    *string                                   `json:"vendor_id,omitempty"`
	VendorName                  *string                                   `json:"vendor_name,omitempty"`
}

PaymentAction defines model for PaymentAction.

type PaymentActionPaymentInstrumentPreference

type PaymentActionPaymentInstrumentPreference string

PaymentActionPaymentInstrumentPreference defines model for PaymentAction.PaymentInstrumentPreference.

const (
	Ach          PaymentActionPaymentInstrumentPreference = "ach"
	NetworkProxy PaymentActionPaymentInstrumentPreference = "network_proxy"
	Unspecified  PaymentActionPaymentInstrumentPreference = "unspecified"
	VirtualCard  PaymentActionPaymentInstrumentPreference = "virtual_card"
	Wallet       PaymentActionPaymentInstrumentPreference = "wallet"
)

Defines values for PaymentActionPaymentInstrumentPreference.

func (PaymentActionPaymentInstrumentPreference) Valid

Valid indicates whether the value is a known member of the PaymentActionPaymentInstrumentPreference enum.

type PaymentActionRecurringInterval

type PaymentActionRecurringInterval string

PaymentActionRecurringInterval defines model for PaymentAction.RecurringInterval.

const (
	Annual    PaymentActionRecurringInterval = "annual"
	Monthly   PaymentActionRecurringInterval = "monthly"
	None      PaymentActionRecurringInterval = "none"
	Quarterly PaymentActionRecurringInterval = "quarterly"
)

Defines values for PaymentActionRecurringInterval.

func (PaymentActionRecurringInterval) Valid

Valid indicates whether the value is a known member of the PaymentActionRecurringInterval enum.

type PaymentBeneficiary

type PaymentBeneficiary struct {
	Department *string              `json:"department,omitempty"`
	Email      *openapi_types.Email `json:"email,omitempty"`
	Name       *string              `json:"name,omitempty"`
}

PaymentBeneficiary defines model for PaymentBeneficiary.

type PendingActionApproval

type PendingActionApproval struct {
	// ActionName For `kind=action`, the manifest name of the gated action
	// (e.g. "send-email"). For non-action kinds, a short label
	// describing what's being approved ("send_message",
	// "draft_reply", "http_request").
	ActionName string `json:"action_name"`

	// Args Kind-specific arguments. For `action`, the call-time
	// arguments the agent passed in. For comms / HTTP kinds,
	// see the `kind` enum description above.
	Args *map[string]interface{} `json:"args,omitempty"`

	// ConnectorFqn Connector FQN the action's first execute step targets, surfaced
	// so the user can see which integration would actually run.
	// Empty for non-action kinds.
	ConnectorFqn *string `json:"connector_fqn,omitempty"`

	// Id Opaque server-minted identifier for this request.
	Id string `json:"id"`

	// InputFields Rendered projection of the gated action's call-time args
	// through the action manifest's `[[inputs]]` declarations
	// (per the ADR-0003 amendment introducing per-input `label`
	// and `multiline` keys). Surfaced on the approval card so
	// the user sees labeled rows ("To: alr@…", "Subject: …",
	// multiline "Body: …") instead of the raw JSON args dump.
	//
	// Fields are ordered by `[[inputs]]` declaration order
	// (matching the convention `ActionApprovalPreviewPolicy`
	// uses for previews). An input's `label` from the manifest
	// becomes the row's user-facing key; when no label is
	// declared the input's bare name is used. Required inputs
	// the agent did not supply surface as `missing=true` so the
	// UI can render "n/a". Args the agent supplied that aren't
	// declared on the manifest are appended at the end, sorted
	// by key, so the user always sees everything the agent
	// passed.
	//
	// Optional. Omitted when the gated action has no resolvable
	// manifest or its manifest declares no `[[inputs]]` block;
	// in that case the webapp falls back to the historic raw-
	// JSON accordion. The field shape mirrors
	// `ActionApprovalPreviewField` so the webapp can route
	// preview fields and input fields through the same renderer.
	InputFields *[]ActionApprovalPreviewField `json:"input_fields,omitempty"`

	// Kind Discriminates the user-facing card layout the webapp
	// should render.
	//
	//   - `action` — historic action-manifest gate (default).
	//   - `comms_send` — `aileron-mcp`'s `send_message` tool;
	//     args carry `service`, `channel`, `body`.
	//   - `comms_draft` — `aileron-mcp`'s `draft_reply` tool;
	//     args carry `service`, `channel`, `original_author`,
	//     `original_body`, `draft_body`, `reply_to`. The
	//     webapp surfaces `draft_body` as an editable field
	//     and ships the edited bytes back via
	//     `ActionApprovalDecision.edited_payload.body`.
	//   - `http_request` — `aileron-mcp`'s `http_request` tool;
	//     args carry `method`, `url`, `body`, `secret_name`
	//     (the matched binding name; the value is never
	//     surfaced to the webapp).
	Kind PendingActionApprovalKind `json:"kind"`

	// Preview Rendered output of the action manifest's `[approval.preview]`
	// directive (ADR-0016). Surfaced on the approval prompt so the user
	// sees an authoritative summary of what they are approving rather than
	// agent-supplied hints. Two terminal shapes:
	//
	//   - On success, `fields` carries the rendered entries in the
	//     manifest's declared order. A field whose render path did not
	//     resolve in the preview response carries `missing=true` so the UI
	//     renders "n/a" rather than silently omitting the row.
	//   - On wholesale failure (HTTP non-2xx, timeout, sandbox denial,
	//     WASM trap), `unavailable` carries a short user-facing reason
	//     (e.g. "preview unavailable: timeout") and `fields` is omitted.
	//     The approval still proceeds; the user can decline based on the
	//     raw inputs plus the failure note.
	Preview *ActionApprovalPreview `json:"preview,omitempty"`

	// RequestedAt When the queue minted this request.
	RequestedAt time.Time `json:"requested_at"`

	// SessionId Launch session that initiated the request, when one is in
	// scope; empty for daemon-direct callers.
	SessionId *string `json:"session_id,omitempty"`
}

PendingActionApproval One pending action-level approval request. Surfaced to the webapp / CLI for user decision. The runtime is blocked on the corresponding action-run HTTP response and will resume the moment a decision is posted to `/v1/action-approvals/{id}/decide`.

type PendingActionApprovalKind

type PendingActionApprovalKind string

PendingActionApprovalKind Discriminates the user-facing card layout the webapp should render.

  • `action` — historic action-manifest gate (default).
  • `comms_send` — `aileron-mcp`'s `send_message` tool; args carry `service`, `channel`, `body`.
  • `comms_draft` — `aileron-mcp`'s `draft_reply` tool; args carry `service`, `channel`, `original_author`, `original_body`, `draft_body`, `reply_to`. The webapp surfaces `draft_body` as an editable field and ships the edited bytes back via `ActionApprovalDecision.edited_payload.body`.
  • `http_request` — `aileron-mcp`'s `http_request` tool; args carry `method`, `url`, `body`, `secret_name` (the matched binding name; the value is never surfaced to the webapp).
const (
	PendingActionApprovalKindAction      PendingActionApprovalKind = "action"
	PendingActionApprovalKindCommsDraft  PendingActionApprovalKind = "comms_draft"
	PendingActionApprovalKindCommsSend   PendingActionApprovalKind = "comms_send"
	PendingActionApprovalKindHttpRequest PendingActionApprovalKind = "http_request"
)

Defines values for PendingActionApprovalKind.

func (PendingActionApprovalKind) Valid

func (e PendingActionApprovalKind) Valid() bool

Valid indicates whether the value is a known member of the PendingActionApprovalKind enum.

type Policy

type Policy struct {
	CreatedAt   *time.Time   `json:"created_at,omitempty"`
	Description *string      `json:"description,omitempty"`
	Environment *string      `json:"environment,omitempty"`
	Name        string       `json:"name"`
	PolicyId    string       `json:"policy_id"`
	Rules       []PolicyRule `json:"rules"`
	Status      PolicyStatus `json:"status"`
	UpdatedAt   *time.Time   `json:"updated_at,omitempty"`
	Version     int          `json:"version"`
	WorkspaceId string       `json:"workspace_id"`
}

Policy defines model for Policy.

type PolicyCondition

type PolicyCondition struct {
	Field    *string                  `json:"field,omitempty"`
	Operator *PolicyConditionOperator `json:"operator,omitempty"`
	Value    *PolicyCondition_Value   `json:"value,omitempty"`
}

PolicyCondition defines model for PolicyCondition.

type PolicyConditionOperator

type PolicyConditionOperator string

PolicyConditionOperator defines model for PolicyCondition.Operator.

const (
	Contains PolicyConditionOperator = "contains"
	Eq       PolicyConditionOperator = "eq"
	Gt       PolicyConditionOperator = "gt"
	Gte      PolicyConditionOperator = "gte"
	In       PolicyConditionOperator = "in"
	Lt       PolicyConditionOperator = "lt"
	Lte      PolicyConditionOperator = "lte"
	Matches  PolicyConditionOperator = "matches"
	Neq      PolicyConditionOperator = "neq"
	NotIn    PolicyConditionOperator = "not_in"
)

Defines values for PolicyConditionOperator.

func (PolicyConditionOperator) Valid

func (e PolicyConditionOperator) Valid() bool

Valid indicates whether the value is a known member of the PolicyConditionOperator enum.

type PolicyConditionValue0

type PolicyConditionValue0 = string

PolicyConditionValue0 defines model for .

type PolicyConditionValue1

type PolicyConditionValue1 = float32

PolicyConditionValue1 defines model for .

type PolicyConditionValue2

type PolicyConditionValue2 = int

PolicyConditionValue2 defines model for .

type PolicyConditionValue3

type PolicyConditionValue3 = bool

PolicyConditionValue3 defines model for .

type PolicyConditionValue4

type PolicyConditionValue4 = []interface{}

PolicyConditionValue4 defines model for .

type PolicyCondition_Value

type PolicyCondition_Value struct {
	// contains filtered or unexported fields
}

PolicyCondition_Value defines model for PolicyCondition.Value.

func (PolicyCondition_Value) AsPolicyConditionValue0

func (t PolicyCondition_Value) AsPolicyConditionValue0() (PolicyConditionValue0, error)

AsPolicyConditionValue0 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue0

func (PolicyCondition_Value) AsPolicyConditionValue1

func (t PolicyCondition_Value) AsPolicyConditionValue1() (PolicyConditionValue1, error)

AsPolicyConditionValue1 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue1

func (PolicyCondition_Value) AsPolicyConditionValue2

func (t PolicyCondition_Value) AsPolicyConditionValue2() (PolicyConditionValue2, error)

AsPolicyConditionValue2 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue2

func (PolicyCondition_Value) AsPolicyConditionValue3

func (t PolicyCondition_Value) AsPolicyConditionValue3() (PolicyConditionValue3, error)

AsPolicyConditionValue3 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue3

func (PolicyCondition_Value) AsPolicyConditionValue4

func (t PolicyCondition_Value) AsPolicyConditionValue4() (PolicyConditionValue4, error)

AsPolicyConditionValue4 returns the union data inside the PolicyCondition_Value as a PolicyConditionValue4

func (*PolicyCondition_Value) FromPolicyConditionValue0

func (t *PolicyCondition_Value) FromPolicyConditionValue0(v PolicyConditionValue0) error

FromPolicyConditionValue0 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue0

func (*PolicyCondition_Value) FromPolicyConditionValue1

func (t *PolicyCondition_Value) FromPolicyConditionValue1(v PolicyConditionValue1) error

FromPolicyConditionValue1 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue1

func (*PolicyCondition_Value) FromPolicyConditionValue2

func (t *PolicyCondition_Value) FromPolicyConditionValue2(v PolicyConditionValue2) error

FromPolicyConditionValue2 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue2

func (*PolicyCondition_Value) FromPolicyConditionValue3

func (t *PolicyCondition_Value) FromPolicyConditionValue3(v PolicyConditionValue3) error

FromPolicyConditionValue3 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue3

func (*PolicyCondition_Value) FromPolicyConditionValue4

func (t *PolicyCondition_Value) FromPolicyConditionValue4(v PolicyConditionValue4) error

FromPolicyConditionValue4 overwrites any union data inside the PolicyCondition_Value as the provided PolicyConditionValue4

func (PolicyCondition_Value) MarshalJSON

func (t PolicyCondition_Value) MarshalJSON() ([]byte, error)

func (*PolicyCondition_Value) MergePolicyConditionValue0

func (t *PolicyCondition_Value) MergePolicyConditionValue0(v PolicyConditionValue0) error

