4102) under the /api prefix. Responses are JSON with Content-Type: application/json. CORS headers are applied at the server level.
Base URL: http://<host>:4102/api
AGTOS_API_KEY environment variable is set, all /api/* endpoints require a Bearer token. See Authentication below.Health
GET /api/health
GET /api/health
Response
200 OK — All services healthy.GET /health/metrics
GET /health/metrics
Response
200 OKGET /health/:serviceName
GET /health/:serviceName
GET /api/health, but for one service only.Path Parameters
redis, ollama, stt-sherpa-onnx, tts-sherpa-onnx, mcp-server, memory-maintenance, memory-semantic, nli-pipeline, provider-claude, provider-openai, provider-ollama, provider-openrouter).Response
200 OK — Service is healthy.GET /metrics
GET /metrics
Response
200 OK (text/plain; version=0.0.4)/metrics endpoint is served at the root path (not under /api). It does not require authentication even when AGTOS_API_KEY is set.Sessions
GET /api/sessions
GET /api/sessions
Response
200 OKVoice Status
GET /api/voice/status
GET /api/voice/status
Response
200 OK — Pipeline available.Memory
GET /api/memory/episodes
GET /api/memory/episodes
GET /api/memory/search
GET /api/memory/search
Scheduler
GET /api/scheduler/tasks
GET /api/scheduler/tasks
Response
200 OKPOST /api/scheduler/tasks
POST /api/scheduler/tasks
Request Body
cron, once, interval.scheduleType is cron.scheduleType is once.scheduleType is interval.Schedule Type Examples
Response
201 CreatedDELETE /api/scheduler/tasks/:id
DELETE /api/scheduler/tasks/:id
Workflows
GET /api/workflows
GET /api/workflows
Response
200 OKPOST /api/workflows/:id/execute
POST /api/workflows/:id/execute
Path Parameters
Request Body (optional)
Response
200 OKSystem Info
GET /api/system/info
GET /api/system/info
Response
200 OKChat
POST /api/chat
POST /api/chat
Request Body
Response
200 OKChat Streaming
POST /api/chat/stream
POST /api/chat/stream
text/event-stream response with real-time content tokens, thinking/reasoning blocks, tool call events, and a final metadata event. Used by the dashboard Chat page.Request Body
web).{ content: string, mimeType: string, encoding: "base64" }.SSE Events
The response is a stream ofdata: lines, each containing a JSON object with a type field:fetch() with ReadableStream to consume this endpoint — native EventSource does not support POST requests. The thinking event type carries provider-agnostic reasoning output (Claude thinking, OpenAI reasoning, Ollama think tags, OpenRouter reasoning).Conversation History
GET /api/chat/history/:sessionId
GET /api/chat/history/:sessionId
Tasks
POST /api/tasks
POST /api/tasks
Request Body
Response
200 OKVoice Stats
GET /api/voice/stats
GET /api/voice/stats
Response
200 OKMemory Profile
GET /api/memory/profile
GET /api/memory/profile
Response
200 OKPUT /api/memory/profile
PUT /api/memory/profile
Memory Conclusions
GET /api/memory/conclusions
GET /api/memory/conclusions
Query Parameters
explicit, inferred, corrected.Response
200 OKDELETE /api/memory/conclusions/:id
DELETE /api/memory/conclusions/:id
Memory Ask (Dialectic)
POST /api/memory/ask
POST /api/memory/ask
Request Body
Response
200 OKMemory Maintenance
POST /api/memory/maintain
POST /api/memory/maintain
MaintenanceReport. Gated by ResourceGuard — busy systems defer the run. See ADR-021.Request Body
The body is validated with.strict() — unknown fields are rejected. The userId is resolved server-side from the profile manager and must not be passed in the request body (per ADR-025 Rule 3).Response
200 OK — Sweep completed. Returns the fullMaintenanceReport.errorCode: PROFILE_DISCONNECTED — Memory profile manager is not connected (Redis down, manager disconnected). Persistent — operator action required.errorCode: RESOURCES_BUSY — ResourceGuard deferred this run (active sessions, high CPU load, Ollama VRAM contention). Transient — retry later. The reason field carries the guard’s diagnosis.Dreamer.maintain() threw (genuine internal error, not a defer).agtos memory maintain) reads errorCode to decide between exit code 2 (transient, retry later) and exit code 3 (operator action required).GET /api/memory/maintain/history
GET /api/memory/maintain/history
MaintenanceReport entries. Backs the dashboard’s maintenance history widget. Reports are stored with a 30-day TTL under a sorted-set index capped at 200 entries.Query Parameters
Response
200 OKGET /api/memory/maintain/history/:timestamp
GET /api/memory/maintain/history/:timestamp
MaintenanceReport by its timestamp (Unix milliseconds).Path Parameters
Response
200 OK — Returns the fullMaintenanceReport (same shape as POST /api/memory/maintain).400 Bad Request — Invalid timestamp.404 Not Found — Report not found or expired (past the 30-day TTL).503 Service Unavailable — Memory coordinator or profile manager not connected.Memory Import
