blackroad-os/blackroad-os-docs
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc207ec852e2dac1712a12bdbdc86f5f77e83603
blackroad-os-docs/docs/reference/api-design.md
Alexa Louise 25784a89f7 docs: add API design reference for governance layer 
- Complete REST API specification for all governance endpoints
- Authentication with scoped tokens
- Intent, Policy, Ledger, Agent, Approval endpoints
- Webhook events and security
- Rate limiting tiers
- TypeScript and Python SDK examples
- OpenAPI spec reference

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-30 20:21:32 -06:00

677 lines
14 KiB
Markdown
Raw Blame History

# BlackRoad OS — API Design Reference
> **Version:** 1.0
> **Last Updated:** 2025-11-30
> **Base URL:** `https://api.blackroad.io/v1`
---
## Overview
The BlackRoad OS API provides programmatic access to the governance layer, enabling agents and applications to:
- Create and manage intents (tasks/goals)
- Evaluate policies and check permissions
- Write audit events to the ledger
- Register and manage agents
- Handle claims and delegations
---
## Authentication
All API requests require authentication via Bearer token.
```bash
curl -X GET https://api.blackroad.io/v1/health \
-H "Authorization: Bearer br_live_xxxxxxxxxxxx"
```
### Token Types
| Type | Prefix | Use Case |
|------|--------|----------|
| Agent Token | `br_agent_` | Agent-to-API communication |
| User Token | `br_user_` | User applications |
| System Token | `br_system_` | Internal services |
| Test Token | `br_test_` | Development/testing |
### Token Scopes
Tokens are scoped to specific permissions:
```json
{
"token_id": "tok-20251130-abc123",
"agent_id": "cece.governor.v1",
"scopes": [
"intent:read",
"intent:write",
"policy:evaluate",
"ledger:write",
"agent:read"
],
"expires_at": "2026-11-30T00:00:00Z"
}
```
---
## Common Headers
| Header | Required | Description |
|--------|----------|-------------|
| `Authorization` | Yes | Bearer token |
| `Content-Type` | Yes (POST/PATCH) | `application/json` |
| `X-Request-ID` | No | Client-generated request ID for tracing |
| `X-Intent-ID` | No | Associate request with an intent |
---
## Response Format
All responses follow a consistent format:
### Success Response
```json
{
"success": true,
"data": { ... },
"meta": {
"request_id": "req-20251130-xyz789",
"timestamp": "2025-11-30T14:32:01.123Z"
}
}
```
### Error Response
```json
{
"success": false,
"error": {
"code": "POLICY_DENIED",
"message": "Action requires human approval",
"details": {
"policy_id": "pol-20251130-a1b2c3",
"rule_matched": "r1"
}
},
"meta": {
"request_id": "req-20251130-xyz789",
"timestamp": "2025-11-30T14:32:01.123Z"
}
}
```
### Error Codes
| Code | HTTP Status | Description |
|------|-------------|-------------|
| `UNAUTHORIZED` | 401 | Invalid or missing token |
| `FORBIDDEN` | 403 | Token lacks required scope |
| `NOT_FOUND` | 404 | Resource doesn't exist |
| `POLICY_DENIED` | 403 | Policy blocked the action |
| `APPROVAL_REQUIRED` | 202 | Action pending human approval |
| `VALIDATION_ERROR` | 400 | Invalid request payload |
| `RATE_LIMITED` | 429 | Too many requests |
| `INTERNAL_ERROR` | 500 | Server error |
---
## Endpoints
### Health & Status
#### GET /health
Check API health.
```bash
curl https://api.blackroad.io/v1/health
```
Response:
```json
{
"success": true,
"data": {
"status": "healthy",
"version": "1.0.0",
"timestamp": "2025-11-30T14:32:01.123Z"
}
}
```
---
### Intents
#### POST /intent
Create a new intent.
```bash
curl -X POST https://api.blackroad.io/v1/intent \
-H "Authorization: Bearer br_agent_xxx" \
-H "Content-Type: application/json" \
-d '{
"goal": "Find investor docs and summarize them",
"priority": "high",
"context": {
"search_terms": ["investor", "deck"],
"deadline": "2025-11-30T18:00:00Z"
}
}'
```
Response:
```json
{
"success": true,
"data": {
"intent_id": "int-20251130-x1y2z3",
"actor": "agent:cece.governor.v1",
"goal": "Find investor docs and summarize them",
"priority": "high",
"status": "proposed",
"created_at": "2025-11-30T14:32:01.123Z"
}
}
```
#### GET /intent/:id
Get intent details.
```bash
curl https://api.blackroad.io/v1/intent/int-20251130-x1y2z3 \
-H "Authorization: Bearer br_agent_xxx"
```
Response:
```json
{
"success": true,
"data": {
"intent_id": "int-20251130-x1y2z3",
"actor": "user:alexa",
"goal": "Find investor docs and summarize them",
"priority": "high",
"status": "executing",
"plan": [
{"step": 1, "action": "drive.search", "status": "completed"},
{"step": 2, "action": "drive.get", "status": "in_progress"},
{"step": 3, "action": "summarize", "status": "planned"}
],
"assigned_agent": "cece.governor.v1",
"created_at": "2025-11-30T14:32:01.123Z",
"updated_at": "2025-11-30T14:35:22.456Z"
}
}
```
#### PATCH /intent/:id
Update intent status or plan.
```bash
curl -X PATCH https://api.blackroad.io/v1/intent/int-20251130-x1y2z3 \
-H "Authorization: Bearer br_agent_xxx" \
-H "Content-Type: application/json" \
-d '{
"status": "executing",
"plan": [
{"step": 1, "action": "drive.search", "status": "completed"},
{"step": 2, "action": "drive.get", "status": "in_progress"}
]
}'
```
#### GET /intent
List intents with filters.
```bash
curl "https://api.blackroad.io/v1/intent?status=executing&limit=10" \
-H "Authorization: Bearer br_agent_xxx"
```
Query Parameters:
| Param | Type | Description |
|-------|------|-------------|
| `status` | string | Filter by status |
| `actor` | string | Filter by actor |
| `agent` | string | Filter by assigned agent |
| `limit` | number | Max results (default: 20) |
| `offset` | number | Pagination offset |
---
### Policy Evaluation
#### POST /policy/evaluate
Check if an action is allowed.
```bash
curl -X POST https://api.blackroad.io/v1/policy/evaluate \
-H "Authorization: Bearer br_agent_xxx" \
-H "Content-Type: application/json" \
-d '{
"action": "gmail.send",
"context": {
"recipient": "investor@external.com",
"subject": "Follow-up on our meeting",
"has_attachments": true
}
}'
```
Response (Allowed):
```json
{
"success": true,
"data": {
"result": "allowed",
"policy_id": null,
"rule_matched": null,
"reason": "No policy restriction"
}
}
```
Response (Requires Approval):
```json
{
"success": true,
"data": {
"result": "requires_approval",
"policy_id": "pol-20251130-a1b2c3",
"rule_matched": "r1",
"reason": "External email requires human approval",
"approval_url": "https://app.blackroad.io/approve/apr-20251130-xyz"
}
}
```
Response (Denied):
```json
{
"success": false,
"error": {
"code": "POLICY_DENIED",
"message": "Action is not permitted",
"details": {
"policy_id": "pol-20251130-b2c3d4",
"rule_matched": "r2",
"reason": "Attachments not allowed to external recipients"
}
}
}
```
---
### Ledger Events
#### POST /ledger/event
Write an audit event.
```bash
curl -X POST https://api.blackroad.io/v1/ledger/event \
-H "Authorization: Bearer br_agent_xxx" \
-H "Content-Type: application/json" \
-d '{
"intent_id": "int-20251130-x1y2z3",
"tool": "drive",
"action": "search",
"inputs": {
"query": "investor deck",
"folder": "shared"
},
"outputs": {
"file_count": 3,
"file_ids": ["file-1", "file-2", "file-3"]
},
"policy_decision": {
"result": "allowed"
},
"notes": "Searching for investor materials"
}'
```
Response:
```json
{
"success": true,
"data": {
"event_id": "evt-20251130-000042",
"intent_id": "int-20251130-x1y2z3",
"timestamp": "2025-11-30T14:32:01.123Z",
"inputs_hash": "sha256:abc123...",
"outputs_hash": "sha256:def456..."
}
}
```
#### GET /ledger/events
Query ledger events.
```bash
curl "https://api.blackroad.io/v1/ledger/events?intent_id=int-20251130-x1y2z3" \
-H "Authorization: Bearer br_agent_xxx"
```
Query Parameters:
| Param | Type | Description |
|-------|------|-------------|
| `intent_id` | string | Filter by intent |
| `agent_id` | string | Filter by agent |
| `tool` | string | Filter by tool |
| `date` | string | Filter by date (YYYY-MM-DD) |
| `limit` | number | Max results (default: 50) |
---
### Delegation Check
#### GET /delegation/check
Verify if an agent can perform an action.
```bash
curl "https://api.blackroad.io/v1/delegation/check?agent=cece.governor.v1&action=gmail.send" \
-H "Authorization: Bearer br_agent_xxx"
```
Response:
```json
{
"success": true,
"data": {
"allowed": true,
"delegation_id": "del-20251130-d001",
"delegator": "user:alexa",
"requires_approval": true,
"scope_matched": "gmail.*",
"constraints": {
"require_approval_for": ["gmail.send"]
}
}
}
```
---
### Agents
#### GET /agent/:id
Get agent details.
```bash
curl https://api.blackroad.io/v1/agent/cece.governor.v1 \
-H "Authorization: Bearer br_agent_xxx"
```
Response:
```json
{
"success": true,
"data": {
"agent_id": "cece.governor.v1",
"name": "Cece",
"class": "lucidia",
"capabilities": ["intent.create", "policy.evaluate", "ledger.write"],
"status": "active",
"last_seen": "2025-11-30T14:32:01.123Z"
}
}
```
#### POST /agent/register
Register a new agent.
```bash
curl -X POST https://api.blackroad.io/v1/agent/register \
-H "Authorization: Bearer br_system_xxx" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "email.handler.v1",
"name": "Email Handler",
"class": "worker",
"capabilities": ["gmail.read", "gmail.draft", "gmail.send"],
"owner": "org:blackroad"
}'
```
#### PATCH /agent/:id/heartbeat
Update agent last_seen timestamp.
```bash
curl -X PATCH https://api.blackroad.io/v1/agent/cece.governor.v1/heartbeat \
-H "Authorization: Bearer br_agent_xxx"
```
---
### Approvals
#### GET /approval/:id
Get approval request details.
```bash
curl https://api.blackroad.io/v1/approval/apr-20251130-xyz \
-H "Authorization: Bearer br_user_xxx"
```
Response:
```json
{
"success": true,
"data": {
"approval_id": "apr-20251130-xyz",
"intent_id": "int-20251130-x1y2z3",
"agent_id": "cece.governor.v1",
"action": "gmail.send",
"context": {
"recipient": "investor@external.com",
"subject": "Follow-up",
"preview": "Dear investor, thank you for..."
},
"status": "pending",
"requested_at": "2025-11-30T14:32:01.123Z",
"expires_at": "2025-11-30T18:32:01.123Z"
}
}
```
#### POST /approval/:id/approve
Approve a pending action.
```bash
curl -X POST https://api.blackroad.io/v1/approval/apr-20251130-xyz/approve \
-H "Authorization: Bearer br_user_xxx" \
-H "Content-Type: application/json" \
-d '{
"notes": "Approved - investor follow-up is expected"
}'
```
#### POST /approval/:id/reject
Reject a pending action.
```bash
curl -X POST https://api.blackroad.io/v1/approval/apr-20251130-xyz/reject \
-H "Authorization: Bearer br_user_xxx" \
-H "Content-Type: application/json" \
-d '{
"reason": "Not ready to send yet - need to review content"
}'
```
---
## Webhooks
Configure webhooks to receive real-time notifications.
### Webhook Events
| Event | Description |
|-------|-------------|
| `intent.created` | New intent created |
| `intent.completed` | Intent finished |
| `intent.blocked` | Intent encountered blocker |
| `approval.requested` | Action needs approval |
| `approval.resolved` | Approval granted/rejected |
| `policy.violated` | Policy denied an action |
### Webhook Payload
```json
{
"event": "approval.requested",
"timestamp": "2025-11-30T14:32:01.123Z",
"data": {
"approval_id": "apr-20251130-xyz",
"intent_id": "int-20251130-x1y2z3",
"agent_id": "cece.governor.v1",
"action": "gmail.send",
"approval_url": "https://app.blackroad.io/approve/apr-20251130-xyz"
}
}
```
### Webhook Security
Webhooks include a signature header for verification:
```
X-BlackRoad-Signature: sha256=abc123...
```
Verify with:
```typescript
const crypto = require('crypto');
function verifyWebhook(payload: string, signature: string, secret: string): boolean {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
```
---
## Rate Limits
| Tier | Requests/min | Burst |
|------|--------------|-------|
| Free | 60 | 10 |
| Pro | 600 | 100 |
| Business | 3000 | 500 |
| Enterprise | Custom | Custom |
Rate limit headers:
```
X-RateLimit-Limit: 600
X-RateLimit-Remaining: 542
X-RateLimit-Reset: 1732972380
```
---
## SDKs
### TypeScript/JavaScript
```typescript
import { BlackRoadClient } from '@blackroad/sdk';
const client = new BlackRoadClient({
token: 'br_agent_xxx',
baseUrl: 'https://api.blackroad.io/v1'
});
// Create intent
const intent = await client.intents.create({
goal: 'Find and summarize investor docs',
priority: 'high'
});
// Evaluate policy
const decision = await client.policies.evaluate({
action: 'gmail.send',
context: { recipient: 'investor@example.com' }
});
// Write ledger event
await client.ledger.writeEvent({
intentId: intent.intent_id,
tool: 'drive',
action: 'search',
inputs: { query: 'investor' },
outputs: { fileCount: 3 }
});
```
### Python
```python
from blackroad import BlackRoadClient
client = BlackRoadClient(
token='br_agent_xxx',
base_url='https://api.blackroad.io/v1'
)
# Create intent
intent = client.intents.create(
goal='Find and summarize investor docs',
priority='high'
)
# Evaluate policy
decision = client.policies.evaluate(
action='gmail.send',
context={'recipient': 'investor@example.com'}
)
# Write ledger event
client.ledger.write_event(
intent_id=intent.intent_id,
tool='drive',
action='search',
inputs={'query': 'investor'},
outputs={'file_count': 3}
)
```
---
## OpenAPI Specification
Full OpenAPI 3.0 spec available at:
- JSON: `https://api.blackroad.io/v1/openapi.json`
- YAML: `https://api.blackroad.io/v1/openapi.yaml`
---
## References
- [KV Schema](./kv-schema.md)
- [Architecture Overview](../meta/vision/architecture.md)
- [Governance Roadmap](../governance/governance-roadmap.md)
Reference in New Issue View Git Blame Copy Permalink