62 KiB
18 — HTTP REST API
GoClaw exposes a comprehensive HTTP REST API alongside the WebSocket RPC protocol. All endpoints are served from the same gateway server and share authentication, rate limiting, and i18n infrastructure.
Interactive documentation is available at /docs (Swagger UI) and the raw OpenAPI 3.0 spec at /v1/openapi.json.
1. Authentication
All HTTP endpoints (except /health) require authentication via Bearer token in the Authorization header:
Authorization: Bearer <TOKEN>
Two token types are accepted:
| Type | Format | Scope |
|---|---|---|
| Gateway token | Configured in config.json |
Full admin access |
| API key | goclaw_ + 32 hex chars |
Scoped by key permissions |
API keys are hashed with SHA-256 before lookup — the raw key is never stored. See 20 — API Keys & Auth for details.
Some endpoints accept the token as a query parameter
?token=<TOKEN>for use in<img>and<audio>tags (e.g.,/v1/files/,/v1/media/).
Common Headers
| Header | Purpose |
|---|---|
Authorization |
Bearer token for authentication |
X-GoClaw-User-Id |
External user ID for multi-tenant context |
X-GoClaw-Agent-Id |
Agent identifier for scoped operations |
X-GoClaw-Tenant-Id |
Tenant scope — UUID or slug (gateway token / cross-tenant API keys) |
Accept-Language |
Locale (en, vi, zh) for i18n error messages |
Content-Type |
application/json for request bodies |
Browser Cookie Sync
Selected-cookie sync stores user-approved browser cookies for server-side browser automation. Endpoints require operator auth and X-GoClaw-User-Id; the request body cannot set tenant_id or user_id.
| Method | Path | Description |
|---|---|---|
POST |
/v1/browser/cookies/sync |
Store selected cookies for one agent_id |
GET |
/v1/browser/cookies?agent_id=... |
List synced cookie metadata; values are redacted |
DELETE |
/v1/browser/cookies?agent_id=...&domain=...&name=... |
Delete scoped synced cookies |
Example sync request:
{
"agent_id": "default",
"source": "chrome-selected-cookie-sync",
"cookies": [{
"domain": ".example.com",
"name": "session",
"path": "/",
"value": "cookie-value",
"secure": true,
"httpOnly": true,
"sameSite": "lax",
"expirationDate": 1770000000
}]
}
See Browser Cookie Sync Threat Model for isolation and encryption details.
2. Chat Completions
OpenAI-compatible chat API for programmatic access to agents.
POST /v1/chat/completions
{
"model": "goclaw:agent-id-or-key",
"messages": [
{"role": "user", "content": "Hello"}
],
"stream": false,
"user": "optional-user-id"
}
Response (non-streaming):
{
"id": "chatcmpl-...",
"object": "chat.completion",
"choices": [{
"index": 0,
"message": {"role": "assistant", "content": "..."},
"finish_reason": "stop"
}],
"usage": {"prompt_tokens": 10, "completion_tokens": 20, "total_tokens": 30}
}
Streaming: Set "stream": true to receive Server-Sent Events (SSE) with data: {...} chunks, terminated by data: [DONE].
Rate limiting: Per-IP when rate_limit_rpm is configured.
3. OpenResponses Protocol
POST /v1/responses
Alternative response-based protocol (compatible with OpenAI Responses API). Accepts the same auth and returns structured response objects.
4. Agents
CRUD operations for agent management. Requires X-GoClaw-User-Id header for multi-tenant context.
| Method | Path | Description | Auth |
|---|---|---|---|
GET |
/v1/agents |
List agents accessible by user | Bearer |
POST |
/v1/agents |
Create new agent | Bearer |
GET |
/v1/agents/{id} |
Get agent by ID or key | Bearer |
PUT |
/v1/agents/{id} |
Update agent (owner only) | Bearer |
DELETE |
/v1/agents/{id} |
Delete agent (owner only) | Bearer |
POST |
/v1/agents/sync-workspace |
Sync agent workspace files | Admin |
Shares
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{id}/shares |
List agent shares |
POST |
/v1/agents/{id}/shares |
Share agent with user |
DELETE |
/v1/agents/{id}/shares/{userID} |
Revoke share |
Agent Actions
| Method | Path | Description |
|---|---|---|
POST |
/v1/agents/{id}/regenerate |
Regenerate agent config with custom prompt |
POST |
/v1/agents/{id}/resummon |
Retry initial LLM summoning |
POST |
/v1/agents/{id}/cancel-summon |
Cancel an in-progress summon |
GET |
/v1/agents/{id}/system-prompt-preview |
Preview rendered system prompt |
Predefined Agent Instances
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{id}/instances |
List user instances |
GET |
/v1/agents/{id}/instances/{userID}/files |
List user context files |
PUT |
/v1/agents/{id}/instances/{userID}/files/{fileName} |
Update user file (USER.md only) |
PATCH |
/v1/agents/{id}/instances/{userID}/metadata |
Update instance metadata |
Wake (External Trigger)
POST /v1/agents/{id}/wake
{
"message": "Process new data",
"session_key": "optional-session",
"user_id": "optional-user",
"metadata": {}
}
Response: {content, run_id, usage?}. Used by orchestrators (n8n, Paperclip) to trigger agent runs.
Codex/OpenAI OAuth Routing in chatgpt_oauth_routing
For agents whose main provider is a chatgpt_oauth provider, top-level chatgpt_oauth_routing
can override or inherit routing behavior while keeping the main provider field as the preferred/default account alias.
{
"provider": "openai-codex",
"model": "gpt-5.5",
"chatgpt_oauth_routing": {
"override_mode": "custom",
"strategy": "round_robin"
}
}
Rules:
- Provider settings may define reusable
settings.codex_pooldefaults for a primary alias. settings.codex_pool.extra_provider_namesis the authoritative membership list for that pool owner.- A provider listed in another pool cannot also manage its own pool.
override_mode: "inherit"tells the agent to follow those provider defaults.override_mode: "custom"stores an agent-local routing override for that provider-owned pool.- Provider aliases are arbitrary.
openai-codex,codex-work, andcodex-teamare examples, not required prefixes. strategy: "round_robin"rotates requests across the main provider plus the provider-owned extra authenticated OpenAI Codex OAuth providers.strategy: "priority_order"tries the main provider first, then drains the provider-owned extra providers in order.- Legacy
primary_firstpayloads are normalized topriority_orderon read. Existing agent overrides that explicitly savedextra_provider_names: []still remain single-account-only after migration. - Retryable upstream failures can fall through to the next eligible OpenAI Codex OAuth provider in the same request.
- Only enabled and authenticated
chatgpt_oauthproviders participate. - Provider-scoped auth remains unchanged:
cmd/authand/v1/auth/chatgpt/{provider}/*still operate on explicit providers.
Provider-level defaults example:
{
"name": "openai-codex",
"provider_type": "chatgpt_oauth",
"settings": {
"codex_pool": {
"strategy": "round_robin",
"extra_provider_names": ["codex-work", "codex-team"]
}
}
}
Provider reasoning defaults in settings
Providers can store the reusable default reasoning policy in settings.reasoning_defaults.
{
"name": "openai-codex",
"provider_type": "chatgpt_oauth",
"settings": {
"reasoning_defaults": {
"effort": "high",
"fallback": "provider_default"
}
}
}
Rules:
- these defaults are provider-owned and apply to any agent that inherits reasoning from this provider
- the final runtime effort is still normalized against the agent's selected model capabilities
- if no provider default is saved, inherit mode resolves to reasoning
off
Agent reasoning policy in reasoning_config
Agents can now store capability-aware GPT-5/Codex reasoning intent under top-level reasoning_config.
{
"provider": "openai-codex",
"model": "gpt-5.5",
"reasoning_config": {
"override_mode": "inherit"
}
}
Rules:
reasoning_config.override_modesupportsinherit|customoverride_mode: "inherit"tells the agent to followsettings.reasoning_defaultsoverride_mode: "custom"stores an agent-local override; the dashboard also writes a derivedthinking_levelshim for rollback safetythinking_levelremains the coarse compatibility shim:off|low|medium|highreasoning_config.effortsupportsoff|auto|none|minimal|low|medium|high|xhighreasoning_config.fallbacksupportsdowngrade|off|provider_default- existing legacy
other_config.reasoningpayloads withoutoverride_modecontinue to behave as custom overrides - unset reasoning resolves to
off - the runtime may normalize unsupported efforts, and the actual decision is surfaced in trace span metadata
Export & Import
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{id}/export/preview |
Preview agent export |
GET |
/v1/agents/{id}/export |
Export agent config |
GET |
/v1/agents/{id}/export/download/{token} |
Download export file |
GET |
/v1/export/download/{token} |
Global export download |
POST |
/v1/agents/import/preview |
Preview agent import |
POST |
/v1/agents/import |
Import agent |
POST |
/v1/agents/{id}/import |
Merge import into existing agent |
Team Export & Import
| Method | Path | Description |
|---|---|---|
GET |
/v1/teams/{id}/export/preview |
Preview team export |
GET |
/v1/teams/{id}/export |
Export team config |
POST |
/v1/teams/import |
Import team |
Codex Pool Activity
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{id}/codex-pool-activity |
Summarize recent Codex/OpenAI OAuth pool usage for one agent |
Query parameters:
limitoptional, defaults to18, max50
Response fields:
strategy: effective routing strategy (round_robinorpriority_order)pool_providers: configured primary + extra provider aliases in pool orderstats_sample_size: number of recent routedllm_callspans used to derive runtime health. The server derives health frommax(limit, 120)recent spans even whenrecent_requestsis still capped by the requestedlimit.provider_counts: per-alias routing evidence:request_count: backward-compatible count of direct selectionsdirect_selection_count: times the router selected that alias firstfailover_serve_count: times that alias only served as failoversuccess_count,failure_count: trace-backed runtime outcomes attributed to that alias. Success is attributed to the alias that actually served the request. On successful failover, earlier attempted aliases receive failures. On terminal error, every attempted alias receives a failure.consecutive_failures: current newest-first failure streak from recent trace evidencesuccess_rate,health_score,health_state: additive runtime health summary.health_scoreis heuristic, but the stable bands areidlewhen there are no recent outcomes,criticalat 3+ consecutive failures or score< 40,degradedbelow80, otherwisehealthylast_selected_at,last_failover_at,last_used_at,last_success_at,last_failure_at: latest timestamps for each evidence type
recent_requests: recent routed Codex calls:span_id,trace_id,started_at,status,duration_ms,modelselected_provider: alias chosen first by the routerprovider_name: alias that actually served the request. This can be empty on terminal failures where no alias completed the call.attempt_count,used_failover,failover_providers
Use direct_selection_count plus the selected_provider sequence to verify real round-robin behavior. A provider with failover_serve_count > 0 and direct_selection_count = 0 was only observed as a rescue target, not as a confirmed round-robin selection.
5. Skills
| Method | Path | Description |
|---|---|---|
GET |
/v1/skills |
List all skills |
POST |
/v1/skills/upload |
Upload ZIP with SKILL.md (configurable 20 MB default, 1-500 MB range) |
GET |
/v1/skills/{id} |
Get skill details |
PUT |
/v1/skills/{id} |
Update skill metadata |
DELETE |
/v1/skills/{id} |
Delete skill (not system skills) |
POST |
/v1/skills/{id}/toggle |
Toggle skill enabled/disabled state |
PUT |
/v1/skills/{id}/tenant-config |
Set tenant-level skill config |
DELETE |
/v1/skills/{id}/tenant-config |
Delete tenant-level skill config |
Skill Grants
Skill upload size is enforced per ZIP file. The effective limit resolves in this order:
tenant system_configs["skills.max_upload_size_mb"], then SKILL.md frontmatter
max_upload_size_mb, then config/env skills.max_upload_size_mb /
GOCLAW_SKILLS_MAX_UPLOAD_SIZE_MB, then the default 20 MB. Values are clamped
to 1-500 MB.
Skill slash-command behavior is configured through tenant system_configs:
skills.slash_commands.enabled, skills.slash_commands.suggest_not_found,
skills.slash_commands.partial_matching, and skills.slash_commands.prefix.
The default prefix is /; supported prompt forms are /<slug> prompt,
/use <slug-or-name> prompt, /list-skills, and /help <slug-or-name>.
| Method | Path | Description |
|---|---|---|
POST |
/v1/skills/{id}/grants/agent |
Grant skill to agent |
DELETE |
/v1/skills/{id}/grants/agent/{agentID} |
Revoke from agent |
POST |
/v1/skills/{id}/grants/user |
Grant skill to user |
DELETE |
/v1/skills/{id}/grants/user/{userID} |
Revoke from user |
Agent Skills
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{agentID}/skills |
List skills with grant status for agent |
Skill Files & Dependencies
| Method | Path | Description |
|---|---|---|
GET |
/v1/skills/{id}/versions |
List available versions |
GET |
/v1/skills/{id}/files |
List files in skill |
GET |
/v1/skills/{id}/files/{path...} |
Read file content |
POST |
/v1/skills/rescan-deps |
Rescan runtime dependencies |
POST |
/v1/skills/install-deps |
Install all missing deps |
POST |
/v1/skills/install-dep |
Install single dependency |
GET |
/v1/skills/runtimes |
Check runtime availability |
Export & Import
| Method | Path | Description |
|---|---|---|
GET |
/v1/skills/export/preview |
Preview skills export bundle |
GET |
/v1/skills/export |
Export skills bundle |
POST |
/v1/skills/import |
Import skills bundle |
GET /v1/skills/export supports direct download and the existing SSE token flow:
| Query | Description |
|---|---|
stream=true |
Start the existing SSE export flow and return a temporary download_url |
format=tar.gz|tgz|zip |
Archive format; defaults to tar.gz. tgz is an alias for gzip tar output |
id=<uuid> |
Select one skill ID. Can be repeated for multiple selected skills |
ids=<uuid>,<uuid> |
Select multiple skill IDs as a comma-separated list |
include_system=true |
Include system skills in a full export when no selected IDs are provided |
Without id or ids, export remains backward-compatible and includes tenant
custom skills by default. Explicitly selected IDs may include system/core skills
without include_system=true; tenant-scoped custom skills are still filtered by
the request tenant. ZIP support is export/download only; the import endpoint
continues to accept the existing skills bundle format.
6. Providers
LLM provider management. API keys are encrypted with AES-256-GCM in the database and masked in responses.
| Method | Path | Description |
|---|---|---|
GET |
/v1/providers |
List providers (keys masked) |
POST |
/v1/providers |
Create provider |
GET |
/v1/providers/{id} |
Get provider |
PUT |
/v1/providers/{id} |
Update provider |
DELETE |
/v1/providers/{id} |
Delete provider |
POST |
/v1/providers/{id}/reconnect |
Reload provider runtime from stored config |
Provider Verification & Models
| Method | Path | Description |
|---|---|---|
POST |
/v1/providers/{id}/verify |
Test provider+model with minimal LLM call |
GET |
/v1/providers/{id}/models |
List models plus any known reasoning capability metadata |
POST |
/v1/providers/{id}/verify-embedding |
Verify embedding model configuration |
GET |
/v1/providers/{id}/codex-pool-activity |
Provider-level Codex pool activity |
GET |
/v1/embedding/status |
Check global embedding availability |
GET |
/v1/providers/claude-cli/auth-status |
Check Claude CLI login status |
Model Pricing
| Method | Path | Description |
|---|---|---|
POST |
/v1/model-pricing/sync-openrouter |
Sync OpenRouter /models pricing catalog (master scope) |
GET |
/v1/model-pricing |
Search catalog models by model query |
GET |
/v1/model-pricing/overrides |
List tenant pricing overrides, optionally by provider_id |
PUT |
/v1/model-pricing/overrides |
Upsert provider/model custom pricing |
DELETE |
/v1/model-pricing/overrides/{id} |
Delete pricing override |
Override body:
{
"provider_id": "0193a5b0-7000-7000-8000-000000000123",
"provider_type": "openrouter",
"model_id": "anthropic/claude-sonnet-4-5",
"pricing": {
"input": "0.000003",
"output": "0.000015",
"cache_read": "0.0000003",
"cache_write": "0.00000375",
"reasoning": "0.000015",
"request": "0",
"image": "0",
"web_search": "0"
}
}
Supported types: anthropic_native, openai_compat, chatgpt_oauth, gemini_native, dashscope, bailian, minimax, claude_cli, acp
Reconnect response:
{
"status": "reconnected",
"provider": {
"id": "0193a5b0-7000-7000-8000-000000000123",
"name": "openrouter-main",
"provider_type": "openai_compat",
"api_key": "***",
"enabled": true
},
"registry_updated": true,
"cache_invalidated": true
}
status is reconnected, disabled, or not_registered. Reconnect never changes stored provider config. It does not run an upstream verify call; call /v1/providers/{id}/verify after reconnect when that check is needed.
Example response:
{
"models": [
{
"id": "gpt-5.5",
"name": "GPT-5.5",
"reasoning": {
"levels": ["none", "low", "medium", "high", "xhigh"],
"default_effort": "medium"
}
},
{
"id": "custom-model",
"name": "custom-model"
}
],
"reasoning_defaults": {
"effort": "high",
"fallback": "provider_default"
}
}
Notes:
chatgpt_oauthproviders return a backend-owned model list because OAuth tokens cannot rely on/v1/modelsreasoning_defaultsis returned only when the provider has saved defaults and at least one returned model exposes reasoning capability metadata- unknown models remain usable and simply omit the
reasoningfield - the web UI uses this endpoint as the source of truth for provider-first reasoning controls
- when upstream model discovery fails, the endpoint returns an empty
modelsarray instead of a hard error
7. MCP Servers
Model Context Protocol server management.
Server CRUD
| Method | Path | Description |
|---|---|---|
GET |
/v1/mcp/servers |
List servers with agent grant counts |
POST |
/v1/mcp/servers |
Create MCP server |
GET |
/v1/mcp/servers/{id} |
Get server details |
PUT |
/v1/mcp/servers/{id} |
Update server |
DELETE |
/v1/mcp/servers/{id} |
Delete server |
POST |
/v1/mcp/servers/test |
Test connection (no save) |
POST |
/v1/mcp/servers/{id}/reconnect |
Reconnect MCP server |
GET |
/v1/mcp/servers/{id}/tools |
List runtime-discovered tools |
Agent Grants
| Method | Path | Description |
|---|---|---|
GET |
/v1/mcp/servers/{id}/grants |
List grants for server |
POST |
/v1/mcp/servers/{id}/grants/agent |
Grant to agent |
DELETE |
/v1/mcp/servers/{id}/grants/agent/{agentID} |
Revoke from agent |
GET |
/v1/mcp/grants/agent/{agentID} |
List agent's server grants |
User Grants
| Method | Path | Description |
|---|---|---|
POST |
/v1/mcp/servers/{id}/grants/user |
Grant to user |
DELETE |
/v1/mcp/servers/{id}/grants/user/{userID} |
Revoke from user |
Access Requests
| Method | Path | Description |
|---|---|---|
POST |
/v1/mcp/requests |
Create access request |
GET |
/v1/mcp/requests |
List pending requests |
POST |
/v1/mcp/requests/{id}/review |
Approve/deny request |
Grants support tool_allow and tool_deny JSON arrays for fine-grained tool filtering.
User Credentials
Per-user credential storage for MCP servers (e.g., API keys users provide for external services).
| Method | Path | Description |
|---|---|---|
PUT |
/v1/mcp/servers/{id}/user-credentials |
Set user credentials |
GET |
/v1/mcp/servers/{id}/user-credentials |
Get user credentials |
DELETE |
/v1/mcp/servers/{id}/user-credentials |
Delete user credentials |
Export & Import
| Method | Path | Description |
|---|---|---|
GET |
/v1/mcp/export/preview |
Preview MCP export bundle |
GET |
/v1/mcp/export |
Export MCP servers + grants |
POST |
/v1/mcp/import |
Import MCP config bundle |
8. Tools
Built-in Tools
| Method | Path | Description |
|---|---|---|
GET |
/v1/tools/builtin |
List all built-in tools |
GET |
/v1/tools/builtin/{name} |
Get tool definition |
PUT |
/v1/tools/builtin/{name} |
Update enabled/settings |
GET |
/v1/tools/builtin/{name}/tenant-config |
Get tenant-level tool config |
PUT |
/v1/tools/builtin/{name}/tenant-config |
Set tenant-level tool config |
DELETE |
/v1/tools/builtin/{name}/tenant-config |
Delete tenant-level tool config |
Direct Invocation
POST /v1/tools/invoke
{
"tool": "web_fetch",
"action": "fetch",
"args": {"url": "https://example.com"},
"dryRun": false,
"agentId": "optional",
"channel": "optional",
"chatId": "optional",
"peerKind": "direct"
}
Set "dryRun": true to return tool schema without execution.
9. TTS
Text-to-speech synthesis and configuration.
Synthesis & Connection
| Method | Path | Description |
|---|---|---|
POST |
/v1/tts/synthesize |
Synthesize speech from text (operator role) |
POST |
/v1/tts/test-connection |
Test TTS provider connection (operator role) |
Configuration
| Method | Path | Description |
|---|---|---|
GET |
/v1/tts/config |
Get tenant TTS configuration (admin) |
POST |
/v1/tts/config |
Save tenant TTS configuration (admin) |
Provider Capabilities
| Method | Path | Description |
|---|---|---|
GET |
/v1/tts/capabilities |
Get ProviderCapabilities schema for all registered providers (operator role) |
The capabilities endpoint returns the dynamic param schema for each provider — param types, ranges, defaults, dependsOn conditions, and custom feature flags. Used by the UI to render per-provider param editors without hard-coded field lists. See docs/tts-provider-capabilities.md for schema details.
10. Memory
Per-agent vector memory using pgvector.
| Method | Path | Description |
|---|---|---|
GET |
/v1/memory/documents |
List all documents globally |
GET |
/v1/agents/{agentID}/memory/documents |
List documents for agent |
GET |
/v1/agents/{agentID}/memory/documents/{path...} |
Get document details |
PUT |
/v1/agents/{agentID}/memory/documents/{path...} |
Put/update document |
DELETE |
/v1/agents/{agentID}/memory/documents/{path...} |
Delete document |
GET |
/v1/agents/{agentID}/memory/chunks |
List chunks for document |
POST |
/v1/agents/{agentID}/memory/index |
Index single document |
POST |
/v1/agents/{agentID}/memory/index-all |
Index all documents |
POST |
/v1/agents/{agentID}/memory/search |
Semantic search |
Optional query parameter ?user_id= for per-user scoping.
{agentID} accepts either the agent UUID or agent_key; invalid IDs return a structured INVALID_REQUEST/NOT_FOUND response instead of surfacing storage parse errors.
11. Sessions
Read-only session listing is available over HTTP for automation clients.
| Method | Path | Description |
|---|---|---|
GET |
/v1/sessions |
List sessions with agentId/agent_id, channel, limit, and offset filters |
POST |
/v1/chat/sessions/{key}/branch |
Branch an existing chat session at up_to_index |
GET |
/v1/chat/sessions/{key}/history/follow |
Poll session history after an index cursor |
Admins and system-level admin API keys can list all sessions within the resolved tenant. Non-admin callers must have an effective X-GoClaw-User-Id context and are filtered to their own sessions.
Session branch request:
{
"new_session_key": "optional agent:{sameAgentKey}:...",
"up_to_index": 12,
"label": "optional label",
"metadata": {}
}
If new_session_key is omitted, the server generates agent:{agentKey}:branch:direct:{uuid}. up_to_index copies messages[0:up_to_index]; invalid ranges are rejected and existing target keys are not overwritten.
History follow uses cursor as the count of already consumed messages:
GET /v1/chat/sessions/{key}/history/follow?cursor=12&limit=50
If cursor > total, the response sets reset: true and next_cursor to the current total.
12. Episodic Memory
Episodic memory captures conversation summaries per user session for long-term context continuity.
List Episodic Summaries
GET /v1/agents/{agentID}/episodic
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
user_id |
string | Filter by user ID (optional). |
limit |
integer | Max results (default: 20, max: 500). |
offset |
integer | Pagination offset (default: 0). |
Response:
[
{
"id": "uuid",
"agent_id": "uuid",
"user_id": "user-123",
"summary": "User asked about deployment pipeline optimization. Discussed GitHub Actions, Docker layers, caching strategies. User implemented multi-stage builds.",
"key_entities": ["GitHub Actions", "Docker", "CI/CD"],
"sentiment": "positive",
"interaction_count": 5,
"tokens_exchanged": 4200,
"created_at": "2026-04-05T10:00:00Z",
"updated_at": "2026-04-05T11:30:00Z"
}
]
Search Episodic Summaries
POST /v1/agents/{agentID}/episodic/search
Request:
{
"query": "Docker optimization strategies",
"user_id": "optional-user-id",
"max_results": 10,
"min_score": 0.5
}
Runs hybrid search combining BM25 (keyword) and vector (semantic) matching.
Response:
[
{
"id": "uuid",
"agent_id": "uuid",
"user_id": "user-123",
"summary": "User asked about deployment pipeline optimization...",
"similarity_score": 0.92,
"created_at": "2026-04-05T10:00:00Z"
}
]
12. Knowledge Graph
Per-agent entity-relation graph.
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{agentID}/kg/entities |
List/search entities (BM25) |
GET |
/v1/agents/{agentID}/kg/entities/{entityID} |
Get entity with relations |
POST |
/v1/agents/{agentID}/kg/entities |
Upsert entity |
DELETE |
/v1/agents/{agentID}/kg/entities/{entityID} |
Delete entity |
POST |
/v1/agents/{agentID}/kg/traverse |
Traverse graph (max depth 3) |
POST |
/v1/agents/{agentID}/kg/extract |
LLM-powered entity extraction |
GET |
/v1/agents/{agentID}/kg/stats |
Knowledge graph statistics |
GET |
/v1/agents/{agentID}/kg/graph |
Full graph for visualization |
GET |
/v1/agents/{agentID}/kg/graph/compact |
Compact graph optimized for 10k+ nodes |
POST |
/v1/agents/{agentID}/kg/dedup/scan |
Scan for duplicate entities |
GET |
/v1/agents/{agentID}/kg/dedup |
List dedup candidates |
POST |
/v1/agents/{agentID}/kg/merge |
Merge duplicate entities |
POST |
/v1/agents/{agentID}/kg/dedup/dismiss |
Dismiss dedup candidate |
13. Knowledge Vault
Persistent knowledge vault stores documents with vector embeddings and outbound/backlink graph connections.
Global Vault Operations
| Method | Path | Description |
|---|---|---|
GET |
/v1/vault/documents |
List all vault documents (cross-agent) |
POST |
/v1/vault/documents |
Create vault document |
GET |
/v1/vault/documents/{docID} |
Get document |
PUT |
/v1/vault/documents/{docID} |
Update document |
DELETE |
/v1/vault/documents/{docID} |
Delete document |
GET |
/v1/vault/documents/{docID}/links |
Get document outlinks and backlinks |
POST |
/v1/vault/links |
Create link between documents |
DELETE |
/v1/vault/links/{linkID} |
Delete link |
POST |
/v1/vault/links/batch |
Batch get links |
POST |
/v1/vault/upload |
Upload document file |
POST |
/v1/vault/rescan |
Rescan vault for FS sync |
GET |
/v1/vault/tree |
Get vault file tree |
POST |
/v1/vault/search |
Hybrid FTS+vector search (cross-agent) |
GET |
/v1/vault/enrichment/status |
Get enrichment pipeline status |
POST |
/v1/vault/enrichment/stop |
Stop enrichment pipeline |
GET |
/v1/vault/graph |
Get vault document relationship graph |
Per-Agent Vault Operations
| Method | Path | Description |
|---|---|---|
GET |
/v1/agents/{agentID}/vault/documents |
List agent vault documents |
GET |
/v1/agents/{agentID}/vault/documents/{docID} |
Get agent document |
POST |
/v1/agents/{agentID}/vault/documents |
Create agent document |
PUT |
/v1/agents/{agentID}/vault/documents/{docID} |
Update agent document |
DELETE |
/v1/agents/{agentID}/vault/documents/{docID} |
Delete agent document |
GET |
/v1/agents/{agentID}/vault/documents/{docID}/links |
Get agent document links |
POST |
/v1/agents/{agentID}/vault/search |
Search agent vault documents |
POST |
/v1/agents/{agentID}/vault/links |
Create link for agent document |
DELETE |
/v1/agents/{agentID}/vault/links/{linkID} |
Delete agent document link |
Query Parameters (list):
| Parameter | Type | Description |
|---|---|---|
scope |
string | Filter by scope (e.g., team, user, global). |
doc_type |
string | Comma-separated doc types (e.g., guide,reference,note). |
limit |
integer | Max results (default: 20, max: 500). |
offset |
integer | Pagination offset. |
agent_id |
string | (Cross-agent only) Filter by specific agent. |
14. Evolution Metrics & Suggestions
Per-agent evolution metrics track tool usage, retrieval performance, and user feedback to drive automated agent improvements.
Get Evolution Metrics
GET /v1/agents/{agentID}/evolution/metrics
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
string | no | Filter by metric type: tool, retrieval, feedback. Omit for all types. |
aggregate |
boolean | no | Return aggregated metrics (grouped by tool/metric). Default: false (raw metrics). |
since |
ISO 8601 | no | Start timestamp (default: 7 days ago). Example: 2026-04-01T00:00:00Z |
limit |
integer | no | Max results (default: 100, max: 500). |
Response (raw metrics):
[
{
"id": "uuid",
"agent_id": "uuid",
"metric_type": "tool",
"tool_name": "web_fetch",
"metric_key": "invocation_count",
"metric_value": 15,
"metadata": {"status": "success"},
"recorded_at": "2026-04-06T10:30:00Z"
}
]
Response (aggregated metrics):
{
"tool_aggregates": [
{
"tool_name": "web_fetch",
"invocation_count": 15,
"success_count": 14,
"failure_count": 1,
"avg_duration_ms": 2340
}
],
"retrieval_aggregates": [
{
"query_count": 42,
"avg_recall": 0.78,
"avg_precision": 0.85,
"avg_relevance_score": 0.81
}
]
}
List Evolution Suggestions
GET /v1/agents/{agentID}/evolution/suggestions
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
status |
string | Filter: pending, approved, applied, rejected, rolled_back. Omit for all. |
limit |
integer | Max results (default: 50, max: 500). |
Response:
[
{
"id": "uuid",
"agent_id": "uuid",
"suggestion_type": "low_retrieval_usage",
"status": "pending",
"title": "Improve retrieval threshold",
"description": "Recent queries show low recall. Consider lowering retrieval_threshold from 0.5 to 0.4.",
"parameters": {
"current_threshold": 0.5,
"proposed_threshold": 0.4,
"confidence": 0.85
},
"created_at": "2026-04-06T09:00:00Z",
"reviewed_by": null,
"reviewed_at": null
}
]
Suggestion Types:
low_retrieval_usage— Retrieval recall is below threshold for recent queries.tool_failure— High failure rate detected for a tool.repeated_tool— Tool called repeatedly without context change; candidate for skill.
Update Suggestion Status
PATCH /v1/agents/{agentID}/evolution/suggestions/{suggestionID}
Request:
{
"status": "approved",
"reviewed_by": "optional-user-id"
}
Valid status transitions: pending → approved, rejected, rolled_back.
Response:
{
"status": "ok"
}
15. Orchestration Mode
Determines how an agent routes requests (standalone, delegation, team-based).
Get Agent Orchestration Mode
GET /v1/agents/{agentID}/orchestration
Response:
{
"mode": "delegate",
"delegate_targets": [
{
"agent_key": "research-agent",
"display_name": "Research Specialist"
}
],
"team": null
}
Or in team mode:
{
"mode": "team",
"delegate_targets": [],
"team": {
"id": "uuid",
"name": "Platform Team"
}
}
Mode values:
standalone— No delegation. Agent handles all requests directly.delegate— Routes complex requests to specialized agents (via agent links).team— Routes to team members via task system.
16. V3 Feature Flags
Per-agent feature flags control v3 system capabilities (evolution, episodic memory, vault, etc.).
Get V3 Flags
GET /v1/agents/{agentID}/v3-flags
Response:
{
"evolution_enabled": true,
"episodic_enabled": true,
"vault_enabled": true,
"orchestration_enabled": false,
"skill_evolve": true,
"self_evolve": false
}
Update V3 Flags
PATCH /v1/agents/{agentID}/v3-flags
Accepts partial updates. Flag keys are validated against recognized v3 flags.
Request:
{
"evolution_enabled": true,
"episodic_enabled": false,
"vault_enabled": true
}
Response:
{
"status": "ok"
}
17. Channels
Channel Instances
| Method | Path | Description |
|---|---|---|
GET |
/v1/channels/instances |
List instances (paginated) |
POST |
/v1/channels/instances |
Create instance |
GET |
/v1/channels/instances/{id} |
Get instance |
PUT |
/v1/channels/instances/{id} |
Update instance |
DELETE |
/v1/channels/instances/{id} |
Delete instance (not default) |
Contacts
| Method | Path | Description |
|---|---|---|
GET |
/v1/contacts |
List contacts (paginated) |
GET |
/v1/contacts/resolve?ids=... |
Resolve contacts by IDs (max 100) |
POST |
/v1/contacts/merge |
Merge contacts into unified identity |
POST |
/v1/contacts/unmerge |
Unmerge previously merged contacts |
GET |
/v1/contacts/merged/{tenantUserId} |
List merged contacts for tenant user |
Tenant Users
| Method | Path | Description |
|---|---|---|
GET |
/v1/tenant-users |
List tenant users |
GET |
/v1/users/search |
Search users by query |
Group Writers
| Method | Path | Description |
|---|---|---|
GET |
/v1/channels/instances/{id}/writers/groups |
List group file writers |
GET |
/v1/channels/instances/{id}/writers |
List writers for group |
POST |
/v1/channels/instances/{id}/writers/test |
Test whether a user is a writer for a group |
POST |
/v1/channels/instances/{id}/writers |
Add writer to group |
DELETE |
/v1/channels/instances/{id}/writers/{userId} |
Remove writer |
Writer test request:
{
"group_id": "group:telegram:-100123",
"user_id": "386246614"
}
Response includes allowed, reason, instance_id, agent_id, group_id, user_id, and writer_count. Stable reasons: writer, not_writer, no_writers_configured, invalid_group.
Supported channels: telegram, discord, slack, whatsapp, zalo_oa, zalo_personal, feishu
Credentials are masked in HTTP responses.
Passive Memory Extraction
Tenant admins can configure and operate passive memory extraction per channel instance. Read endpoints are viewer-accessible; settings and item transitions require tenant admin.
| Method | Path | Description |
|---|---|---|
GET |
/v1/channels/instances/{id}/memory-extraction |
Get config, latest run, pending count, and recent items |
PUT |
/v1/channels/instances/{id}/memory-extraction/settings |
Replace normalized passive_memory config in the channel instance config |
POST |
/v1/channels/instances/{id}/memory-extraction/run |
Trigger a manual extraction run |
GET |
/v1/channels/instances/{id}/memory-extraction/items |
List review queue items; optional status filter |
POST |
/v1/channels/instances/{id}/memory-extraction/items/{itemID}/approve |
Write candidate to episodic memory and publish KG event |
POST |
/v1/channels/instances/{id}/memory-extraction/items/{itemID}/reject |
Reject candidate |
DELETE |
/v1/channels/instances/{id}/memory-extraction/items/{itemID} |
Delete candidate and linked episodic summary when present |
Config fields: enabled, review_mode, interval_minutes, message_cap,
retention_hours, allowed_types, exclude_users, exclude_patterns,
min_messages, group_only. Defaults are disabled, review mode on, group-only,
360 minute interval, 100 message cap, 168 hour retention, and durable types:
people, projects, decisions, todos, preferences, events.
18. Pending Messages
| Method | Path | Description |
|---|---|---|
GET |
/v1/pending-messages |
List all groups with titles |
GET |
/v1/pending-messages/messages |
List messages by channel+key |
DELETE |
/v1/pending-messages |
Delete message group |
POST |
/v1/pending-messages/compact |
LLM-based summarization (async, 202) |
Compaction runs in the background. Falls back to hard delete if no LLM provider is available.
19. Team Events
Team activity and audit trail.
| Method | Path | Description |
|---|---|---|
GET |
/v1/teams/{id}/events |
List team events (paginated) |
20. Secure CLI Credentials
CLI authentication credentials for secure command execution. Requires admin role (gateway token or empty-token local/dev fallback).
| Method | Path | Description |
|---|---|---|
GET |
/v1/cli-credentials |
List all credentials |
POST |
/v1/cli-credentials |
Create new credential |
GET |
/v1/cli-credentials/presets |
Get preset credential templates |
POST |
/v1/cli-credentials/check-binary |
Check binary availability |
GET |
/v1/cli-credentials/{id} |
Get credential details |
PUT |
/v1/cli-credentials/{id} |
Update credential |
DELETE |
/v1/cli-credentials/{id} |
Delete credential |
POST |
/v1/cli-credentials/{id}/test |
Test credential connection (dry-run) |
Agent Credentials
Agent credentials store PAT/SSH/env material for one CLI credential and one agent. They are the default git setup path; agent access controls who can cause the credential to be used. Responses return metadata only and never include raw typed token/key blobs.
| Method | Path | Description |
|---|---|---|
GET |
/v1/cli-credentials/{id}/agent-credentials |
List agent credentials for CLI cred |
GET |
/v1/cli-credentials/{id}/agent-credentials/{agentId} |
Get agent credential metadata |
PUT |
/v1/cli-credentials/{id}/agent-credentials/{agentId} |
Set agent credential |
DELETE |
/v1/cli-credentials/{id}/agent-credentials/{agentId} |
Delete agent credential |
Typed git request body:
{
"credential_type": "pat",
"host_scope": "github.com",
"blob": { "token": "ghp_..." }
}
Env request body:
{
"env": {
"GH_TOKEN": { "kind": "sensitive", "value": "..." }
}
}
Per-User Credentials
Advanced personal overrides. These remain for backward compatibility and have higher runtime precedence than channel/context and agent credentials.
| Method | Path | Description |
|---|---|---|
GET |
/v1/cli-credentials/{id}/user-credentials |
List user credentials for CLI cred |
GET |
/v1/cli-credentials/{id}/user-credentials/{userId} |
Get user credential |
PUT |
/v1/cli-credentials/{id}/user-credentials/{userId} |
Set user credential |
DELETE |
/v1/cli-credentials/{id}/user-credentials/{userId} |
Delete user credential |
Agent Grants
| Method | Path | Description |
|---|---|---|
GET |
/v1/cli-credentials/{id}/agent-grants |
List agent grants for CLI cred |
POST |
/v1/cli-credentials/{id}/agent-grants |
Create agent grant |
GET |
/v1/cli-credentials/{id}/agent-grants/{grantId} |
Get agent grant |
PUT |
/v1/cli-credentials/{id}/agent-grants/{grantId} |
Update agent grant |
DELETE |
/v1/cli-credentials/{id}/agent-grants/{grantId} |
Delete agent grant |
21. Runtime & Packages Management
Manage system (apk), Python (pip), and Node (npm) package installation in the GoClaw runtime container. These endpoints do not inspect host-level runtimes. Requires authentication. Empty-token admin access is limited to loopback local development or explicit GOCLAW_ALLOW_INSECURE_NO_AUTH=1; external binds require GOCLAW_GATEWAY_TOKEN.
List Installed Packages
GET /v1/packages
Returns all installed packages grouped by category.
Response:
{
"system": [
{"name": "github-cli", "version": "2.72.0-r6"},
{"name": "curl", "version": "8.9.1-r1"}
],
"pip": [
{"name": "pandas", "version": "2.0.0"},
{"name": "requests", "version": "2.31.0"}
],
"npm": [
{"name": "typescript", "version": "5.1.0"},
{"name": "docx", "version": "8.12.0"}
]
}
Install Package
POST /v1/packages/install
Request:
{
"package": "github-cli"
}
Package name can optionally include prefix: "pip:pandas" or "npm:typescript". Without prefix, defaults to system (apk).
Validation: Package names must match ^[a-zA-Z0-9@][a-zA-Z0-9._+\-/@]*$ (max 4096 bytes). Names starting with - are rejected to prevent argument injection.
Response:
{
"ok": true,
"error": ""
}
| Category | Manager | Behavior |
|---|---|---|
| System (apk) | root-privileged pkg-helper | Sent to /tmp/pkg.sock, persisted to /app/data/.runtime/apk-packages for container recreates |
| Python (pip) | direct install | Installs to $PIP_TARGET (writable runtime dir) with PIP_BREAK_SYSTEM_PACKAGES=1 |
| Node (npm) | direct install | Installs globally to $NPM_CONFIG_PREFIX (writable runtime dir) |
Uninstall Package
POST /v1/packages/uninstall
Same format as install. System packages are removed from persist file and container state.
Check Runtime Availability
GET /v1/packages/runtimes
Check which prerequisite runtimes are available inside the active GoClaw runtime container. Host-installed runtimes and shell-profile-managed binaries (for example nvm) are not included in this result.
Response:
{
"runtimes": [
{"name": "python3", "available": false},
{"name": "pip3", "available": false},
{"name": "node", "available": false},
{"name": "npm", "available": false},
{"name": "pkg-helper", "available": true, "version": "socket"}
],
"ready": false
}
GitHub Releases
GET /v1/packages/github-releases
Lists available GoClaw GitHub release versions for the update checker.
Shell Deny Groups
GET /v1/shell-deny-groups
List shell command deny group patterns configured for the gateway.
22. Traces & Costs
LLM call tracing and cost analysis.
Traces
| Method | Path | Description |
|---|---|---|
GET |
/v1/traces |
List traces (paginated, filterable) |
GET |
/v1/traces/follow |
Poll trace changes for one session or agent |
GET |
/v1/traces/{traceID} |
Get trace with spans |
GET |
/v1/traces/{traceID}/export |
Export trace tree (gzipped JSON) |
GET |
/v1/runs/{runID}/timeline |
Get persisted run archive timeline items |
GET /v1/traces query params:
| Parameter | Type | Description |
|---|---|---|
q |
string | Contains search across trace ID, trace name, input/output previews, session key, raw channel, joined agent/channel labels, and span tool/input/output previews |
agent_id |
UUID | Exact agent UUID filter |
user_id |
string | Exact user filter; non-admin callers are always forced to their own user scope |
session_key |
string | Exact session key filter |
status |
string | Exact trace status filter |
channel |
string | Exact raw channel filter |
agent |
string | Contains search over joined agent display name and key |
channel_query |
string | Contains search over tenant-scoped channel instance name, display name, and type |
from / to |
RFC 3339 timestamp | Start-time range; from is inclusive, to is exclusive |
min_input_tokens / max_input_tokens |
int | Input token range |
min_output_tokens / max_output_tokens |
int | Output token range |
min_tool_calls / max_tool_calls |
int | Tool-call count range |
tool_name |
string | Contains search over span tool names |
has_tool_calls |
boolean | Convenience filter for traces with or without tool calls |
limit |
int | Page size, default 50, max 200 |
offset |
int | Pagination offset |
GET /v1/traces/follow requires session_key or agent_id. Query params: session_key, agent_id, status, channel, since (RFC 3339), limit (default 50, max 200), include_spans (default false). Non-admin callers only see their own traces. When since is provided, the server returns traces matching existing filters and (created_at > since OR end_time > since OR status = "running").
Follow response:
{
"traces": [],
"spans_by_trace_id": {},
"server_time": "2026-05-20T11:23:00Z",
"next_since": "2026-05-20T11:23:00Z",
"limit": 50
}
Main binary operator commands wrap the same endpoints:
goclaw traces list --query "provider fail" --status error
goclaw traces get <trace-id> -o json
goclaw traces export <trace-id> --file trace.json.gz
goclaw traces follow --session <session-key>
goclaw traces timeline <trace-id>
Remote gateways use the shared client overrides:
goclaw --server https://goclaw.example.com --token "$GOCLAW_GATEWAY_TOKEN" traces list -o json
The same --server / --token resolver is shared with WebSocket/RPC-backed
admin commands. GOCLAW_SERVER or GOCLAW_GATEWAY_URL can provide the base URL
when the flag is omitted.
Run Timeline
GET /v1/runs/{runID}/timeline returns display-safe archive entries for one
agent run. Optional query params: session_key, limit (default 200, max 500),
and offset. Non-admin callers only receive entries owned by their effective
X-GoClaw-User-Id.
Timeline items are ordered by run sequence for run_id reads and include only
safe previews for tool arguments/results. Raw thinking is not persisted.
Example:
{
"run_id": "run-123",
"session_key": "agent:demo:direct:user-1",
"items": [{
"id": "019e...",
"run_id": "run-123",
"session_key": "agent:demo:direct:user-1",
"seq": 2,
"item_type": "tool.call",
"status": "running",
"title": "web_fetch",
"preview": "{\"url\":\"https://example.com\"}",
"tool_name": "web_fetch",
"tool_call_id": "call_123",
"trace_id": "019e...",
"span_id": "019e...",
"created_at": "2026-05-29T10:00:00Z"
}],
"limit": 200,
"offset": 0
}
Costs
| Method | Path | Description |
|---|---|---|
GET |
/v1/costs/summary |
Cost summary by agent/time range |
23. Usage & Analytics
| Method | Path | Description |
|---|---|---|
GET |
/v1/usage/timeseries |
Time-series usage points |
GET |
/v1/usage/breakdown |
Breakdown by provider/model/channel |
GET |
/v1/usage/summary |
Summary with period comparison |
GET |
/v1/usage-caps/policies |
List usage cap policies |
POST |
/v1/usage-caps/policies |
Create token/cost cap policy |
PATCH |
/v1/usage-caps/policies/{id} |
Update cap policy |
DELETE |
/v1/usage-caps/policies/{id} |
Delete cap policy |
GET |
/v1/usage-caps/utilization |
Current-window used and reserved counters |
GET |
/v1/usage-caps/events |
Recent allow/block/reconcile/skip events |
Query params: from, to (RFC 3339), agent_id, provider, model, channel, group_by
Periods: 24h, today, 7d, 30d
Usage cap policy body:
{
"agent_id": "optional-agent-uuid",
"provider_id": "optional-provider-uuid",
"provider_type": "openrouter",
"model_id": "anthropic/claude-sonnet-4-5",
"window": "day",
"max_tokens": 500000,
"max_cost_usd": 25,
"enabled": true
}
Policy responses include read-only source. source="agent_budget_monthly_cents" means the policy is generated from the agent monthly budget field and must be changed there; direct policy updates/deletes return 409 Conflict.
24. Activity & Audit
| Method | Path | Description |
|---|---|---|
GET |
/v1/activity |
List activity audit logs (filterable) |
GET |
/v1/activity/aggregate |
Aggregate activity logs by action, actor type, entity type, or admin-only actor ID |
GET |
/v1/logs/runtime/aggregate |
Aggregate recent in-memory runtime logs by level or source |
Activity aggregate query parameters:
group_by:action,actor_type,entity_type, oractor_id(admin only)from,to: optional RFC3339 range,frominclusive andtoexclusiveactor_type,actor_id,action,entity_type,entity_id: optional filters; non-admin callers are always scoped to their resolved user ID and must have user contextlimit: bucket cap, default 50, max 200
Runtime log aggregate is admin-only and ring-buffer based. It returns retention=ring_buffer, capacity, and sample_size; it is not durable log storage.
25. Storage
Workspace file management.
| Method | Path | Description |
|---|---|---|
GET |
/v1/storage/files |
List files with depth limiting |
GET |
/v1/storage/files/{path...} |
Read file (JSON or raw) |
POST |
/v1/storage/files |
Upload file (admin) |
DELETE |
/v1/storage/files/{path...} |
Delete file/directory (admin) |
PUT |
/v1/storage/move |
Move/rename file (admin) |
GET |
/v1/storage/size |
Stream storage size (Server-Sent Events, cached 60 min) |
Query parameters:
?raw=true— Serve native MIME type instead of JSON?depth=N— Limit directory traversal depth
Security: Protected directories skills/ and skills-store/ cannot be deleted. Path traversal and symlink attacks are blocked.
26. Voices & Audio
Voice discovery for TTS providers (ElevenLabs). All endpoints are tenant-scoped and require tenant admin or operator role.
| Method | Path | Description |
|---|---|---|
GET |
/v1/voices |
List available voices (in-memory cached, TTL 1h) |
POST |
/v1/voices/refresh |
Force refresh voice cache (admin-only) |
GET /v1/voices
Response (200 OK):
[
{
"voice_id": "pMsXgVXv3BLzUgSXRplE",
"name": "Alice",
"preview_url": "https://...",
"category": "premade",
"labels": {
"use_case": "conversational",
"accent": "american"
}
}
]
Caching: In-memory cached per tenant with TTL 1h. Cache miss triggers immediate fetch from provider.
POST /v1/voices/refresh
Invalidate the voice cache for the current tenant, forcing a fresh fetch on the next request.
Response (202 Accepted):
{ "message": "voice cache invalidated" }
27. Media
| Method | Path | Description |
|---|---|---|
POST |
/v1/media/upload |
Upload file (multipart, 50 MB limit) |
GET |
/v1/media/{id} |
Serve media by ID with caching |
28. Files
| Method | Path | Description |
|---|---|---|
GET |
/v1/files/{path...} |
Serve workspace file by path |
POST |
/v1/files/sign |
Generate signed URL for token-based file access |
Auth via Bearer token or ?token= query param (for <img> tags). MIME type auto-detected. Path traversal blocked.
29. API Keys
Admin-only endpoints for managing gateway API keys. See 20 — API Keys & Auth for the full authentication and authorization model.
| Method | Path | Description |
|---|---|---|
GET |
/v1/api-keys |
List all API keys (masked) |
POST |
/v1/api-keys |
Create API key (returns raw key once) |
POST |
/v1/api-keys/{id}/revoke |
Revoke API key |
Create Request
{
"name": "ci-deploy",
"scopes": ["operator.read", "operator.write"],
"expires_in": 2592000
}
Create Response
{
"id": "01961234-...",
"name": "ci-deploy",
"prefix": "goclaw_a1b2c3d4",
"key": "goclaw_a1b2c3d4e5f6...full-key",
"scopes": ["operator.read", "operator.write"],
"expires_at": "2026-04-14T12:00:00Z",
"created_at": "2026-03-15T12:00:00Z"
}
The
keyfield is only returned in the create response. Subsequent list/get calls show only theprefix.
30. OAuth
| Method | Path | Description |
|---|---|---|
GET |
/v1/auth/chatgpt/{provider}/status |
Check ChatGPT OAuth status for a provider |
GET |
/v1/auth/chatgpt/{provider}/quota |
Fetch Codex/OpenAI quota state for a provider |
POST |
/v1/auth/chatgpt/{provider}/start |
Start ChatGPT OAuth flow for a provider |
POST |
/v1/auth/chatgpt/{provider}/callback |
Manual callback handler for a provider |
POST |
/v1/auth/chatgpt/{provider}/logout |
Revoke ChatGPT OAuth token for a provider |
GET |
/v1/auth/openai/status |
Check OpenAI auth status |
GET |
/v1/auth/openai/quota |
Fetch quota state for the default openai-codex provider |
POST |
/v1/auth/openai/start |
Start OAuth flow |
POST |
/v1/auth/openai/callback |
Manual callback handler |
POST |
/v1/auth/openai/logout |
Revoke token |
Legacy /v1/auth/openai/* routes remain as compatibility aliases for the default openai-codex OpenAI Codex OAuth provider.
Provider Quota Response
GET /v1/auth/chatgpt/{provider}/quota and GET /v1/auth/openai/quota always return a provider-scoped quota envelope.
Success payload:
{
"provider_name": "openai-codex",
"success": true,
"plan_type": "team",
"windows": [
{
"label": "Primary",
"used_percent": 24,
"remaining_percent": 76,
"reset_after_seconds": 3600,
"reset_at": "2026-03-24T20:15:00Z"
}
],
"core_usage": {
"five_hour": {
"label": "Primary",
"remaining_percent": 76,
"reset_after_seconds": 3600,
"reset_at": "2026-03-24T20:15:00Z"
},
"weekly": {
"label": "Secondary",
"remaining_percent": 62,
"reset_after_seconds": 604800,
"reset_at": "2026-03-31T19:15:00Z"
}
},
"last_updated": "2026-03-24T19:15:00Z"
}
Notes:
- Invalid provider slugs return
400. - Missing provider returns
404, provider type conflicts return409. - Missing quota metadata, expired workspace access, upstream
402/403/429return200with a structured failure payload. error_codecan bemissing_account_id,reauth_required,payment_required,quota_api_forbidden,quota_endpoint_not_found,rate_limited,provider_unavailable,network_timeout,network_error,quota_request_failed, orunknown_upstream_error.
31. Edition
| Method | Path | Description |
|---|---|---|
GET |
/v1/edition |
Get current edition info (lite vs standard) |
32. Tenants
Multi-tenant management (admin only).
| Method | Path | Description |
|---|---|---|
GET |
/v1/tenants |
List tenants |
POST |
/v1/tenants |
Create tenant |
GET |
/v1/tenants/{id} |
Get tenant |
PATCH |
/v1/tenants/{id} |
Update tenant |
GET |
/v1/tenants/{id}/users |
List tenant users |
POST |
/v1/tenants/{id}/users |
Add user to tenant |
DELETE |
/v1/tenants/{id}/users/{userId} |
Remove user from tenant |
33. System Configs
Key-value system configuration store.
| Method | Path | Description |
|---|---|---|
GET |
/v1/system-configs |
List all system configs |
GET |
/v1/system-configs/{key} |
Get config by key |
PUT |
/v1/system-configs/{key} |
Set config value (admin) |
DELETE |
/v1/system-configs/{key} |
Delete config (admin) |
34. Team Workspace & Attachments
| Method | Path | Description |
|---|---|---|
POST |
/v1/teams/{teamId}/workspace/upload |
Upload file to team workspace |
PUT |
/v1/teams/{teamId}/workspace/move |
Move workspace item |
GET |
/v1/teams/{teamId}/attachments/{attachmentId}/download |
Download task attachment |
35. Backup & Restore
System-level backup/restore endpoints (admin only). Stream progress via SSE.
System Backup
| Method | Path | Description |
|---|---|---|
POST |
/v1/system/backup |
Create system backup (streams SSE progress) |
GET |
/v1/system/backup/preflight |
Check backup prerequisites |
GET |
/v1/system/backup/download/{token} |
Download backup archive |
POST |
/v1/system/restore |
Restore from backup archive (streams SSE progress) |
Query params for restore: skip_db=true, skip_files=true, dry_run=true
S3 Backup Integration
| Method | Path | Description |
|---|---|---|
GET |
/v1/system/backup/s3/config |
Get S3 backup configuration |
PUT |
/v1/system/backup/s3/config |
Set S3 backup configuration |
GET |
/v1/system/backup/s3/list |
List S3 backup objects |
POST |
/v1/system/backup/s3/upload |
Upload backup to S3 |
POST |
/v1/system/backup/s3/backup |
Trigger S3 backup |
Tenant Backup
| Method | Path | Description |
|---|---|---|
POST |
/v1/tenant/backup |
Create tenant-scoped backup |
GET |
/v1/tenant/backup/preflight |
Check tenant backup prerequisites |
GET |
/v1/tenant/backup/download/{token} |
Download tenant backup archive |
POST |
/v1/tenant/restore |
Restore tenant from backup |
36. System
| Method | Path | Description |
|---|---|---|
GET |
/health |
Health check (no auth) |
GET |
/v1/openapi.json |
OpenAPI 3.0 spec |
GET |
/docs |
Swagger UI |
Health Response
{
"status": "ok",
"protocol": 3
}
37. MCP Bridge
Exposes GoClaw tools to Claude CLI via streamable HTTP at /mcp/bridge. Only listens on localhost. Protected by gateway token with HMAC-signed context headers.
| Header | Purpose |
|---|---|
X-Agent-ID |
Agent context for tool execution |
X-User-ID |
User context |
X-Channel |
Channel routing |
X-Chat-ID |
Chat routing |
X-Peer-Kind |
direct or group |
X-Bridge-Sig |
HMAC signature over all context fields |
Error Responses
All endpoints return errors in a consistent JSON format:
{
"error": "human-readable error message"
}
Error messages are localized based on the Accept-Language header. HTTP status codes follow standard conventions:
| Code | Meaning |
|---|---|
400 |
Bad request (invalid JSON, missing fields) |
401 |
Unauthorized (missing or invalid token) |
403 |
Forbidden (insufficient permissions) |
404 |
Not found |
409 |
Conflict (duplicate name, version mismatch) |
429 |
Rate limited |
500 |
Internal server error |
Notes on WebSocket-Only Endpoints
The following operations are only available via WebSocket RPC, not HTTP:
- Sessions: Preview, patch, delete, reset (use WebSocket method
sessions.*; HTTP supports read-only list) - Cron jobs: List, create, update, delete, logs (use WebSocket method
cron.*) - Send messages: Send to channels (use WebSocket method
send.*) - Config management: Get, apply, patch (use WebSocket method
config.*)
These endpoints require an active WebSocket connection to the /ws endpoint with proper authentication and agent context.
Module Reference
| Module | Path | Purpose |
|---|---|---|
| Auth & Routing | internal/http/, internal/gateway/ |
Auth middleware, RBAC, request routing, MCP bridge |
| Chat, Agents & Skills | internal/http/chat_completions.go, agents*.go, skills*.go, wake.go |
Conversational endpoints, agent CRUD, skill management |
| Memory, Vault & Knowledge | internal/http/memory.go, vault_handlers*.go, knowledge_graph.go, episodic_handlers.go |
Persistent knowledge, vector memory, document graph |
| Evolution, Orchestration & Flags | internal/http/evolution_handlers.go, orchestration_handlers.go, v3_flags_handlers.go |
v3 runtime control, metrics, suggestions, feature flags |