GET /api/memory/sources
GET /api/memory/sources
Response
200 OKPOST /api/memory/import
POST /api/memory/import
Entities
GET /api/entities
GET /api/entities
Query Parameters
person, place, organization, event, thing.Response
200 OKGET /api/entities/stats
GET /api/entities/stats
GET /api/entities/:id
GET /api/entities/:id
PUT /api/entities/:id
PUT /api/entities/:id
Path Parameters
Request Body
Response
200 OK — Returns the updated entity.404 Not Found — Entity does not exist.DELETE /api/entities/:id
DELETE /api/entities/:id
POST /api/entities/:id/merge
POST /api/entities/:id/merge
Path Parameters
Request Body
Response
200 OK — Returns the merged primary entity.404 Not Found — Entity does not exist.GET /api/entities/:id/episodes
GET /api/entities/:id/episodes
GET /api/entities/:id/conclusions
GET /api/entities/:id/conclusions
GET /api/entities/:id/relationships
GET /api/entities/:id/relationships
Devices
POST /api/devices/register
POST /api/devices/register
Request Body
esp32, browser, cli, mcp-client, custom.audio, microphone, speaker, display, buttons, sensors (all boolean).Response
201 CreatedGET /api/devices
GET /api/devices
Query Parameters
pending, active, suspended, revoked.esp32, browser, cli, mcp-client, custom.Response
200 OKGET /api/devices/:id
GET /api/devices/:id
PUT /api/devices/:id
PUT /api/devices/:id
Path Parameters
Request Body
All fields are optional. Only provided fields are updated.pending, active, suspended, revoked.Response
200 OK — Returns the updated device.404 Not Found — Device does not exist.503 Service Unavailable — Device registry not available.DELETE /api/devices/:id
DELETE /api/devices/:id
POST /api/devices/:id/authenticate
POST /api/devices/:id/authenticate
POST /api/devices/:id/link
POST /api/devices/:id/link
User Preferences
GET /api/users/:userId/preferences
GET /api/users/:userId/preferences
PUT /api/users/:userId/preferences
PUT /api/users/:userId/preferences
Path Parameters
Request Body
All fields are optional.storeTranscripts (boolean), storeAudio (boolean).Response
200 OK — Returns the updated preferences.400 Bad Request — Validation failure.503 Service Unavailable — User preferences not available.Setup Token
GET /api/setup-token
GET /api/setup-token
Response
200 OKAGTOS_API_KEY set, or token has expired).AGTOS_API_KEY is not set (onboarding mode). Once the user configures an API key, the setup token is no longer needed.POST /api/slots/auto-configure
POST /api/slots/auto-configure
Request Body
cloud, local, or hybrid.claude, openai, or openrouter.cloud-backup, ollama-local, or none.Response
200 OKPOST /api/slots/reset
POST /api/slots/reset
Response
200 OKCredentials
POST /api/credentials
POST /api/credentials
apiKey or setupToken.Request Body
provider-anthropic, provider-openai, or provider-openrouter.sk-ant-api03-... for Anthropic, sk-... for OpenAI, sk-or-v1-... for OpenRouter). Max 256 chars.Response
200 OKPOST /api/credentials/validate
POST /api/credentials/validate
Request Body
provider-anthropic, provider-openai, provider-ollama, or provider-openrouter.Response
200 OKDELETE /api/credentials/:providerId
DELETE /api/credentials/:providerId
Path Parameters
provider-anthropic, provider-openai, provider-openrouter). Must start with provider-.Response
200 OKPOST /api/credentials/clear-all
POST /api/credentials/clear-all
Dependencies
GET /api/dependencies
GET /api/dependencies
Response
200 OKPOST /api/dependencies/install-redis
POST /api/dependencies/install-redis
redis/redis-stack:latest container with port 6379 exposed and unless-stopped restart policy.Response
200 OK — Redis installed, started, or already running.status values: installed (new container created), started (existing container started), already_running (no action needed).400 Bad Request — Docker is not running.Config (Legacy)
GET /api/config/writable
GET /api/config/writable
Response
200 OKPUT /api/config
PUT /api/config
Request Body
Response
200 OKSettings
GET /api/settings
GET /api/settings
Response
200 OKPUT /api/settings
PUT /api/settings
config:changed event.Request Body
Pass a flat object with config keys and their new values:Response
200 OKGET /api/settings/schema
GET /api/settings/schema
Response
200 OKSlots
GET /api/slots
GET /api/slots
Response
200 OKPUT /api/slots
PUT /api/slots
chat, reasoning) to a provider and model. The chat slot is required and cannot be removed.Before writing, the server validates each slot’s model against the ProviderCatalog:- Unknown models (not in any catalog): warning returned, write allowed — the model may be private or unlisted.
- Future-deprecated models: warning returned, write allowed.
- Past-deprecated models: write blocked with HTTP 400.
- Catalog fetch failure: warning returned, write allowed — transient upstream issue.
Request Body
Response
200 OKwarnings array is only present when at least one warning was generated.400 Bad Request — Deprecated model(s) detected.Provider Catalog
GET /api/providers/catalog
GET /api/providers/catalog
Query Parameters
1 to bypass the 1-hour cache TTL and force a network fetch.tool-use,vision.Response
200 OKGET /api/providers/:providerId/account
GET /api/providers/:providerId/account
Models
GET /api/models
GET /api/models
POST /api/models/download
POST /api/models/download
GET /api/models/:modelId/status
GET /api/models/:modelId/status
DELETE /api/models/:modelId
DELETE /api/models/:modelId
POST /api/models/clear-all
POST /api/models/clear-all
Ollama
GET /api/ollama/status
GET /api/ollama/status
GET /api/ollama/models
GET /api/ollama/models
POST /api/ollama/pull
POST /api/ollama/pull
POST /api/ollama/start
POST /api/ollama/start
Response
200 OKBilling
GET /api/billing/status
GET /api/billing/status
Response
200 OKPOST /api/billing/retry/:providerId
POST /api/billing/retry/:providerId
Path Parameters
openai, claude, openrouter).Response
200 OK — Exhaustion state cleared, affected slots re-marked healthy.404 Not Found — Provider not configured.Capture Protocol (PACT)
POST /api/capture/start
POST /api/capture/start
Request Body
audio, video, neural.active-participant (default), passive-observation, or ambient.Response
201 CreatedPOST /api/capture/stop
POST /api/capture/stop
GET /api/capture/streams
GET /api/capture/streams
GET /api/capture/consent
GET /api/capture/consent
PUT /api/capture/consent
PUT /api/capture/consent
Request Body
US-CA for California two-party consent).none, passive, active, or full.Response
200 OK — Returns updated consent settings.400 Bad Request — Validation failure.System (Extended)
GET /api/system/redis-status
GET /api/system/redis-status
POST /api/system/reconnect-redis
POST /api/system/reconnect-redis
AGTOS_API_KEY is set.Response
200 OKGET /api/system/capabilities
GET /api/system/capabilities
POST /api/system/reset-onboarding
POST /api/system/reset-onboarding
Common Error Responses
All endpoints may return the following error shapes:400 Bad Request
Returned when the request is malformed or missing required fields. Theerror field contains a human-readable description.
404 Not Found
Returned when a requested resource (task, workflow) does not exist.500 Internal Server Error
Returned when an unexpected exception occurs during request processing.503 Service Unavailable
Returned when a required dependency (Redis, voice pipeline, memory system, scheduler, workflow engine) is not initialized or has failed.Notes
- ID validation: Path parameter IDs (task IDs, workflow IDs) must match
^[a-zA-Z0-9\-_]+$and be 1—128 characters. Invalid IDs return 400. - CORS: Configurable via
CORS_ORIGINenvironment variable (default:http://localhost:5173). Tauri desktop origins are auto-added. PreflightOPTIONSrequests return 204. - Metrics: All API requests are tracked in the internal metrics system. Latency is recorded per route.
- Authentication: See Authentication below for opt-in API key auth.
- Rate Limiting: See Rate Limiting below for per-endpoint limits.
Authentication
API key authentication is opt-in. When theAGTOS_API_KEY environment variable is set, all /api/* endpoints require a valid Bearer token.
Headers
Response (401 Unauthorized)
Exempt Paths
These paths do not require authentication:GET /health(and sub-paths like/health/metrics,/health/:serviceName)GET /metrics(Prometheus endpoint)POST /api/credentials/validate(read-only key validation)GET /api/setup-token(localhost-only, onboarding token retrieval)
POST /api/credentials is not auth-exempt. It requires either a valid Authorization: Bearer <key> header (when AGTOS_API_KEY is set) or a valid X-Setup-Token header (30-minute TTL token from GET /api/setup-token, used during onboarding).Rate Limiting
All API endpoints are rate-limited using a token bucket algorithm.Default Limits
Rate Limit Headers
Included on all API responses:429 Too Many Requests responses: