Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. virtual_path values should be URL-encoded if they contain slashes.
Request body.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org. Useful when the viewer has access to multiple orgs.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
The config in its newly archived state.
Transfer ownership of a config
Transfers a config to a new owner (team, user, agent, or system).
Exactly one of the new-owner selectors must be provided. The config must be
addressed by its ID (cfg_... or UUID); virtual_path and lookup_key
are not accepted to avoid ambiguity — look up the ID first if needed.
For non-system targets the new owner's org is derived automatically from the
target entity; supplying org in that case returns 422. For system:true
targets, org controls the resulting org scope: omit to keep the existing
org_id, supply a value to set a specific org, or pass null/blank to make
the config app-level (operator viewers only).
Operator viewers (developer credentials or all-powerful viewers) may transfer
to any owner. All other viewers are restricted to owners they can themselves
access (team membership, user identity, agent scope, or system with the
appropriate privilege).
Requires app scope. The viewer must have modify rights on the config.
Config ID in id-form: cfg_... or a UUID. lookup_key and virtual_path are not accepted — retrieve the config ID first if you only have a path.
Request body.
Optionalagent?: stringNew owner: Agent ID (agt_...). Mutually exclusive with team, user, and system.
Optionalorg?: stringOnly valid when system:true. Omit to keep the config's existing org_id; supply an org ID (org_...) to set a specific org scope; pass blank or null to make the config app-level (operator viewers only). Setting org for team, user, or agent targets returns 422.
Optionalsystem?: booleanSet true to transfer to system ownership (app-level or org-scoped). Requires a privileged viewer. Mutually exclusive with team, user, and agent.
Optionalteam?: stringNew owner: Team ID (team_...). Mutually exclusive with user, agent, and system.
Optionaluser?: stringNew owner: User ID (usr_...). Mutually exclusive with team, agent, and system.
The config reflecting its new ownership.
Retrieve a config's raw content
Returns the raw byte content of a config's current version. The response
Content-Type header reflects the config's stored MIME type unless a
format conversion is requested.
Pass format: "yaml" or format: "json" to convert between YAML and JSON
on the fly. Conversion is only supported between these two formats; requesting
a conversion that is not possible returns 400.
By default, virtual_path and other platform-injected protected fields are
embedded in the returned content. Set inject_protected_fields: false to
return the stored raw bytes exactly as written.
The config may be addressed by ID (cfg_...), virtual_path, or
lookup_key. When addressing by lookup_key or virtual_path, exactly one
owner selector (team, user, agent, or system) is required.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Optionalparams: {Query parameters.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalformat?: stringOutput format for content conversion. One of "yaml" or "json". Omit to return the content in its stored format. Returns 400 if conversion is not possible.
OptionalinjectProtectedFields?: booleanWhether to inject platform-managed protected fields (such as virtual_path) into the returned content. Defaults to true. Set to false to receive the raw stored bytes.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
Raw config content in the stored or requested format.
Create a config
Creates a new config and its first version. Returns 201 on success.
A config is uniquely identified within an app + org scope by its
virtual_path or lookup_key. Creating a config at a path that already
exists (including archived configs) returns 409. To adopt an existing config
at that path and re-own it instead, pass take_ownership: true — this
requires modify rights on the existing row (developer or all-powerful viewer).
The owner is resolved from the explicit selector params (team, user,
agent, or system). Developer and all-powerful viewers default to system
ownership when no explicit selector is provided. Exactly one owner selector
may be set; conflicting selectors return 422.
Requires app scope.
Request body.
Optionalagent?: stringAgent ID (agt_...) to assign as the config owner. Mutually exclusive with team, user, and system.
Optionalchange_description?: stringHuman-readable description of this initial version, stored on the version record.
Optionaldata?: Record<string, unknown>Arbitrary key-value metadata stored on the version alongside the content.
Optionaldata_encoding?: stringEncoding of raw_content. Omit or set "raw" for literal content; set "base64" when sending binary content such as images or PDFs in JSON.
Config kind that determines the schema and behavior of the config, e.g. "Agent" or "APITool".
Optionallookup_key?: stringOptional stable key for looking up this config independent of its virtual_path. Must be unique within the app + org scope across all owners.
MIME type of raw_content, e.g. "application/x-yaml" or "application/json".
Optionalorg?: stringOrganization ID (org_...) to scope the config to a specific org.
Optionalparent?: stringParent config ID (cfg_...) for bundle children, e.g. files belonging to a Skill. Required together with relative_path when creating a child config.
Optionalparent_solution?: stringSolution config ID (cfg_...) that this config was imported with. Records provenance for configs that arrive as part of a solution bundle.
Raw content bytes for the first version. Accepted formats depend on mime_type; typical values are YAML or JSON text.
Optionalrelative_path?: stringPath of this config within its parent bundle, e.g. "prompts/system.md". Required when parent is set.
Optionalsystem?: booleanSet true to create a system-owned config (no team, user, or agent owner). Requires a developer, all-powerful, or app system-user viewer, or an org admin creating an org-scoped system config. Mutually exclusive with team, user, and agent.
Optionaltake_ownership?: booleanWhen true and a config already exists at the specified virtual_path or lookup_key under a different owner, adopt that config rather than returning 409: the existing row is re-owned to the requested owner, unarchived if necessary, and this content is saved as its next version. Requires modify rights on the existing row (developer or all-powerful viewer).
Optionalteam?: stringTeam ID (team_...) to assign as the config owner. Mutually exclusive with user, agent, and system.
Optionaluser?: stringUser ID (usr_...) to assign as the config owner. Mutually exclusive with team, agent, and system.
Optionalvirtual_path?: stringHuman-readable path that uniquely identifies the config within its owner scope, e.g. "my-agent/v1". Must be unique within the app + org + owner combination.
The newly created config, including its first version.
Delete a config
Permanently deletes a config and all its associated versions. This action is
irreversible. To soft-delete a config while retaining its history, use the
archive endpoint instead.
The config may be addressed by its ID (cfg_...), virtual_path, or
lookup_key. When addressing by lookup_key or virtual_path, you must
supply exactly one owner selector (team, user, agent, or system);
passing an owner selector when addressing by ID returns 422.
Returns 204 No Content on success. Requires app scope. The viewer must have
modify rights on the config.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Empty body. HTTP 204 indicates the config and all its versions were permanently deleted.
Encrypt a secret for use in a config
Encrypts a plaintext secret and returns a ciphertext string safe for
embedding directly in config content using the secret_value! interpolation
syntax. The ciphertext is bound to the app's (or org's) key-encryption key
(KEK) so it can only be decrypted at runtime within the same scope.
When org is provided, the KEK for that org is used; otherwise the
viewer's own org KEK is used, falling back to the app-level KEK for viewers
with no org context.
The plaintext is never stored. Requires app scope.
Request body.
Optionalorg?: stringOrganization ID (org_...) whose KEK to use for encryption. Overrides the viewer's own org. Omit to use the viewer's org KEK, or the app-level KEK when the viewer has no org context.
The secret value to encrypt. Never stored; only the resulting ciphertext is returned.
Successful response
List config facets
Returns the distinct config kinds and leading virtual_path prefixes
available to the viewer, each with a count of matching configs. Use this
to populate filter UI dropdowns without making a full list request.
The counts reflect every config the viewer can see in the requested scope,
independent of any kind, path-prefix, or lookup-key filters that might be
applied on a concurrent list request. This means the UI always shows every
option the viewer could pick, not just the values on the current filtered page.
Scoping follows the same rules as the list endpoint: developer and
all-powerful viewers see facets across all owners in the app; org-scoped
viewers receive their own configs' facets merged with system-owned facets;
all other viewers see only their resolved owner's configs.
Optionalparams: { app?: string; org?: string; team?: string; user?: string }Query parameters.
Optionalapp?: stringApp ID (app_...). Present when mounted under the developer scope; injected automatically.
Optionalorg?: stringOrganization ID (org_...) to narrow facets to configs belonging to that org.
Optionalteam?: stringTeam ID (team_...) to scope facets to that team's configs. Mutually exclusive with user.
Optionaluser?: stringUser ID (usr_...) to scope facets to that user's configs. Defaults to the current user when the viewer is a user and no selector is provided. Mutually exclusive with team.
Distinct config kinds and virtual_path prefixes with per-value counts.
Retrieve a config
Returns a single config identified by its ID, virtual_path, or
lookup_key. The config object includes its current version metadata but
not the raw content bytes; use the content endpoint to fetch the raw content.
When addressing by lookup_key or virtual_path, you must supply exactly
one owner selector (team, user, agent, or system). Passing an owner
selector when addressing by ID (cfg_...) returns 422. Both not_found
and forbidden outcomes are surfaced as 404 to avoid leaking config
existence.
Requires app scope.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Optionalparams: { agent?: string; org?: string; system?: boolean; team?: string; user?: string }Query parameters.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
The requested config object.
List configs
Returns all configs owned by the specified owner. Exactly one owner selector
(team, user, or agent) must be provided. Passing an unknown or
inaccessible owner returns an empty data array rather than an error, to
avoid leaking information about which teams, users, or agents exist.
Use the kind, lookup_key, path_prefix, parents, and
parent_solutions params to narrow results. Private config kinds are always
excluded from the response regardless of the viewer's permissions.
Results are not paginated; all matching configs are returned in a single
response.
Optionalparams: {Query parameters.
Optionalagent?: stringAgent ID (agt_...) whose configs to list. Mutually exclusive with team and user.
Optionalkind?: stringFilter results to configs of this kind, e.g. "Agent" or "APITool". Omit to return configs of all non-private kinds.
OptionallookupKey?: stringFilter to the config with exactly this lookup_key. Returns at most one result.
Optionalparents?: string[]Filter to configs that are children of any of the listed parent config IDs (cfg_...). Pass a single ID to retrieve all children of one bundle.
OptionalparentSolutions?: string[]Filter to configs that were imported as part of any of the listed solution config IDs (cfg_...). Useful for identifying all files that arrived with a given solution.
OptionalpathPrefix?: stringFilter to configs whose virtual_path starts with this prefix, e.g. "my-agent/". Useful for listing files within a folder.
Optionalteam?: stringTeam ID (team_...) whose configs to list. Mutually exclusive with user and agent.
Optionaluser?: stringUser ID (usr_...) whose configs to list. Defaults to the current user when the viewer is a user and no owner selector is provided. Mutually exclusive with team and agent.
Successful response
Unarchive a config
Restores a previously archived config, making it visible again in list and
show responses. The config's content and version history are unchanged.
The config may be addressed by its ID (cfg_...), virtual_path, or
lookup_key. When addressing by lookup_key or virtual_path, you must
supply exactly one owner selector (team, user, agent, or system);
passing an owner selector when addressing by ID returns 422.
Requires app scope. The viewer must have modify rights on the config.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Request body.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
The config in its newly restored (active) state.
Update a config
Updates an existing config. When raw_content is provided, a new version is
created and becomes the current version. When raw_content is omitted, only
metadata fields (virtual_path, lookup_key, relative_path,
parent_solution) are updated without creating a new version.
Use expected_version for optimistic concurrency control: if the config's
current version number does not match the supplied value the request returns
409. This prevents overwriting concurrent edits.
The config may be addressed by its ID (cfg_...), virtual_path, or
lookup_key. When addressing by lookup_key or virtual_path, you must
supply exactly one owner selector (team, user, agent, or system).
Both not_found and forbidden outcomes are surfaced as 404.
Requires app scope. The viewer must have modify rights on the config.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Request body.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalchange_description?: stringHuman-readable description of this update, stored on the new version record.
Optionaldata?: Record<string, unknown>Arbitrary key-value metadata to store on the new version alongside the content.
Optionaldata_encoding?: stringEncoding of raw_content. Omit or set "raw" for literal content; set "base64" when sending binary content such as images or PDFs in JSON.
Optionalexpected_version?: numberVersion number the caller expects to be current. If the config's actual current version does not match, the request returns 409 to signal a concurrent modification. Omit to skip optimistic locking.
Optionallookup_key?: stringNew lookup_key for the config. Updates the key without creating a new version when raw_content is omitted.
Optionalmime_type?: stringMIME type of raw_content, e.g. "application/x-yaml" or "application/json". Defaults to the existing MIME type when raw_content is provided without this field.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org.
Optionalparent_solution?: stringSolution config ID (cfg_...) to set as the config's parent solution provenance. Clears the value when set to an empty string.
Optionalraw_content?: stringNew raw content bytes for the config. When provided, a new version is created. Omit to perform a metadata-only update without incrementing the version.
Optionalrelative_path?: stringUpdated path of this config within its parent bundle. Only meaningful when the config has a parent.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalvirtual_path?: stringNew virtual_path for the config. Updates the path without creating a new version when raw_content is omitted.
The config reflecting the applied update.
Validate config content Validates raw config content against the schema for a given config kind without saving anything. Returns a structured result indicating whether the content is valid and, if not, a list of error messages. Use this endpoint to give users early feedback before calling create or update. The owner context is used for any kind-specific validation rules that are owner-aware; provide the same owner you intend to use on the write call. Requires app scope.
Request body.
Optionalagent?: stringAgent ID (agt_...) that would own the config. Used for owner-aware validation rules. Mutually exclusive with team and user.
Optionaldata?: Record<string, unknown>Optional metadata used by kind-specific validation. File and Image configs require data.name when validating direct binary content.
Optionaldata_encoding?: stringEncoding of raw_content. Omit or set "raw" for literal content; set "base64" when sending binary content such as images or PDFs in JSON.
Config kind whose schema the content is validated against, e.g. "Agent" or "APITool".
MIME type of raw_content, e.g. "application/x-yaml" or "application/json". Used to parse the content before validation.
Raw content bytes to validate. Parsed according to mime_type before schema validation.
Optionalteam?: stringTeam ID (team_...) that would own the config. Used for owner-aware validation rules. Mutually exclusive with user and agent.
Optionaluser?: stringUser ID (usr_...) that would own the config. Used for owner-aware validation rules. Mutually exclusive with team and agent.
Validation outcome. Always HTTP 200; check the valid field to determine success. Includes errors when valid is false.
List a config's version history
Returns all versions of a config in the order they were created, most recent
first. Each version includes its version number, content metadata, and change
description. The raw content bytes for a specific version are not included;
use the content endpoint to fetch them.
The config may be addressed by its ID (cfg_...), virtual_path, or
lookup_key. When addressing by lookup_key or virtual_path, you must
supply exactly one owner selector (team, user, agent, or system).
Both not_found and forbidden outcomes are surfaced as 404.
Requires app scope.
Config identifier. Accepts a config ID (cfg_...), a virtual_path, or a lookup_key. URL-encode virtual_path values that contain slashes.
Optionalparams: { agent?: string; org?: string; system?: boolean; team?: string; user?: string }Query parameters.
Optionalagent?: stringAgent ID (agt_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionalorg?: stringOrganization ID (org_...) to narrow the lookup to configs belonging to that org.
Optionalsystem?: booleanSet true to resolve a system-owned config by virtual_path or lookup_key. Requires a privileged viewer (developer or all-powerful) or an org admin.
Optionalteam?: stringTeam ID (team_...) to use as the owner when resolving by virtual_path or lookup_key.
Optionaluser?: stringUser ID (usr_...) to use as the owner when resolving by virtual_path or lookup_key.
Successful response
Archive a config Soft-deletes a config by marking it as archived. Archived configs are hidden from list and show endpoints but are not permanently removed; use the unarchive endpoint to restore one, or the delete endpoint for permanent removal. The config may be addressed by its ID (
cfg_...),virtual_path, orlookup_key. When addressing bylookup_keyorvirtual_path, you must supply exactly one owner selector (team,user,agent, orsystem); passing an owner selector when addressing by ID returns 422. Requires app scope. The viewer must have modify rights on the config.