MergePolicyConditionValue0 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue0

func (*PolicyCondition_Value) MergePolicyConditionValue1

func (t *PolicyCondition_Value) MergePolicyConditionValue1(v PolicyConditionValue1) error

MergePolicyConditionValue1 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue1

func (*PolicyCondition_Value) MergePolicyConditionValue2

func (t *PolicyCondition_Value) MergePolicyConditionValue2(v PolicyConditionValue2) error

MergePolicyConditionValue2 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue2

func (*PolicyCondition_Value) MergePolicyConditionValue3

func (t *PolicyCondition_Value) MergePolicyConditionValue3(v PolicyConditionValue3) error

MergePolicyConditionValue3 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue3

func (*PolicyCondition_Value) MergePolicyConditionValue4

func (t *PolicyCondition_Value) MergePolicyConditionValue4(v PolicyConditionValue4) error

MergePolicyConditionValue4 performs a merge with any union data inside the PolicyCondition_Value, using the provided PolicyConditionValue4

func (*PolicyCondition_Value) UnmarshalJSON

func (t *PolicyCondition_Value) UnmarshalJSON(b []byte) error

type PolicyId

type PolicyId = string

PolicyId defines model for PolicyId.

type PolicyListResponse

type PolicyListResponse struct {
	Items      *[]Policy   `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

PolicyListResponse defines model for PolicyListResponse.

type PolicyMatch

type PolicyMatch struct {
	Explanation   *string `json:"explanation,omitempty"`
	PolicyId      *string `json:"policy_id,omitempty"`
	PolicyVersion *int    `json:"policy_version,omitempty"`
	RuleId        *string `json:"rule_id,omitempty"`
}

PolicyMatch defines model for PolicyMatch.

type PolicyRule

type PolicyRule struct {
	ApprovalRequirement   *ApprovalRequirement    `json:"approval_requirement,omitempty"`
	Conditions            *[]PolicyCondition      `json:"conditions,omitempty"`
	Description           *string                 `json:"description,omitempty"`
	Effect                PolicyRuleEffect        `json:"effect"`
	ModificationsTemplate *map[string]interface{} `json:"modifications_template,omitempty"`
	Priority              *int                    `json:"priority,omitempty"`
	RuleId                string                  `json:"rule_id"`
}

PolicyRule defines model for PolicyRule.

type PolicyRuleEffect

type PolicyRuleEffect string

PolicyRuleEffect defines model for PolicyRule.Effect.

const (
	PolicyRuleEffectAllow                 PolicyRuleEffect = "allow"
	PolicyRuleEffectAllowWithModification PolicyRuleEffect = "allow_with_modification"
	PolicyRuleEffectDeny                  PolicyRuleEffect = "deny"
	PolicyRuleEffectRequireApproval       PolicyRuleEffect = "require_approval"
)

Defines values for PolicyRuleEffect.

func (PolicyRuleEffect) Valid

func (e PolicyRuleEffect) Valid() bool

Valid indicates whether the value is a known member of the PolicyRuleEffect enum.

type PolicySimulationRequest

type PolicySimulationRequest struct {
	Action      ActionIntent   `json:"action"`
	Context     *IntentContext `json:"context,omitempty"`
	WorkspaceId string         `json:"workspace_id"`
}

PolicySimulationRequest defines model for PolicySimulationRequest.

type PolicySimulationResponse

type PolicySimulationResponse struct {
	Decision Decision `json:"decision"`
}

PolicySimulationResponse defines model for PolicySimulationResponse.

type PolicyStatus

type PolicyStatus string

PolicyStatus defines model for PolicyStatus.

const (
	PolicyStatusActive   PolicyStatus = "active"
	PolicyStatusArchived PolicyStatus = "archived"
	PolicyStatusDraft    PolicyStatus = "draft"
)

Defines values for PolicyStatus.

func (PolicyStatus) Valid

func (e PolicyStatus) Valid() bool

Valid indicates whether the value is a known member of the PolicyStatus enum.

type PostChatCompletionsJSONRequestBody

type PostChatCompletionsJSONRequestBody = ChatCompletionRequest

PostChatCompletionsJSONRequestBody defines body for PostChatCompletions for application/json ContentType.

type PostMessagesJSONRequestBody

type PostMessagesJSONRequestBody = MessagesRequest

PostMessagesJSONRequestBody defines body for PostMessages for application/json ContentType.

type PreviewActionJSONRequestBody

type PreviewActionJSONRequestBody = InstallActionRequest

PreviewActionJSONRequestBody defines body for PreviewAction for application/json ContentType.

type PreviewCapabilities

type PreviewCapabilities struct {
	Credential *struct {
		// Kind Credential kind (`api_key`, `oauth2`).
		Kind string `json:"kind"`

		// Scope Human-readable scope from `[capabilities.credential]
		// scope`. Useful for the CLI's "what does this connector
		// want?" prompt.
		Scope *string `json:"scope,omitempty"`
	} `json:"credential,omitempty"`

	// NetworkHosts `[capabilities.network] hosts`: pinned `host:port` pairs
	// the connector will reach. Order matches the manifest.
	NetworkHosts *[]string `json:"network_hosts,omitempty"`
}

PreviewCapabilities Flattened view of the connector manifest's `[capabilities.*]` blocks. Optional sub-tables that are absent in the manifest are absent here too — the CLI renders only what the connector actually declares.

type PreviewConnectorJSONRequestBody

type PreviewConnectorJSONRequestBody = InstallConnectorRequest

PreviewConnectorJSONRequestBody defines body for PreviewConnector for application/json ContentType.

type ProcurementAction

type ProcurementAction struct {
	AmountEstimate         *Money                        `json:"amount_estimate,omitempty"`
	CostCenter             *string                       `json:"cost_center,omitempty"`
	Justification          *string                       `json:"justification,omitempty"`
	LegalReviewRequired    *bool                         `json:"legal_review_required,omitempty"`
	LineItems              *[]LineItem                   `json:"line_items,omitempty"`
	RequestType            *ProcurementActionRequestType `json:"request_type,omitempty"`
	Requestor              *string                       `json:"requestor,omitempty"`
	SecurityReviewRequired *bool                         `json:"security_review_required,omitempty"`
	VendorName             *string                       `json:"vendor_name,omitempty"`
}

ProcurementAction defines model for ProcurementAction.

type ProcurementActionRequestType

type ProcurementActionRequestType string

ProcurementActionRequestType defines model for ProcurementAction.RequestType.

const (
	Contractor ProcurementActionRequestType = "contractor"
	Equipment  ProcurementActionRequestType = "equipment"
	Other      ProcurementActionRequestType = "other"
	Services   ProcurementActionRequestType = "services"
	Software   ProcurementActionRequestType = "software"
	Travel     ProcurementActionRequestType = "travel"
)

Defines values for ProcurementActionRequestType.

func (ProcurementActionRequestType) Valid

Valid indicates whether the value is a known member of the ProcurementActionRequestType enum.

type PutAgentCredentialsJSONRequestBody

type PutAgentCredentialsJSONRequestBody = AgentCredentials

PutAgentCredentialsJSONRequestBody defines body for PutAgentCredentials for application/json ContentType.

type PutAgentCredentialsParams

type PutAgentCredentialsParams struct {
	// Purpose Credential purpose, forming the third segment of the vault
	// path `agents/<name>/<purpose>` (e.g. `oauth`, `apikey`).
	// Defaults to `oauth` when omitted, so a request with no
	// `purpose` is indistinguishable from the pre-purpose behavior.
	//
	// Because `<purpose>` flows straight into the raw vault map key,
	// the daemon validates it against `^[a-z0-9][a-z0-9_-]*$` before
	// constructing the path. A value containing `/`, `..`, or
	// percent-encoded separators is rejected with `400`
	// (`invalid_request`) so it cannot escape the `agents/<name>/`
	// namespace.
	Purpose *string `form:"purpose,omitempty" json:"purpose,omitempty"`
}

PutAgentCredentialsParams defines parameters for PutAgentCredentials.

type PutUserCredentialsJSONRequestBody

type PutUserCredentialsJSONRequestBody = AgentCredentials

PutUserCredentialsJSONRequestBody defines body for PutUserCredentials for application/json ContentType.

type ReadCommsMessagesParams

type ReadCommsMessagesParams struct {
	// Service Filter by service ("slack", "discord", or empty for all).
	Service *string `form:"service,omitempty" json:"service,omitempty"`

	// Channel Filter by channel name, or empty for all channels.
	Channel *string `form:"channel,omitempty" json:"channel,omitempty"`
}

ReadCommsMessagesParams defines parameters for ReadCommsMessages.

type ReadCommsMessagesResponse

type ReadCommsMessagesResponse struct {
	Messages []CommsMessage `json:"messages"`
}

ReadCommsMessagesResponse Snapshot of unread messages from the daemon's notify queue. Calling this endpoint marks the surfaced messages as read.

type RebindBindingJSONRequestBody

type RebindBindingJSONRequestBody = RebindRequest

RebindBindingJSONRequestBody defines body for RebindBinding for application/json ContentType.

type RebindRequest

type RebindRequest struct {
	// Source Per-binding credential source. Supports `api_key` and `aws_sigv4`
	// directly; `oauth2` is created through the dedicated OAuth dance and
	// setting `kind: oauth2` here returns a structured `400` referencing
	// #388.
	Source BindingSource `json:"source"`
}

RebindRequest defines model for RebindRequest.

type Recipient

type Recipient struct {
	Email openapi_types.Email `json:"email"`
	Name  *string             `json:"name,omitempty"`
}

Recipient defines model for Recipient.

type RecordSandboxProxyDisabledJSONRequestBody

type RecordSandboxProxyDisabledJSONRequestBody = SandboxProxyDisabledRequest

RecordSandboxProxyDisabledJSONRequestBody defines body for RecordSandboxProxyDisabled for application/json ContentType.

type RecordSandboxProxyRequest403JSONResponseBody

type RecordSandboxProxyRequest403JSONResponseBody struct {
	// contains filtered or unexported fields
}

RecordSandboxProxyRequest403JSONResponseBody defines parameters for RecordSandboxProxyRequest.

func (RecordSandboxProxyRequest403JSONResponseBody) AsError

AsError returns the union data inside the RecordSandboxProxyRequest403JSONResponseBody as a Error

func (RecordSandboxProxyRequest403JSONResponseBody) AsSandboxProxyRejectedResponse

AsSandboxProxyRejectedResponse returns the union data inside the RecordSandboxProxyRequest403JSONResponseBody as a SandboxProxyRejectedResponse

func (*RecordSandboxProxyRequest403JSONResponseBody) FromError

FromError overwrites any union data inside the RecordSandboxProxyRequest403JSONResponseBody as the provided Error

func (*RecordSandboxProxyRequest403JSONResponseBody) FromSandboxProxyRejectedResponse

FromSandboxProxyRejectedResponse overwrites any union data inside the RecordSandboxProxyRequest403JSONResponseBody as the provided SandboxProxyRejectedResponse

func (RecordSandboxProxyRequest403JSONResponseBody) MarshalJSON

func (*RecordSandboxProxyRequest403JSONResponseBody) MergeError

MergeError performs a merge with any union data inside the RecordSandboxProxyRequest403JSONResponseBody, using the provided Error

func (*RecordSandboxProxyRequest403JSONResponseBody) MergeSandboxProxyRejectedResponse

MergeSandboxProxyRejectedResponse performs a merge with any union data inside the RecordSandboxProxyRequest403JSONResponseBody, using the provided SandboxProxyRejectedResponse

func (*RecordSandboxProxyRequest403JSONResponseBody) UnmarshalJSON

type RecordSandboxProxyRequestJSONRequestBody

type RecordSandboxProxyRequestJSONRequestBody = SandboxProxyRequest

RecordSandboxProxyRequestJSONRequestBody defines body for RecordSandboxProxyRequest for application/json ContentType.

type RequestCommsHTTPJSONRequestBody

type RequestCommsHTTPJSONRequestBody = RequestCommsHTTPRequest

RequestCommsHTTPJSONRequestBody defines body for RequestCommsHTTP for application/json ContentType.

type RequestCommsHTTPRequest

type RequestCommsHTTPRequest struct {
	// Body Request body string. Optional.
	Body *string `json:"body,omitempty"`

	// Headers Additional request headers as a JSON object string, e.g.
	// `{"X-Foo":"bar"}`. Optional.
	Headers *string `json:"headers,omitempty"`

	// Method HTTP method (GET, POST, PUT, DELETE, PATCH).
	Method string `json:"method"`

	// Url Target URL.
	Url string `json:"url"`
}

RequestCommsHTTPRequest Request body for `POST /v1/sessions/{id}/comms/http`. The daemon matches `url` against api_key vault entries and injects the matched secret as a Bearer token after the user approves.

type RequiredHeaderError

type RequiredHeaderError struct {
	ParamName string
	Err       error
}

func (*RequiredHeaderError) Error

func (e *RequiredHeaderError) Error() string

func (*RequiredHeaderError) Unwrap

func (e *RequiredHeaderError) Unwrap() error

type RequiredParamError

type RequiredParamError struct {
	ParamName string
}

func (*RequiredParamError) Error

func (e *RequiredParamError) Error() string

type ResumeFlightPlan200JSONResponseBody

type ResumeFlightPlan200JSONResponseBody struct {
	// contains filtered or unexported fields
}

ResumeFlightPlan200JSONResponseBody defines parameters for ResumeFlightPlan.

func (ResumeFlightPlan200JSONResponseBody) AsFlightPlanLaunchResponse

func (t ResumeFlightPlan200JSONResponseBody) AsFlightPlanLaunchResponse() (FlightPlanLaunchResponse, error)

AsFlightPlanLaunchResponse returns the union data inside the ResumeFlightPlan200JSONResponseBody as a FlightPlanLaunchResponse

func (ResumeFlightPlan200JSONResponseBody) AsFlightPlanSeamPendingResponse

func (t ResumeFlightPlan200JSONResponseBody) AsFlightPlanSeamPendingResponse() (FlightPlanSeamPendingResponse, error)

AsFlightPlanSeamPendingResponse returns the union data inside the ResumeFlightPlan200JSONResponseBody as a FlightPlanSeamPendingResponse

func (*ResumeFlightPlan200JSONResponseBody) FromFlightPlanLaunchResponse

func (t *ResumeFlightPlan200JSONResponseBody) FromFlightPlanLaunchResponse(v FlightPlanLaunchResponse) error

FromFlightPlanLaunchResponse overwrites any union data inside the ResumeFlightPlan200JSONResponseBody as the provided FlightPlanLaunchResponse

func (*ResumeFlightPlan200JSONResponseBody) FromFlightPlanSeamPendingResponse

func (t *ResumeFlightPlan200JSONResponseBody) FromFlightPlanSeamPendingResponse(v FlightPlanSeamPendingResponse) error

FromFlightPlanSeamPendingResponse overwrites any union data inside the ResumeFlightPlan200JSONResponseBody as the provided FlightPlanSeamPendingResponse

func (ResumeFlightPlan200JSONResponseBody) MarshalJSON

func (t ResumeFlightPlan200JSONResponseBody) MarshalJSON() ([]byte, error)

func (*ResumeFlightPlan200JSONResponseBody) MergeFlightPlanLaunchResponse

func (t *ResumeFlightPlan200JSONResponseBody) MergeFlightPlanLaunchResponse(v FlightPlanLaunchResponse) error

MergeFlightPlanLaunchResponse performs a merge with any union data inside the ResumeFlightPlan200JSONResponseBody, using the provided FlightPlanLaunchResponse

func (*ResumeFlightPlan200JSONResponseBody) MergeFlightPlanSeamPendingResponse

func (t *ResumeFlightPlan200JSONResponseBody) MergeFlightPlanSeamPendingResponse(v FlightPlanSeamPendingResponse) error

MergeFlightPlanSeamPendingResponse performs a merge with any union data inside the ResumeFlightPlan200JSONResponseBody, using the provided FlightPlanSeamPendingResponse

func (*ResumeFlightPlan200JSONResponseBody) UnmarshalJSON

func (t *ResumeFlightPlan200JSONResponseBody) UnmarshalJSON(b []byte) error

type ResumeFlightPlanJSONRequestBody

type ResumeFlightPlanJSONRequestBody = FlightPlanResumeRequest

ResumeFlightPlanJSONRequestBody defines body for ResumeFlightPlan for application/json ContentType.

type RiskLevel

type RiskLevel string

RiskLevel defines model for RiskLevel.

const (
	Critical RiskLevel = "critical"
	High     RiskLevel = "high"
	Low      RiskLevel = "low"
	Medium   RiskLevel = "medium"
)

Defines values for RiskLevel.

func (RiskLevel) Valid

func (e RiskLevel) Valid() bool

Valid indicates whether the value is a known member of the RiskLevel enum.

type RunActionJSONRequestBody

type RunActionJSONRequestBody = ActionRunRequest

RunActionJSONRequestBody defines body for RunAction for application/json ContentType.

type RunConnectorOperation403JSONResponseBody

type RunConnectorOperation403JSONResponseBody struct {
	// contains filtered or unexported fields
}

RunConnectorOperation403JSONResponseBody defines parameters for RunConnectorOperation.

func (RunConnectorOperation403JSONResponseBody) AsError

AsError returns the union data inside the RunConnectorOperation403JSONResponseBody as a Error

func (RunConnectorOperation403JSONResponseBody) AsSandboxProxyRejectedResponse

func (t RunConnectorOperation403JSONResponseBody) AsSandboxProxyRejectedResponse() (SandboxProxyRejectedResponse, error)

AsSandboxProxyRejectedResponse returns the union data inside the RunConnectorOperation403JSONResponseBody as a SandboxProxyRejectedResponse

func (*RunConnectorOperation403JSONResponseBody) FromError

FromError overwrites any union data inside the RunConnectorOperation403JSONResponseBody as the provided Error

func (*RunConnectorOperation403JSONResponseBody) FromSandboxProxyRejectedResponse

func (t *RunConnectorOperation403JSONResponseBody) FromSandboxProxyRejectedResponse(v SandboxProxyRejectedResponse) error

FromSandboxProxyRejectedResponse overwrites any union data inside the RunConnectorOperation403JSONResponseBody as the provided SandboxProxyRejectedResponse

func (RunConnectorOperation403JSONResponseBody) MarshalJSON

func (*RunConnectorOperation403JSONResponseBody) MergeError

MergeError performs a merge with any union data inside the RunConnectorOperation403JSONResponseBody, using the provided Error

func (*RunConnectorOperation403JSONResponseBody) MergeSandboxProxyRejectedResponse

func (t *RunConnectorOperation403JSONResponseBody) MergeSandboxProxyRejectedResponse(v SandboxProxyRejectedResponse) error

MergeSandboxProxyRejectedResponse performs a merge with any union data inside the RunConnectorOperation403JSONResponseBody, using the provided SandboxProxyRejectedResponse

func (*RunConnectorOperation403JSONResponseBody) UnmarshalJSON

func (t *RunConnectorOperation403JSONResponseBody) UnmarshalJSON(b []byte) error

type RunConnectorOperationJSONRequestBody

type RunConnectorOperationJSONRequestBody = ConnectorOperationRunRequest

RunConnectorOperationJSONRequestBody defines body for RunConnectorOperation for application/json ContentType.

type RunExecutionJSONRequestBody

type RunExecutionJSONRequestBody = ExecutionRunRequest

RunExecutionJSONRequestBody defines body for RunExecution for application/json ContentType.

type SandboxProxyDisabledRequest

type SandboxProxyDisabledRequest struct {
	// Reason Why proxy bootstrap is not active for this launch.
	// * `user_opt_out` — the user disabled proxy bootstrap via
	//   `--sandbox-proxy=off` or `AILERON_SANDBOX_PROXY=off`.
	// * `preflight_failed` — proxy bootstrap was requested but
	//   the selected sandbox image does not provide
	//   `aileron-install-proxy-ca`/`aileron-run-with-proxy-ca`.
	// * `unsupported_sandbox_mode` — proxy bootstrap is not
	//   available for the selected `--sandbox` mode (anything
	//   other than `docker`).
	Reason SandboxProxyDisabledRequestReason `json:"reason"`

	// SandboxImage Resolved sandbox image reference, when known.
	SandboxImage *string `json:"sandbox_image,omitempty"`

	// SandboxMode Resolved `--sandbox` mode (e.g. `docker`, `off`).
	SandboxMode *string `json:"sandbox_mode,omitempty"`

	// SessionId Launch session id the disabled-bootstrap decision applies to.
	SessionId string `json:"session_id"`
}

SandboxProxyDisabledRequest Launcher-side disabled-bootstrap event payload. Posted by `aileron launch` when sandbox HTTPS proxy bootstrap is not active for the session — opted out, preflight failed, or unsupported sandbox mode. Credential material is intentionally absent from this contract.

type SandboxProxyDisabledRequestReason

type SandboxProxyDisabledRequestReason string

SandboxProxyDisabledRequestReason Why proxy bootstrap is not active for this launch.

  • `user_opt_out` — the user disabled proxy bootstrap via `--sandbox-proxy=off` or `AILERON_SANDBOX_PROXY=off`.
  • `preflight_failed` — proxy bootstrap was requested but the selected sandbox image does not provide `aileron-install-proxy-ca`/`aileron-run-with-proxy-ca`.
  • `unsupported_sandbox_mode` — proxy bootstrap is not available for the selected `--sandbox` mode (anything other than `docker`).
const (
	PreflightFailed        SandboxProxyDisabledRequestReason = "preflight_failed"
	UnsupportedSandboxMode SandboxProxyDisabledRequestReason = "unsupported_sandbox_mode"
	UserOptOut             SandboxProxyDisabledRequestReason = "user_opt_out"
)

Defines values for SandboxProxyDisabledRequestReason.

func (SandboxProxyDisabledRequestReason) Valid

Valid indicates whether the value is a known member of the SandboxProxyDisabledRequestReason enum.

type SandboxProxyRejectedResponse

type SandboxProxyRejectedResponse struct {
	// AuditId Audit log ID for the rejected proxy attempt.
	AuditId      string                             `json:"audit_id"`
	ConnectorFqn string                             `json:"connector_fqn"`
	Message      string                             `json:"message"`
	Operation    string                             `json:"operation"`
	Status       SandboxProxyRejectedResponseStatus `json:"status"`
	Tool         string                             `json:"tool"`
}

SandboxProxyRejectedResponse Fail-closed response for a recognized sandbox HTTPS proxy request when the request cannot be mediated safely.

type SandboxProxyRejectedResponseStatus

type SandboxProxyRejectedResponseStatus string

SandboxProxyRejectedResponseStatus defines model for SandboxProxyRejectedResponse.Status.

const (
	SandboxProxyRejectedResponseStatusRejected SandboxProxyRejectedResponseStatus = "rejected"
)

Defines values for SandboxProxyRejectedResponseStatus.

func (SandboxProxyRejectedResponseStatus) Valid

Valid indicates whether the value is a known member of the SandboxProxyRejectedResponseStatus enum.

type SandboxProxyRequest

type SandboxProxyRequest struct {
	// ConnectorFqn Connector FQN from the installed connector spec.
	ConnectorFqn string `json:"connector_fqn"`

	// Method HTTP method observed by the sandbox proxy.
	Method string `json:"method"`

	// Operation Operation name within the tool.
	Operation string `json:"operation"`

	// Tool Sandbox-visible tool command name generated from the spec.
	Tool string `json:"tool"`

	// UpstreamUrl Absolute HTTPS upstream URL requested by the sandboxed client.
	UpstreamUrl string `json:"upstream_url"`
}

SandboxProxyRequest Internal request shape emitted by the sandbox HTTPS data-plane proxy when it has identified a candidate connector operation. Credential material is intentionally absent from this contract. This initial transport cut supports bodyless upstream requests.

type SandboxProxyResponse

type SandboxProxyResponse struct {
	// AuditId Audit log ID for the proxied request.
	AuditId string `json:"audit_id"`

	// BodyBase64 Base64-encoded upstream response body.
	BodyBase64   []byte `json:"body_base64"`
	ConnectorFqn string `json:"connector_fqn"`

	// ContentType Upstream Content-Type response header, when present.
	ContentType *string                    `json:"content_type,omitempty"`
	Operation   string                     `json:"operation"`
	Status      SandboxProxyResponseStatus `json:"status"`
	Tool        string                     `json:"tool"`

	// UpstreamStatus HTTP status returned by the upstream service.
	UpstreamStatus int `json:"upstream_status"`
}

SandboxProxyResponse Sanitized response for a sandbox HTTPS proxy request. Credential material and upstream request headers are never included.

type SandboxProxyResponseStatus

type SandboxProxyResponseStatus string

SandboxProxyResponseStatus defines model for SandboxProxyResponse.Status.

const (
	Proxied SandboxProxyResponseStatus = "proxied"
)

Defines values for SandboxProxyResponseStatus.

func (SandboxProxyResponseStatus) Valid

func (e SandboxProxyResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the SandboxProxyResponseStatus enum.

type SandboxProxyStepScopeRequest

type SandboxProxyStepScopeRequest struct {
	// Credential The step's declared credential identity from the manifest
	// trust contract (#1980). Optional and additive: when omitted
	// the scope is minted with no identity recorded, exactly as
	// before. Carries only the non-secret identity (kind + label),
	// never credential material. Stored but not yet consumed for
	// egress selection.
	Credential *struct {
		// IdentityLabel The non-secret identity label the step declares (mirrors the manifest trust-contract identity label).
		IdentityLabel string `json:"identityLabel"`

		// Kind The credential kind the step declares (mirrors the manifest trust-contract credential kind).
		Kind string `json:"kind"`
	} `json:"credential,omitempty"`

	// Hosts The step's sealed network reach. Each entry is a host with
	// an optional port, no scheme, no path (for example
	// api.example.com or api.example.com:443), reusing the lock
	// stepTrust host vocabulary.
	Hosts []string `json:"hosts"`

	// SessionId The boot proxy session id the scoped credential authenticates under (the CONNECT username).
	SessionId string `json:"session_id"`

	// StepId The tool step id the scope is minted for.
	StepId string `json:"step_id"`
}

SandboxProxyStepScopeRequest Step-scope mint payload (#1829). session_id names the boot proxy session the scoped CONNECTs ride on; step_id names the tool step; hosts is the step's sealed network reach from the verified lock's stepTrust section. Carries no credential material. The optional `credential` block carries only the step's non-secret declared credential identity (its kind and identity label from the manifest trust contract), never credential material; it lets the daemon learn which credential identity an outbound request belongs to (#1980). It is not yet consumed for egress selection.

type SandboxProxyStepScopeResponse

type SandboxProxyStepScopeResponse struct {
	// ExpiresAt Instant the scope expires; an expired scope authenticates as 407.
	ExpiresAt time.Time `json:"expires_at"`

	// ScopeId Opaque id identifying the scope for DELETE release.
	ScopeId string `json:"scope_id"`

	// Token The ephemeral step-scope token. Used as the CONNECT Basic-auth password; compared constant-time daemon-side.
	Token string `json:"token"`
}

SandboxProxyStepScopeResponse A minted step scope: the scope id (for release), the ephemeral token used as the CONNECT password, and the expiry instant.

type SendCommsMessageJSONRequestBody

type SendCommsMessageJSONRequestBody = SendCommsMessageRequest

SendCommsMessageJSONRequestBody defines body for SendCommsMessage for application/json ContentType.

type SendCommsMessageRequest

type SendCommsMessageRequest struct {
	// Body Message text to send.
	Body string `json:"body"`

	// Channel Channel name or ID to send to.
	Channel string `json:"channel"`

	// Service Target service ("slack", "discord").
	Service string `json:"service"`
}

SendCommsMessageRequest Request body for `POST /v1/sessions/{id}/comms/send`. session_id rides in the URL path; the daemon stamps it on the action-approval entry.

type ServeMux

type ServeMux interface {
	HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
	http.Handler
}

ServeMux is an abstraction of http.ServeMux.

type ServerInterface

type ServerInterface interface {
	// List pending action-level approval requests
	// (GET /v1/action-approvals)
	ListActionApprovals(w http.ResponseWriter, r *http.Request)
	// Stream action-level approval queue events (Server-Sent Events)
	// (GET /v1/action-approvals/watch)
	WatchActionApprovals(w http.ResponseWriter, r *http.Request)
	// Approve or deny a pending action-level approval
	// (POST /v1/action-approvals/{approval_id}/decide)
	DecideActionApproval(w http.ResponseWriter, r *http.Request, approvalId string)
	// Poll an action approval's status and result
	// (GET /v1/action-approvals/{approval_id}/result)
	GetActionApprovalResult(w http.ResponseWriter, r *http.Request, approvalId string)
	// List installed actions
	// (GET /v1/actions)
	ListActions(w http.ResponseWriter, r *http.Request)
	// Install an action template into the user's actions directory
	// (POST /v1/actions/install)
	InstallAction(w http.ResponseWriter, r *http.Request)
	// Preview an action install without committing
	// (POST /v1/actions/preview)
	PreviewAction(w http.ResponseWriter, r *http.Request)
	// Get an installed action by name
	// (GET /v1/actions/{name})
	GetAction(w http.ResponseWriter, r *http.Request, name string)
	// Update an installed action's user-controlled state
	// (PATCH /v1/actions/{name})
	PatchAction(w http.ResponseWriter, r *http.Request, name string)
	// Execute an installed action
	// (POST /v1/actions/{name}/run)
	RunAction(w http.ResponseWriter, r *http.Request, name string)
	// Get analytics summary
	// (GET /v1/analytics/summary)
	GetAnalyticsSummary(w http.ResponseWriter, r *http.Request, params GetAnalyticsSummaryParams)
	// List approval requests
	// (GET /v1/approvals)
	ListApprovals(w http.ResponseWriter, r *http.Request, params ListApprovalsParams)
	// Get an approval request
	// (GET /v1/approvals/{approval_id})
	GetApproval(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Approve an action
	// (POST /v1/approvals/{approval_id}/approve)
	ApproveRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Deny an action
	// (POST /v1/approvals/{approval_id}/deny)
	DenyRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// Approve with modifications
	// (POST /v1/approvals/{approval_id}/modify)
	ModifyRequest(w http.ResponseWriter, r *http.Request, approvalId ApprovalId)
	// List audit events
	// (GET /v1/audit)
	ListAudit(w http.ResponseWriter, r *http.Request, params ListAuditParams)
	// Append an audit event
	// (POST /v1/audit)
	CreateAudit(w http.ResponseWriter, r *http.Request)
	// Assemble the provenance trace for an artifact or launch
	// (GET /v1/audit/trace)
	GetAuditTrace(w http.ResponseWriter, r *http.Request, params GetAuditTraceParams)
	// Get a single audit event by id
	// (GET /v1/audit/{audit_id})
	GetAudit(w http.ResponseWriter, r *http.Request, auditId string)
	// List capability bindings
	// (GET /v1/bindings)
	ListBindings(w http.ResponseWriter, r *http.Request, params ListBindingsParams)
	// Create one or more bindings for a connector
	// (POST /v1/bindings/setup)
	SetupBindings(w http.ResponseWriter, r *http.Request)
	// Daemon-hosted OAuth2 callback
	// (GET /v1/bindings/setup/oauth2/callback)
	Oauth2BindingCallback(w http.ResponseWriter, r *http.Request, params Oauth2BindingCallbackParams)
	// Complete an OAuth2 binding flow
	// (POST /v1/bindings/setup/oauth2/finish)
	FinishOAuth2Binding(w http.ResponseWriter, r *http.Request)
	// Begin an OAuth2 binding flow
	// (POST /v1/bindings/setup/oauth2/init)
	InitOAuth2Binding(w http.ResponseWriter, r *http.Request)
	// Revoke a binding
	// (DELETE /v1/bindings/{name})
	RevokeBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// Inspect a single binding
	// (GET /v1/bindings/{name})
	GetBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// Replace the credential value of an existing binding
	// (POST /v1/bindings/{name}/rebind)
	RebindBinding(w http.ResponseWriter, r *http.Request, name BindingName)
	// OpenAI-compatible chat completions endpoint
	// (POST /v1/chat/completions)
	PostChatCompletions(w http.ResponseWriter, r *http.Request)
	// Initiate OAuth flow to connect an external account
	// (GET /v1/connect/{provider})
	ConnectAccount(w http.ResponseWriter, r *http.Request, provider string, params ConnectAccountParams)
	// Handle OAuth callback for account connection
	// (GET /v1/connect/{provider}/callback)
	ConnectAccountCallback(w http.ResponseWriter, r *http.Request, provider string, params ConnectAccountCallbackParams)
	// List the current user's connected external accounts
	// (GET /v1/connected-accounts)
	ListConnectedAccounts(w http.ResponseWriter, r *http.Request)
	// Disconnect an external account
	// (DELETE /v1/connected-accounts/{id})
	DeleteConnectedAccount(w http.ResponseWriter, r *http.Request, id string)
	// Get a connected account
	// (GET /v1/connected-accounts/{id})
	GetConnectedAccount(w http.ResponseWriter, r *http.Request, id string)
	// Resolve a generated sandbox connector operation shim
	// (POST /v1/connector-operations/run)
	RunConnectorOperation(w http.ResponseWriter, r *http.Request)
	// List connectors
	// (GET /v1/connectors)
	ListConnectors(w http.ResponseWriter, r *http.Request, params ListConnectorsParams)
	// Register a connector
	// (POST /v1/connectors)
	CreateConnector(w http.ResponseWriter, r *http.Request)
	// Check installed connectors for newer versions
	// (GET /v1/connectors/check)
	CheckConnectors(w http.ResponseWriter, r *http.Request, params CheckConnectorsParams)
	// Install a connector into the content-addressed store
	// (POST /v1/connectors/install)
	InstallConnector(w http.ResponseWriter, r *http.Request)
	// Preview a connector install without committing
	// (POST /v1/connectors/preview)
	PreviewConnector(w http.ResponseWriter, r *http.Request)
	// Get a connector
	// (GET /v1/connectors/{connector_id})
	GetConnector(w http.ResponseWriter, r *http.Request, connectorId ConnectorId)
	// Update a connector
	// (PATCH /v1/connectors/{connector_id})
	UpdateConnector(w http.ResponseWriter, r *http.Request, connectorId ConnectorId)
	// List credential references
	// (GET /v1/credentials)
	ListCredentials(w http.ResponseWriter, r *http.Request, params ListCredentialsParams)
	// Register a credential reference
	// (POST /v1/credentials)
	CreateCredential(w http.ResponseWriter, r *http.Request)
	// Get current enterprise
	// (GET /v1/enterprises/me)
	GetCurrentEnterprise(w http.ResponseWriter, r *http.Request)
	// Update current enterprise
	// (PATCH /v1/enterprises/me)
	UpdateCurrentEnterprise(w http.ResponseWriter, r *http.Request)
	// Get an execution grant
	// (GET /v1/execution-grants/{grant_id})
	GetExecutionGrant(w http.ResponseWriter, r *http.Request, grantId GrantId)
	// Execute an approved action
	// (POST /v1/executions/run)
	RunExecution(w http.ResponseWriter, r *http.Request)
	// Get execution status
	// (GET /v1/executions/{execution_id})
	GetExecution(w http.ResponseWriter, r *http.Request, executionId ExecutionId)
	// Post execution callback
	// (POST /v1/executions/{execution_id}/callback)
	ExecutionCallback(w http.ResponseWriter, r *http.Request, executionId ExecutionId)
	// List installed Flight Plans
	// (GET /v1/flightplans)
	ListFlightPlans(w http.ResponseWriter, r *http.Request)
	// Resume a suspended Flight Plan run
	// (POST /v1/flightplans/runs/{runId}/resume)
	ResumeFlightPlan(w http.ResponseWriter, r *http.Request, runId string)
	// Launch an installed frozen Flight Plan
	// (POST /v1/flightplans/{name}/launch)
	LaunchFlightPlan(w http.ResponseWriter, r *http.Request, name string)
	// List funding sources
	// (GET /v1/funding-sources)
	ListFundingSources(w http.ResponseWriter, r *http.Request, params ListFundingSourcesParams)
	// Create a funding source
	// (POST /v1/funding-sources)
	CreateFundingSource(w http.ResponseWriter, r *http.Request)
	// Get service health
	// (GET /v1/health)
	GetHealth(w http.ResponseWriter, r *http.Request)
	// Look up a single Hub action entry by FQN
	// (GET /v1/hub/action)
	GetHubAction(w http.ResponseWriter, r *http.Request, params GetHubActionParams)
	// Composite install-decision payload for an action install
	// (GET /v1/hub/action-install-decision)
	GetHubActionInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubActionInstallDecisionParams)
	// List Hub action entries
	// (GET /v1/hub/actions)
	ListHubActions(w http.ResponseWriter, r *http.Request, params ListHubActionsParams)
	// Look up a single Hub connector entry by FQN
	// (GET /v1/hub/connector)
	GetHubConnector(w http.ResponseWriter, r *http.Request, params GetHubConnectorParams)
	// List Hub connector entries
	// (GET /v1/hub/connectors)
	ListHubConnectors(w http.ResponseWriter, r *http.Request, params ListHubConnectorsParams)
	// Pre-computed install-decision payload for a Hub connector
	// (GET /v1/hub/install-decision)
	GetHubInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubInstallDecisionParams)
	// Look up a single Hub suite entry by FQN
	// (GET /v1/hub/suite)
	GetHubSuite(w http.ResponseWriter, r *http.Request, params GetHubSuiteParams)
	// Composite install-decision payload for a suite install
	// (GET /v1/hub/suite-install-decision)
	GetHubSuiteInstallDecision(w http.ResponseWriter, r *http.Request, params GetHubSuiteInstallDecisionParams)
	// List Hub suite entries
	// (GET /v1/hub/suites)
	ListHubSuites(w http.ResponseWriter, r *http.Request, params ListHubSuitesParams)
	// List intents
	// (GET /v1/intents)
	ListIntents(w http.ResponseWriter, r *http.Request, params ListIntentsParams)
	// Submit a new action intent
	// (POST /v1/intents)
	CreateIntent(w http.ResponseWriter, r *http.Request)
	// Get an intent
	// (GET /v1/intents/{intent_id})
	GetIntent(w http.ResponseWriter, r *http.Request, intentId IntentId)
	// Attach evidence to an intent
	// (POST /v1/intents/{intent_id}/evidence)
	AppendIntentEvidence(w http.ResponseWriter, r *http.Request, intentId IntentId)
	// Anthropic-compatible messages endpoint
	// (POST /v1/messages)
	PostMessages(w http.ResponseWriter, r *http.Request)
	// List policies
	// (GET /v1/policies)
	ListPolicies(w http.ResponseWriter, r *http.Request, params ListPoliciesParams)
	// Create a policy
	// (POST /v1/policies)
	CreatePolicy(w http.ResponseWriter, r *http.Request)
	// Simulate policy evaluation
	// (POST /v1/policies/simulate)
	SimulatePolicy(w http.ResponseWriter, r *http.Request)
	// Get a policy
	// (GET /v1/policies/{policy_id})
	GetPolicy(w http.ResponseWriter, r *http.Request, policyId PolicyId)
	// Update a policy
	// (PATCH /v1/policies/{policy_id})
	UpdatePolicy(w http.ResponseWriter, r *http.Request, policyId PolicyId)
	// Record a sandbox HTTPS proxy bootstrap-disabled event
	// (POST /v1/sandbox-proxy/disabled)
	RecordSandboxProxyDisabled(w http.ResponseWriter, r *http.Request)
	// Resolve a sandbox HTTPS proxy data-plane request
	// (POST /v1/sandbox-proxy/requests)
	RecordSandboxProxyRequest(w http.ResponseWriter, r *http.Request)
	// Mint a step-scoped sandbox proxy credential
	// (POST /v1/sandbox-proxy/step-scopes)
	CreateSandboxProxyStepScope(w http.ResponseWriter, r *http.Request)
	// Release a step-scoped sandbox proxy credential
	// (DELETE /v1/sandbox-proxy/step-scopes/{scope_id})
	DeleteSandboxProxyStepScope(w http.ResponseWriter, r *http.Request, scopeId string)
	// List launch sessions
	// (GET /v1/sessions)
	ListSessions(w http.ResponseWriter, r *http.Request, params ListSessionsParams)
	// Register a new launch session
	// (POST /v1/sessions)
	CreateSession(w http.ResponseWriter, r *http.Request)
	// Get a launch session by id
	// (GET /v1/sessions/{session_id})
	GetSession(w http.ResponseWriter, r *http.Request, sessionId string)
	// Submit a draft reply for user review
	// (POST /v1/sessions/{session_id}/comms/draft)
	DraftCommsReply(w http.ResponseWriter, r *http.Request, sessionId string)
	// Issue an authenticated HTTP request with user approval
	// (POST /v1/sessions/{session_id}/comms/http)
	RequestCommsHTTP(w http.ResponseWriter, r *http.Request, sessionId string)
	// Read pending messages from communication channels
	// (GET /v1/sessions/{session_id}/comms/messages)
	ReadCommsMessages(w http.ResponseWriter, r *http.Request, sessionId string, params ReadCommsMessagesParams)
	// Request user approval to send a message
	// (POST /v1/sessions/{session_id}/comms/send)
	SendCommsMessage(w http.ResponseWriter, r *http.Request, sessionId string)
	// Mark a launch session ended
	// (POST /v1/sessions/{session_id}/end)
	EndSession(w http.ResponseWriter, r *http.Request, sessionId string)
	// Get runtime status (version, listen address, action / connector / binding counts, vault state)
	// (GET /v1/status)
	GetStatus(w http.ResponseWriter, r *http.Request)
	// Reconcile installed actions with their declared connector dependencies
	// (POST /v1/sync)
	Sync(w http.ResponseWriter, r *http.Request)
	// List traces
	// (GET /v1/traces)
	ListTraces(w http.ResponseWriter, r *http.Request, params ListTracesParams)
	// Get current user
	// (GET /v1/users/me)
	GetCurrentUser(w http.ResponseWriter, r *http.Request)
	// Update current user
	// (PATCH /v1/users/me)
	UpdateCurrentUser(w http.ResponseWriter, r *http.Request)
	// Disconnect an auth provider
	// (DELETE /v1/users/me/auth-providers/{provider})
	DisconnectAuthProvider(w http.ResponseWriter, r *http.Request, provider string)
	// Set or rotate vault passphrase
	// (POST /v1/users/me/passphrase)
	SetPassphrase(w http.ResponseWriter, r *http.Request)
	// Lock vault and clear cached KEK
	// (POST /v1/users/me/passphrase/lock)
	LockVault(w http.ResponseWriter, r *http.Request)
	// Get passphrase salt
	// (GET /v1/users/me/passphrase/salt)
	GetPassphraseSalt(w http.ResponseWriter, r *http.Request)
	// Unlock vault with passphrase-derived KEK
	// (POST /v1/users/me/passphrase/unlock)
	UnlockVault(w http.ResponseWriter, r *http.Request)
	// Get KEK verification blob
	// (GET /v1/users/me/passphrase/verification)
	GetPassphraseVerification(w http.ResponseWriter, r *http.Request)
	// Get vault lock status
	// (GET /v1/users/me/vault/status)
	GetVaultStatus(w http.ResponseWriter, r *http.Request)
	// List every entry in the local vault (union view)
	// (GET /v1/vault)
	ListVaultEntries(w http.ResponseWriter, r *http.Request, params ListVaultEntriesParams)
	// List per-agent credential entries in the local vault
	// (GET /v1/vault/agents)
	ListAgentCredentials(w http.ResponseWriter, r *http.Request)
	// Delete the per-agent credential envelope from the local vault
	// (DELETE /v1/vault/agents/{name}/credentials)
	DeleteAgentCredentials(w http.ResponseWriter, r *http.Request, name string, params DeleteAgentCredentialsParams)
	// Read the per-agent credential envelope from the local vault
	// (GET /v1/vault/agents/{name}/credentials)
	GetAgentCredentials(w http.ResponseWriter, r *http.Request, name string, params GetAgentCredentialsParams)
	// Write the per-agent credential envelope to the local vault
	// (PUT /v1/vault/agents/{name}/credentials)
	PutAgentCredentials(w http.ResponseWriter, r *http.Request, name string, params PutAgentCredentialsParams)
	// Get local vault lock status
	// (GET /v1/vault/status)
	GetLocalVaultStatus(w http.ResponseWriter, r *http.Request)
	// Unlock the local vault with a passphrase
	// (POST /v1/vault/unlock)
	UnlockLocalVault(w http.ResponseWriter, r *http.Request)
	// List user-level credential entries in the local vault
	// (GET /v1/vault/user)
	ListUserCredentials(w http.ResponseWriter, r *http.Request)
	// Delete the user-level credential envelope from the local vault
	// (DELETE /v1/vault/user/{service}/credentials)
	DeleteUserCredentials(w http.ResponseWriter, r *http.Request, service string)
	// Read the user-level credential envelope from the local vault
	// (GET /v1/vault/user/{service}/credentials)
	GetUserCredentials(w http.ResponseWriter, r *http.Request, service string)
	// Write the user-level credential envelope to the local vault
	// (PUT /v1/vault/user/{service}/credentials)
	PutUserCredentials(w http.ResponseWriter, r *http.Request, service string)
}

ServerInterface represents all server handlers.

type ServerInterfaceWrapper

type ServerInterfaceWrapper struct {
	Handler            ServerInterface
	HandlerMiddlewares []MiddlewareFunc
	ErrorHandlerFunc   func(w http.ResponseWriter, r *http.Request, err error)
}

ServerInterfaceWrapper converts contexts to parameters.

func (*ServerInterfaceWrapper) AppendIntentEvidence

func (siw *ServerInterfaceWrapper) AppendIntentEvidence(w http.ResponseWriter, r *http.Request)

AppendIntentEvidence operation middleware

func (*ServerInterfaceWrapper) ApproveRequest

func (siw *ServerInterfaceWrapper) ApproveRequest(w http.ResponseWriter, r *http.Request)

ApproveRequest operation middleware

func (*ServerInterfaceWrapper) CheckConnectors

func (siw *ServerInterfaceWrapper) CheckConnectors(w http.ResponseWriter, r *http.Request)

CheckConnectors operation middleware

func (*ServerInterfaceWrapper) ConnectAccount

func (siw *ServerInterfaceWrapper) ConnectAccount(w http.ResponseWriter, r *http.Request)

ConnectAccount operation middleware

func (*ServerInterfaceWrapper) ConnectAccountCallback

func (siw *ServerInterfaceWrapper) ConnectAccountCallback(w http.ResponseWriter, r *http.Request)

ConnectAccountCallback operation middleware

func (*ServerInterfaceWrapper) CreateAudit

func (siw *ServerInterfaceWrapper) CreateAudit(w http.ResponseWriter, r *http.Request)

CreateAudit operation middleware

func (*ServerInterfaceWrapper) CreateConnector

func (siw *ServerInterfaceWrapper) CreateConnector(w http.ResponseWriter, r *http.Request)

CreateConnector operation middleware

func (*ServerInterfaceWrapper) CreateCredential

func (siw *ServerInterfaceWrapper) CreateCredential(w http.ResponseWriter, r *http.Request)

CreateCredential operation middleware

func (*ServerInterfaceWrapper) CreateFundingSource

func (siw *ServerInterfaceWrapper) CreateFundingSource(w http.ResponseWriter, r *http.Request)

CreateFundingSource operation middleware

func (*ServerInterfaceWrapper) CreateIntent

func (siw *ServerInterfaceWrapper) CreateIntent(w http.ResponseWriter, r *http.Request)

CreateIntent operation middleware

func (*ServerInterfaceWrapper) CreatePolicy

func (siw *ServerInterfaceWrapper) CreatePolicy(w http.ResponseWriter, r *http.Request)

CreatePolicy operation middleware

func (*ServerInterfaceWrapper) CreateSandboxProxyStepScope

func (siw *ServerInterfaceWrapper) CreateSandboxProxyStepScope(w http.ResponseWriter, r *http.Request)

CreateSandboxProxyStepScope operation middleware

func (*ServerInterfaceWrapper) CreateSession

func (siw *ServerInterfaceWrapper) CreateSession(w http.ResponseWriter, r *http.Request)

CreateSession operation middleware

func (*ServerInterfaceWrapper) DecideActionApproval

func (siw *ServerInterfaceWrapper) DecideActionApproval(w http.ResponseWriter, r *http.Request)

DecideActionApproval operation middleware

func (*ServerInterfaceWrapper) DeleteAgentCredentials

func (siw *ServerInterfaceWrapper) DeleteAgentCredentials(w http.ResponseWriter, r *http.Request)

DeleteAgentCredentials operation middleware

func (*ServerInterfaceWrapper) DeleteConnectedAccount

func (siw *ServerInterfaceWrapper) DeleteConnectedAccount(w http.ResponseWriter, r *http.Request)

DeleteConnectedAccount operation middleware

func (*ServerInterfaceWrapper) DeleteSandboxProxyStepScope

func (siw *ServerInterfaceWrapper) DeleteSandboxProxyStepScope(w http.ResponseWriter, r *http.Request)

DeleteSandboxProxyStepScope operation middleware

func (*ServerInterfaceWrapper) DeleteUserCredentials

func (siw *ServerInterfaceWrapper) DeleteUserCredentials(w http.ResponseWriter, r *http.Request)

DeleteUserCredentials operation middleware

func (*ServerInterfaceWrapper) DenyRequest

func (siw *ServerInterfaceWrapper) DenyRequest(w http.ResponseWriter, r *http.Request)

DenyRequest operation middleware

func (*ServerInterfaceWrapper) DisconnectAuthProvider

func (siw *ServerInterfaceWrapper) DisconnectAuthProvider(w http.ResponseWriter, r *http.Request)

DisconnectAuthProvider operation middleware

func (*ServerInterfaceWrapper) DraftCommsReply

func (siw *ServerInterfaceWrapper) DraftCommsReply(w http.ResponseWriter, r *http.Request)

DraftCommsReply operation middleware

func (*ServerInterfaceWrapper) EndSession

func (siw *ServerInterfaceWrapper) EndSession(w http.ResponseWriter, r *http.Request)

EndSession operation middleware

func (*ServerInterfaceWrapper) ExecutionCallback

func (siw *ServerInterfaceWrapper) ExecutionCallback(w http.ResponseWriter, r *http.Request)

ExecutionCallback operation middleware

func (*ServerInterfaceWrapper) FinishOAuth2Binding

func (siw *ServerInterfaceWrapper) FinishOAuth2Binding(w http.ResponseWriter, r *http.Request)

FinishOAuth2Binding operation middleware

func (*ServerInterfaceWrapper) GetAction

func (siw *ServerInterfaceWrapper) GetAction(w http.ResponseWriter, r *http.Request)

GetAction operation middleware

func (*ServerInterfaceWrapper) GetActionApprovalResult

func (siw *ServerInterfaceWrapper) GetActionApprovalResult(w http.ResponseWriter, r *http.Request)

GetActionApprovalResult operation middleware

func (*ServerInterfaceWrapper) GetAgentCredentials

func (siw *ServerInterfaceWrapper) GetAgentCredentials(w http.ResponseWriter, r *http.Request)

GetAgentCredentials operation middleware

func (*ServerInterfaceWrapper) GetAnalyticsSummary

func (siw *ServerInterfaceWrapper) GetAnalyticsSummary(w http.ResponseWriter, r *http.Request)

GetAnalyticsSummary operation middleware

func (*ServerInterfaceWrapper) GetApproval

func (siw *ServerInterfaceWrapper) GetApproval(w http.ResponseWriter, r *http.Request)

GetApproval operation middleware

func (*ServerInterfaceWrapper) GetAudit

func (siw *ServerInterfaceWrapper) GetAudit(w http.ResponseWriter, r *http.Request)

GetAudit operation middleware

func (*ServerInterfaceWrapper) GetAuditTrace

func (siw *ServerInterfaceWrapper) GetAuditTrace(w http.ResponseWriter, r *http.Request)

GetAuditTrace operation middleware

func (*ServerInterfaceWrapper) GetBinding

func (siw *ServerInterfaceWrapper) GetBinding(w http.ResponseWriter, r *http.Request)

GetBinding operation middleware

func (*ServerInterfaceWrapper) GetConnectedAccount

func (siw *ServerInterfaceWrapper) GetConnectedAccount(w http.ResponseWriter, r *http.Request)

GetConnectedAccount operation middleware

func (*ServerInterfaceWrapper) GetConnector

func (siw *ServerInterfaceWrapper) GetConnector(w http.ResponseWriter, r *http.Request)

GetConnector operation middleware

func (*ServerInterfaceWrapper) GetCurrentEnterprise

func (siw *ServerInterfaceWrapper) GetCurrentEnterprise(w http.ResponseWriter, r *http.Request)

GetCurrentEnterprise operation middleware

func (*ServerInterfaceWrapper) GetCurrentUser

func (siw *ServerInterfaceWrapper) GetCurrentUser(w http.ResponseWriter, r *http.Request)

GetCurrentUser operation middleware

func (*ServerInterfaceWrapper) GetExecution

func (siw *ServerInterfaceWrapper) GetExecution(w http.ResponseWriter, r *http.Request)

GetExecution operation middleware

func (*ServerInterfaceWrapper) GetExecutionGrant

func (siw *ServerInterfaceWrapper) GetExecutionGrant(w http.ResponseWriter, r *http.Request)

GetExecutionGrant operation middleware

func (*ServerInterfaceWrapper) GetHealth

func (siw *ServerInterfaceWrapper) GetHealth(w http.ResponseWriter, r *http.Request)

GetHealth operation middleware

func (*ServerInterfaceWrapper) GetHubAction

func (siw *ServerInterfaceWrapper) GetHubAction(w http.ResponseWriter, r *http.Request)

GetHubAction operation middleware

func (*ServerInterfaceWrapper) GetHubActionInstallDecision

func (siw *ServerInterfaceWrapper) GetHubActionInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubActionInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetHubConnector

func (siw *ServerInterfaceWrapper) GetHubConnector(w http.ResponseWriter, r *http.Request)

GetHubConnector operation middleware

func (*ServerInterfaceWrapper) GetHubInstallDecision

func (siw *ServerInterfaceWrapper) GetHubInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetHubSuite

func (siw *ServerInterfaceWrapper) GetHubSuite(w http.ResponseWriter, r *http.Request)

GetHubSuite operation middleware

func (*ServerInterfaceWrapper) GetHubSuiteInstallDecision

func (siw *ServerInterfaceWrapper) GetHubSuiteInstallDecision(w http.ResponseWriter, r *http.Request)

GetHubSuiteInstallDecision operation middleware

func (*ServerInterfaceWrapper) GetIntent

func (siw *ServerInterfaceWrapper) GetIntent(w http.ResponseWriter, r *http.Request)

GetIntent operation middleware

func (*ServerInterfaceWrapper) GetLocalVaultStatus

func (siw *ServerInterfaceWrapper) GetLocalVaultStatus(w http.ResponseWriter, r *http.Request)

GetLocalVaultStatus operation middleware

func (*ServerInterfaceWrapper) GetPassphraseSalt

func (siw *ServerInterfaceWrapper) GetPassphraseSalt(w http.ResponseWriter, r *http.Request)

GetPassphraseSalt operation middleware

func (*ServerInterfaceWrapper) GetPassphraseVerification

func (siw *ServerInterfaceWrapper) GetPassphraseVerification(w http.ResponseWriter, r *http.Request)

GetPassphraseVerification operation middleware

func (*ServerInterfaceWrapper) GetPolicy

func (siw *ServerInterfaceWrapper) GetPolicy(w http.ResponseWriter, r *http.Request)

GetPolicy operation middleware

func (*ServerInterfaceWrapper) GetSession

func (siw *ServerInterfaceWrapper) GetSession(w http.ResponseWriter, r *http.Request)

GetSession operation middleware

func (*ServerInterfaceWrapper) GetStatus

func (siw *ServerInterfaceWrapper) GetStatus(w http.ResponseWriter, r *http.Request)

GetStatus operation middleware

func (*ServerInterfaceWrapper) GetUserCredentials

func (siw *ServerInterfaceWrapper) GetUserCredentials(w http.ResponseWriter, r *http.Request)

GetUserCredentials operation middleware

func (*ServerInterfaceWrapper) GetVaultStatus

func (siw *ServerInterfaceWrapper) GetVaultStatus(w http.ResponseWriter, r *http.Request)

GetVaultStatus operation middleware

func (*ServerInterfaceWrapper) InitOAuth2Binding

func (siw *ServerInterfaceWrapper) InitOAuth2Binding(w http.ResponseWriter, r *http.Request)

InitOAuth2Binding operation middleware

func (*ServerInterfaceWrapper) InstallAction

func (siw *ServerInterfaceWrapper) InstallAction(w http.ResponseWriter, r *http.Request)

InstallAction operation middleware

func (*ServerInterfaceWrapper) InstallConnector

func (siw *ServerInterfaceWrapper) InstallConnector(w http.ResponseWriter, r *http.Request)

InstallConnector operation middleware

func (*ServerInterfaceWrapper) LaunchFlightPlan

func (siw *ServerInterfaceWrapper) LaunchFlightPlan(w http.ResponseWriter, r *http.Request)

LaunchFlightPlan operation middleware

func (*ServerInterfaceWrapper) ListActionApprovals

func (siw *ServerInterfaceWrapper) ListActionApprovals(w http.ResponseWriter, r *http.Request)

ListActionApprovals operation middleware

func (*ServerInterfaceWrapper) ListActions

func (siw *ServerInterfaceWrapper) ListActions(w http.ResponseWriter, r *http.Request)

ListActions operation middleware

func (*ServerInterfaceWrapper) ListAgentCredentials

func (siw *ServerInterfaceWrapper) ListAgentCredentials(w http.ResponseWriter, r *http.Request)

ListAgentCredentials operation middleware

func (*ServerInterfaceWrapper) ListApprovals

func (siw *ServerInterfaceWrapper) ListApprovals(w http.ResponseWriter, r *http.Request)

ListApprovals operation middleware

func (*ServerInterfaceWrapper) ListAudit

func (siw *ServerInterfaceWrapper) ListAudit(w http.ResponseWriter, r *http.Request)

ListAudit operation middleware

func (*ServerInterfaceWrapper) ListBindings

func (siw *ServerInterfaceWrapper) ListBindings(w http.ResponseWriter, r *http.Request)

ListBindings operation middleware

func (*ServerInterfaceWrapper) ListConnectedAccounts

func (siw *ServerInterfaceWrapper) ListConnectedAccounts(w http.ResponseWriter, r *http.Request)

ListConnectedAccounts operation middleware

func (*ServerInterfaceWrapper) ListConnectors

func (siw *ServerInterfaceWrapper) ListConnectors(w http.ResponseWriter, r *http.Request)

ListConnectors operation middleware

func (*ServerInterfaceWrapper) ListCredentials

func (siw *ServerInterfaceWrapper) ListCredentials(w http.ResponseWriter, r *http.Request)

ListCredentials operation middleware

func (*ServerInterfaceWrapper) ListFlightPlans

func (siw *ServerInterfaceWrapper) ListFlightPlans(w http.ResponseWriter, r *http.Request)

ListFlightPlans operation middleware

func (*ServerInterfaceWrapper) ListFundingSources

func (siw *ServerInterfaceWrapper) ListFundingSources(w http.ResponseWriter, r *http.Request)

ListFundingSources operation middleware

func (*ServerInterfaceWrapper) ListHubActions

func (siw *ServerInterfaceWrapper) ListHubActions(w http.ResponseWriter, r *http.Request)

ListHubActions operation middleware

func (*ServerInterfaceWrapper) ListHubConnectors

func (siw *ServerInterfaceWrapper) ListHubConnectors(w http.ResponseWriter, r *http.Request)

ListHubConnectors operation middleware

func (*ServerInterfaceWrapper) ListHubSuites

func (siw *ServerInterfaceWrapper) ListHubSuites(w http.ResponseWriter, r *http.Request)

ListHubSuites operation middleware

func (*ServerInterfaceWrapper) ListIntents

func (siw *ServerInterfaceWrapper) ListIntents(w http.ResponseWriter, r *http.Request)

ListIntents operation middleware

func (*ServerInterfaceWrapper) ListPolicies

func (siw *ServerInterfaceWrapper) ListPolicies(w http.ResponseWriter, r *http.Request)

ListPolicies operation middleware

func (*ServerInterfaceWrapper) ListSessions

func (siw *ServerInterfaceWrapper) ListSessions(w http.ResponseWriter, r *http.Request)

ListSessions operation middleware

func (*ServerInterfaceWrapper) ListTraces

func (siw *ServerInterfaceWrapper) ListTraces(w http.ResponseWriter, r *http.Request)

ListTraces operation middleware

func (*ServerInterfaceWrapper) ListUserCredentials

func (siw *ServerInterfaceWrapper) ListUserCredentials(w http.ResponseWriter, r *http.Request)

ListUserCredentials operation middleware

func (*ServerInterfaceWrapper) ListVaultEntries

func (siw *ServerInterfaceWrapper) ListVaultEntries(w http.ResponseWriter, r *http.Request)

ListVaultEntries operation middleware

func (*ServerInterfaceWrapper) LockVault

func (siw *ServerInterfaceWrapper) LockVault(w http.ResponseWriter, r *http.Request)

LockVault operation middleware

func (*ServerInterfaceWrapper) ModifyRequest

func (siw *ServerInterfaceWrapper) ModifyRequest(w http.ResponseWriter, r *http.Request)

ModifyRequest operation middleware

func (*ServerInterfaceWrapper) Oauth2BindingCallback

func (siw *ServerInterfaceWrapper) Oauth2BindingCallback(w http.ResponseWriter, r *http.Request)

Oauth2BindingCallback operation middleware

func (*ServerInterfaceWrapper) PatchAction

func (siw *ServerInterfaceWrapper) PatchAction(w http.ResponseWriter, r *http.Request)

PatchAction operation middleware

func (*ServerInterfaceWrapper) PostChatCompletions

func (siw *ServerInterfaceWrapper) PostChatCompletions(w http.ResponseWriter, r *http.Request)

PostChatCompletions operation middleware

func (*ServerInterfaceWrapper) PostMessages

func (siw *ServerInterfaceWrapper) PostMessages(w http.ResponseWriter, r *http.Request)

PostMessages operation middleware

func (*ServerInterfaceWrapper) PreviewAction

func (siw *ServerInterfaceWrapper) PreviewAction(w http.ResponseWriter, r *http.Request)

PreviewAction operation middleware

func (*ServerInterfaceWrapper) PreviewConnector

func (siw *ServerInterfaceWrapper) PreviewConnector(w http.ResponseWriter, r *http.Request)

PreviewConnector operation middleware

func (*ServerInterfaceWrapper) PutAgentCredentials

func (siw *ServerInterfaceWrapper) PutAgentCredentials(w http.ResponseWriter, r *http.Request)

PutAgentCredentials operation middleware

func (*ServerInterfaceWrapper) PutUserCredentials

func (siw *ServerInterfaceWrapper) PutUserCredentials(w http.ResponseWriter, r *http.Request)

PutUserCredentials operation middleware

func (*ServerInterfaceWrapper) ReadCommsMessages

func (siw *ServerInterfaceWrapper) ReadCommsMessages(w http.ResponseWriter, r *http.Request)

ReadCommsMessages operation middleware

func (*ServerInterfaceWrapper) RebindBinding

func (siw *ServerInterfaceWrapper) RebindBinding(w http.ResponseWriter, r *http.Request)

RebindBinding operation middleware

func (*ServerInterfaceWrapper) RecordSandboxProxyDisabled

func (siw *ServerInterfaceWrapper) RecordSandboxProxyDisabled(w http.ResponseWriter, r *http.Request)

RecordSandboxProxyDisabled operation middleware

func (*ServerInterfaceWrapper) RecordSandboxProxyRequest

func (siw *ServerInterfaceWrapper) RecordSandboxProxyRequest(w http.ResponseWriter, r *http.Request)

RecordSandboxProxyRequest operation middleware

func (*ServerInterfaceWrapper) RequestCommsHTTP

func (siw *ServerInterfaceWrapper) RequestCommsHTTP(w http.ResponseWriter, r *http.Request)

RequestCommsHTTP operation middleware

func (*ServerInterfaceWrapper) ResumeFlightPlan

func (siw *ServerInterfaceWrapper) ResumeFlightPlan(w http.ResponseWriter, r *http.Request)

ResumeFlightPlan operation middleware

func (*ServerInterfaceWrapper) RevokeBinding

func (siw *ServerInterfaceWrapper) RevokeBinding(w http.ResponseWriter, r *http.Request)

RevokeBinding operation middleware

func (*ServerInterfaceWrapper) RunAction

func (siw *ServerInterfaceWrapper) RunAction(w http.ResponseWriter, r *http.Request)

RunAction operation middleware

func (*ServerInterfaceWrapper) RunConnectorOperation

func (siw *ServerInterfaceWrapper) RunConnectorOperation(w http.ResponseWriter, r *http.Request)

RunConnectorOperation operation middleware

func (*ServerInterfaceWrapper) RunExecution

func (siw *ServerInterfaceWrapper) RunExecution(w http.ResponseWriter, r *http.Request)

RunExecution operation middleware

func (*ServerInterfaceWrapper) SendCommsMessage

func (siw *ServerInterfaceWrapper) SendCommsMessage(w http.ResponseWriter, r *http.Request)

SendCommsMessage operation middleware

func (*ServerInterfaceWrapper) SetPassphrase

func (siw *ServerInterfaceWrapper) SetPassphrase(w http.ResponseWriter, r *http.Request)

SetPassphrase operation middleware

func (*ServerInterfaceWrapper) SetupBindings

func (siw *ServerInterfaceWrapper) SetupBindings(w http.ResponseWriter, r *http.Request)

SetupBindings operation middleware

func (*ServerInterfaceWrapper) SimulatePolicy

func (siw *ServerInterfaceWrapper) SimulatePolicy(w http.ResponseWriter, r *http.Request)

SimulatePolicy operation middleware

func (*ServerInterfaceWrapper) Sync

Sync operation middleware

func (*ServerInterfaceWrapper) UnlockLocalVault

func (siw *ServerInterfaceWrapper) UnlockLocalVault(w http.ResponseWriter, r *http.Request)

UnlockLocalVault operation middleware

func (*ServerInterfaceWrapper) UnlockVault

func (siw *ServerInterfaceWrapper) UnlockVault(w http.ResponseWriter, r *http.Request)

UnlockVault operation middleware

func (*ServerInterfaceWrapper) UpdateConnector

func (siw *ServerInterfaceWrapper) UpdateConnector(w http.ResponseWriter, r *http.Request)

UpdateConnector operation middleware

func (*ServerInterfaceWrapper) UpdateCurrentEnterprise

func (siw *ServerInterfaceWrapper) UpdateCurrentEnterprise(w http.ResponseWriter, r *http.Request)

UpdateCurrentEnterprise operation middleware

func (*ServerInterfaceWrapper) UpdateCurrentUser

func (siw *ServerInterfaceWrapper) UpdateCurrentUser(w http.ResponseWriter, r *http.Request)

UpdateCurrentUser operation middleware

func (*ServerInterfaceWrapper) UpdatePolicy

func (siw *ServerInterfaceWrapper) UpdatePolicy(w http.ResponseWriter, r *http.Request)

UpdatePolicy operation middleware

func (*ServerInterfaceWrapper) WatchActionApprovals

func (siw *ServerInterfaceWrapper) WatchActionApprovals(w http.ResponseWriter, r *http.Request)

WatchActionApprovals operation middleware

type Session

type Session struct {
	// Agent Agent name (e.g. "claude", "pi").
	Agent   string     `json:"agent"`
	EndedAt *time.Time `json:"ended_at,omitempty"`

	// ExitCode Agent process exit code, or null when ended_at is set but the daemon never observed a clean exit (orphaned).
	ExitCode *int `json:"exit_code,omitempty"`

	// Id ULID-based session identifier; time-sortable lexicographically.
	Id        string    `json:"id"`
	StartedAt time.Time `json:"started_at"`

	// WorkingDir The directory aileron launch was invoked from.
	WorkingDir string `json:"working_dir"`
}

Session One record of an `aileron launch` agent invocation, owned by the daemon under ADR-0012. (started_at, ended_at, exit_code) encode three states:

  • running: ended_at == null
  • ended cleanly: ended_at != null && exit_code != null
  • orphaned: ended_at != null && exit_code == null (daemon restart while session was running)

type SessionListResponse

type SessionListResponse struct {
	Items []Session `json:"items"`
}

SessionListResponse defines model for SessionListResponse.

type SetPassphraseJSONRequestBody

type SetPassphraseJSONRequestBody = SetPassphraseRequest

SetPassphraseJSONRequestBody defines body for SetPassphrase for application/json ContentType.

type SetPassphraseRequest

type SetPassphraseRequest struct {
	// KekVerification Verification constant encrypted with the client-derived KEK (base64)
	KekVerification []byte `json:"kek_verification"`

	// Salt Base64-encoded 16-byte Argon2id salt generated by the client
	Salt []byte `json:"salt"`
}

SetPassphraseRequest defines model for SetPassphraseRequest.

type SetupBindingsJSONRequestBody

type SetupBindingsJSONRequestBody = BindingSetupRequest

SetupBindingsJSONRequestBody defines body for SetupBindings for application/json ContentType.

type SimulatePolicyJSONRequestBody

type SimulatePolicyJSONRequestBody = PolicySimulationRequest

SimulatePolicyJSONRequestBody defines body for SimulatePolicy for application/json ContentType.

type StaleBinding

type StaleBinding struct {
	// ConnectorFqn FQN of the connector this binding is anchored to.
	ConnectorFqn string `json:"connector_fqn"`

	// MissingScopes Scopes the binding lacks (for `scope_drift` only). Empty
	// for `no_grant_record`.
	MissingScopes *[]string `json:"missing_scopes,omitempty"`

	// Name Canonical binding name (`kind/service/identity`).
	Name string `json:"name"`

	// Service Human-readable service label from the binding ("Google",
	// "Slack"). The CLI uses this in the prompt; clients fall
	// back to `connector_fqn` when empty.
	Service *string `json:"service,omitempty"`

	// StaleReason Why the binding is stale. `scope_drift` — manifest demands a
	// scope the recorded grant lacks; the prompt names the missing
	// scopes. `no_grant_record` — binding predates scope tracking
	// and needs one reauthorize so the daemon can record what was
	// granted; no specific scopes to list.
	StaleReason StaleBindingStaleReason `json:"stale_reason"`
}

StaleBinding Describes one binding the scope-drift hook (#726/#729) marked `stale` on an install. Returned on install API responses (#741) so the CLI/webapp can offer to reauthorize inline.

type StaleBindingStaleReason

type StaleBindingStaleReason string

StaleBindingStaleReason Why the binding is stale. `scope_drift` — manifest demands a scope the recorded grant lacks; the prompt names the missing scopes. `no_grant_record` — binding predates scope tracking and needs one reauthorize so the daemon can record what was granted; no specific scopes to list.

const (
	StaleBindingStaleReasonNoGrantRecord StaleBindingStaleReason = "no_grant_record"
	StaleBindingStaleReasonScopeDrift    StaleBindingStaleReason = "scope_drift"
)

Defines values for StaleBindingStaleReason.

func (StaleBindingStaleReason) Valid

func (e StaleBindingStaleReason) Valid() bool

Valid indicates whether the value is a known member of the StaleBindingStaleReason enum.

type StatusResponse

type StatusResponse struct {
	// ActionCount Number of installed actions in `~/.aileron/actions/`.
	ActionCount int `json:"action_count"`

	// BindingCount Number of credential bindings in the vault. Surfaced as
	// metadata-only — the vault doesn't have to be unlocked
	// to count them.
	BindingCount int `json:"binding_count"`

	// Commit Short git commit the daemon was built from. May be empty for unstamped builds.
	Commit *string `json:"commit,omitempty"`

	// ConnectorCount Number of connector tarballs in the content-addressed
	// store (`~/.aileron/store/connectors/sha256/`).
	ConnectorCount int `json:"connector_count"`

	// GatewayUrl URL of the embedded gateway, when running under
	// `aileron launch`. Empty for standalone-server invocations.
	GatewayUrl *string `json:"gateway_url,omitempty"`

	// ListenAddr Address the daemon is listening on (e.g. `127.0.0.1:54321`).
	// Best-effort; empty when the runtime can't introspect its
	// own listener (most embedded contexts).
	ListenAddr *string `json:"listen_addr,omitempty"`

	// SessionId Launch session id when the daemon is part of an
	// `aileron launch` session. Empty otherwise.
	SessionId *string `json:"session_id,omitempty"`

	// VaultState `missing` — no vault file at the canonical path.
	// `locked` — file exists but the daemon hasn't unlocked it.
	// `unlocked` — daemon holds the KEK; bindings are resolvable.
	// `dev` — daemon is using the in-memory dev-mode vault
	// (random per-process KEK; not the persistent file).
	VaultState StatusResponseVaultState `json:"vault_state"`

	// Version Daemon version string (matches `aileron version`).
	Version string `json:"version"`
}

StatusResponse Operational snapshot returned by `GET /v1/status`. Surfaced through the `aileron status` CLI and the `/aileron status` agent slash-command. Read-only; safe to poll.

type StatusResponseVaultState

type StatusResponseVaultState string

StatusResponseVaultState `missing` — no vault file at the canonical path. `locked` — file exists but the daemon hasn't unlocked it. `unlocked` — daemon holds the KEK; bindings are resolvable. `dev` — daemon is using the in-memory dev-mode vault (random per-process KEK; not the persistent file).

const (
	StatusResponseVaultStateDev      StatusResponseVaultState = "dev"
	StatusResponseVaultStateLocked   StatusResponseVaultState = "locked"
	StatusResponseVaultStateMissing  StatusResponseVaultState = "missing"
	StatusResponseVaultStateUnlocked StatusResponseVaultState = "unlocked"
)

Defines values for StatusResponseVaultState.

func (StatusResponseVaultState) Valid

func (e StatusResponseVaultState) Valid() bool

Valid indicates whether the value is a known member of the StatusResponseVaultState enum.

type StdHTTPServerOptions

type StdHTTPServerOptions struct {
	BaseURL          string
	BaseRouter       ServeMux
	Middlewares      []MiddlewareFunc
	ErrorHandlerFunc func(w http.ResponseWriter, r *http.Request, err error)
}

type SyncJSONRequestBody

type SyncJSONRequestBody = SyncRequest

SyncJSONRequestBody defines body for Sync for application/json ContentType.

type SyncRequest

type SyncRequest struct {
	// AutoInstall Auto-approve install consent for missing connectors. v1
	// has no consent prompt — install is unconditional — so this
	// flag is accepted as a no-op for forward compatibility with
	// the planned consent flow. Maps to the CLI's `--yes` flag.
	AutoInstall *bool `json:"auto_install,omitempty"`
}

SyncRequest defines model for SyncRequest.

type SyncResponse

type SyncResponse struct {
	// ActionsSeen Count of action manifests in `~/.aileron/actions/` walked this run.
	ActionsSeen int `json:"actions_seen"`

	// AlreadyInstalled Connectors that were already present in the cstore (no
	// install necessary). The idempotent path.
	AlreadyInstalled []ConnectorRef `json:"already_installed"`

	// InstallFailures Connectors whose install pipeline failed (resolver,
	// fetcher, verifier, hash mismatch, etc.). Sweep continues
	// past per-connector failures.
	InstallFailures []ConnectorInstallFailure `json:"install_failures"`

	// Installed Connectors actually installed by this sweep — i.e. those
	// absent from the cstore at the start of the run.
	Installed []InstalledConnector `json:"installed"`

	// Required Deduplicated set of (FQN, version) connector references
	// collected across every action's `[[requires.connectors]]`.
	Required []ConnectorRef `json:"required"`

	// Unbound Capabilities (`[capabilities.credential]` blocks) declared
	// by installed connectors for which no binding exists.
	// Sorted by `connector_fqn` then `kind` for deterministic
	// output. Operators bind these manually with
	// `aileron binding setup <FQN>`.
	Unbound []UnboundCapability `json:"unbound"`
}

SyncResponse defines model for SyncResponse.

type TooManyValuesForParamError

type TooManyValuesForParamError struct {
	ParamName string
	Count     int
}

func (*TooManyValuesForParamError) Error

type Trace

type Trace struct {
	Events      []TraceEvent `json:"events"`
	IntentId    string       `json:"intent_id"`
	TraceId     string       `json:"trace_id"`
	WorkspaceId *string      `json:"workspace_id,omitempty"`
}

Trace defines model for Trace.

type TraceEvent

type TraceEvent struct {
	Actor     ActorRef                `json:"actor"`
	EventId   string                  `json:"event_id"`
	EventType string                  `json:"event_type"`
	Payload   *map[string]interface{} `json:"payload,omitempty"`
	Timestamp time.Time               `json:"timestamp"`
}

TraceEvent defines model for TraceEvent.

type TraceListResponse

type TraceListResponse struct {
	Items      *[]Trace    `json:"items,omitempty"`
	Pagination *Pagination `json:"pagination,omitempty"`
}

TraceListResponse defines model for TraceListResponse.

type Unauthorized

type Unauthorized = Error

Unauthorized Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type UnboundCapability

type UnboundCapability struct {
	// ConnectorFqn FQN of the connector that needs a binding.
	ConnectorFqn string `json:"connector_fqn"`

	// Kind Declared credential kind (`api_key`, `oauth2`).
	Kind string `json:"kind"`

	// Scope Human-readable scope description from the connector manifest.
	Scope *string `json:"scope,omitempty"`
}

UnboundCapability defines model for UnboundCapability.

type UnescapedCookieParamError

type UnescapedCookieParamError struct {
	ParamName string
	Err       error
}

func (*UnescapedCookieParamError) Error

func (e *UnescapedCookieParamError) Error() string

func (*UnescapedCookieParamError) Unwrap

func (e *UnescapedCookieParamError) Unwrap() error

type UnlockLocalVaultJSONRequestBody

type UnlockLocalVaultJSONRequestBody = LocalVaultUnlockRequest

UnlockLocalVaultJSONRequestBody defines body for UnlockLocalVault for application/json ContentType.

type UnlockVaultJSONRequestBody

type UnlockVaultJSONRequestBody = UnlockVaultRequest

UnlockVaultJSONRequestBody defines body for UnlockVault for application/json ContentType.

type UnlockVaultRequest

type UnlockVaultRequest struct {
	// Kek Base64-encoded 32-byte KEK derived from passphrase via Argon2id
	Kek []byte `json:"kek"`
}

UnlockVaultRequest defines model for UnlockVaultRequest.

type UnmarshalingParamError

type UnmarshalingParamError struct {
	ParamName string
	Err       error
}

func (*UnmarshalingParamError) Error

func (e *UnmarshalingParamError) Error() string

func (*UnmarshalingParamError) Unwrap

func (e *UnmarshalingParamError) Unwrap() error

type UpdateConnectorJSONRequestBody

type UpdateConnectorJSONRequestBody = UpdateConnectorRequest

UpdateConnectorJSONRequestBody defines body for UpdateConnector for application/json ContentType.

type UpdateConnectorRequest

type UpdateConnectorRequest struct {
	Auth     *ConnectorAuth                `json:"auth,omitempty"`
	Metadata *map[string]interface{}       `json:"metadata,omitempty"`
	Name     *string                       `json:"name,omitempty"`
	Status   *UpdateConnectorRequestStatus `json:"status,omitempty"`
}

UpdateConnectorRequest defines model for UpdateConnectorRequest.

type UpdateConnectorRequestStatus

type UpdateConnectorRequestStatus string

UpdateConnectorRequestStatus defines model for UpdateConnectorRequest.Status.

const (
	UpdateConnectorRequestStatusActive   UpdateConnectorRequestStatus = "active"
	UpdateConnectorRequestStatusDisabled UpdateConnectorRequestStatus = "disabled"
)

Defines values for UpdateConnectorRequestStatus.

func (UpdateConnectorRequestStatus) Valid

Valid indicates whether the value is a known member of the UpdateConnectorRequestStatus enum.

type UpdateCurrentEnterpriseJSONRequestBody

type UpdateCurrentEnterpriseJSONRequestBody = UpdateEnterpriseRequest

UpdateCurrentEnterpriseJSONRequestBody defines body for UpdateCurrentEnterprise for application/json ContentType.

type UpdateCurrentUserJSONRequestBody

type UpdateCurrentUserJSONRequestBody = UpdateUserRequest

UpdateCurrentUserJSONRequestBody defines body for UpdateCurrentUser for application/json ContentType.

type UpdateEnterpriseRequest

type UpdateEnterpriseRequest struct {
	// AllowedAuthProviders Restrict sign-in to these providers. Empty array means all allowed.
	AllowedAuthProviders *[]string `json:"allowed_auth_providers,omitempty"`

	// AllowedEmailDomains Restrict sign-in to these email domains. Empty array means all allowed.
	AllowedEmailDomains *[]string            `json:"allowed_email_domains,omitempty"`
	BillingEmail        *openapi_types.Email `json:"billing_email,omitempty"`
	Name                *string              `json:"name,omitempty"`
	SsoRequired         *bool                `json:"sso_required,omitempty"`
}

UpdateEnterpriseRequest defines model for UpdateEnterpriseRequest.

type UpdatePolicyJSONRequestBody

type UpdatePolicyJSONRequestBody = UpdatePolicyRequest

UpdatePolicyJSONRequestBody defines body for UpdatePolicy for application/json ContentType.

type UpdatePolicyRequest

type UpdatePolicyRequest struct {
	Description *string       `json:"description,omitempty"`
	Name        *string       `json:"name,omitempty"`
	Rules       *[]PolicyRule `json:"rules,omitempty"`
	Status      *PolicyStatus `json:"status,omitempty"`
}

UpdatePolicyRequest defines model for UpdatePolicyRequest.

type UpdateUserRequest

type UpdateUserRequest struct {
	DisplayName *string `json:"display_name,omitempty"`
}

UpdateUserRequest defines model for UpdateUserRequest.

type User

type User struct {
	// AuthProviders Connected identity providers for this user
	AuthProviders []UserAuthProviderLink `json:"auth_providers"`
	AvatarUrl     *string                `json:"avatar_url,omitempty"`
	CreatedAt     time.Time              `json:"created_at"`
	DisplayName   string                 `json:"display_name"`

	// Email Unique email — the stable identity across OAuth providers
	Email        openapi_types.Email `json:"email"`
	EnterpriseId string              `json:"enterprise_id"`

	// HasPassword Whether the user has a password set for email/password login
	HasPassword bool `json:"has_password"`

	// Id Opaque surrogate key — immutable, never changes
	Id          string     `json:"id"`
	LastLoginAt *time.Time `json:"last_login_at,omitempty"`
	Role        UserRole   `json:"role"`
	Status      UserStatus `json:"status"`
	UpdatedAt   time.Time  `json:"updated_at"`
}

User A user account. The id is an opaque surrogate key (usr_ + UUID). Email is the stable logical identity used to deduplicate across OAuth providers.

type UserAuthProviderLink struct {
	ConnectedAt time.Time `json:"connected_at"`

	// Provider Auth provider name (google, github, okta, saml, etc.)
	Provider string `json:"provider"`
}

UserAuthProviderLink defines model for UserAuthProviderLink.

type UserCredentialSummary

type UserCredentialSummary struct {
	// Metadata Non-secret metadata stored alongside the credential bytes. Mirrors
	// the `vault.Metadata` shape.
	Metadata *AgentCredentialsMetadata `json:"metadata,omitempty"`

	// Service Service identifier (e.g. "github"), derived from the
	// `user/<service>` vault path.
	Service string `json:"service"`
}

UserCredentialSummary A single user-level credential entry: the service name plus its plaintext metadata. Mirrors the `vault.Entry` shape with the `user/<service>` path reduced to its service name.

type UserCredentialsList

type UserCredentialsList struct {
	Services []UserCredentialSummary `json:"services"`
}

UserCredentialsList The set of user-level credential entries stored in the local vault. Metadata only — the credential `value` is never listed (ADR-0011).

type UserRole

type UserRole string

UserRole defines model for User.Role.

const (
	Admin  UserRole = "admin"
	Member UserRole = "member"
	Owner  UserRole = "owner"
)

Defines values for UserRole.

func (UserRole) Valid

func (e UserRole) Valid() bool

Valid indicates whether the value is a known member of the UserRole enum.

type UserStatus

type UserStatus string

UserStatus defines model for User.Status.

const (
	UserStatusActive              UserStatus = "active"
	UserStatusInvited             UserStatus = "invited"
	UserStatusPendingVerification UserStatus = "pending_verification"
	UserStatusSuspended           UserStatus = "suspended"
)

Defines values for UserStatus.

func (UserStatus) Valid

func (e UserStatus) Valid() bool

Valid indicates whether the value is a known member of the UserStatus enum.

type VaultEntriesList

type VaultEntriesList struct {
	Entries []VaultEntry `json:"entries"`
}

VaultEntriesList The union of every entry in the local vault, classified by scope. Metadata only — the credential `value` is never listed (ADR-0011).

type VaultEntry

type VaultEntry struct {
	// Metadata Non-secret metadata stored alongside the credential bytes. Mirrors
	// the `vault.Metadata` shape.
	Metadata *AgentCredentialsMetadata `json:"metadata,omitempty"`

	// Path The full vault path (e.g. `agents/claude/oauth`,
	// `user/github`, `oauth2/google/default`,
	// `connectors/github/default`).
	Path string `json:"path"`

	// Scope The namespace classification of this entry. One of:
	// `agent` (`agents/<name>/<purpose>`), `user`
	// (`user/<service>`), `binding` (a capability binding
	// `<kind>/<service>/<identity>` per ADR-0006, which includes
	// connector credentials like `connectors/<provider>/default`),
	// `connected-account` (`connected-accounts/<user_id>/<provider>`,
	// control-plane), `llm-config` (`llm-config/<owner>/<id>`,
	// control-plane), or `other` (any path matching none of the
	// above, surfaced so nothing is silently hidden).
	//
	// Modelled as a free-form string (not an OpenAPI `enum`) so the
	// generated `scope` value does not collide with the same literals
	// in other enums (e.g. `agent` in `ActorRef.type`), which would
	// force the code generator to globally prefix every enum constant.
	Scope string `json:"scope"`
}

VaultEntry A single vault entry: its full path, a `scope` label naming the namespace it belongs to, and its plaintext metadata.

type VaultLocked

type VaultLocked = Error

VaultLocked Generic error envelope used by CRUD endpoints (intents, approvals, policies, accounts, auth). Action-execution and gateway endpoints use the structured `FailureEnvelope` instead, per ADR-0010.

type VaultStatusResponse

type VaultStatusResponse struct {
	// ExpiresAt When the current KEK session expires (omitted when locked)
	ExpiresAt *time.Time `json:"expires_at,omitempty"`

	// HasPassphrase Whether the user has set a vault passphrase
	HasPassphrase bool `json:"has_passphrase"`

	// Locked Whether the vault is currently locked (no active KEK session)
	Locked bool `json:"locked"`
}

VaultStatusResponse defines model for VaultStatusResponse.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL