API

VAP API Endpoints

The Verifier API includes endpoint groups for Verifiable Agent Pod features:

  • App Catalog (/v1/app-catalog) -- Browse, install, and uninstall apps (MCP servers, auditors, A2A agents, skills, runtimes) per agent. Backed by AppCatalogEntry and AgentInstalledApp models.
  • Console SSE (/v1/agents/{agent_id}/console/stream) -- Real-time Server-Sent Events for live agent logs, tool calls, model invocations, and auditor chain decisions.
  • Auditor Settings (/v1/auditors/settings, /v1/auditors/schema/{id}) -- CRUD for the three-tier settings cascade (org -> workspace -> agent) and schema introspection for auto-generating UI panels. Also available as the auditor_settings MCP tool.
  • Agent Credentials -- OAuth connect, revoke, rotate, and auto-refresh on 401. Per-user credential isolation for OBO contexts. Injection methods: sidecar (default), client_credentials (agent's own OAuth token), token_exchange (RFC 8693 composite token).
  • Agent Lifecycle -- Stale detection, access reviews, suspend/reactivate.
  • Agent Registration -- Identity creation with SPIFFE ID auto-provisioning (spiffe://lucid.ai/agent/{agent_id}), OAuth client registration on agent creation, startup handshake.
  • Token Exchange (POST /v1/token-exchange) -- RFC 8693 token exchange endpoint. Combines a user token (subject) and an agent SPIFFE-SVID (actor) into a composite delegation token with an act claim. Checks the Access Manifest account domain and active DelegationGrant before issuing.
  • Delegation Grants (/v1/agents/{agent_id}/delegations) -- CRUD for OBO delegation grants. GET lists active delegations, POST creates from consent approval, DELETE /{grant_id} revokes, GET /pending lists pending consent requests.
  • Approvals -- HITL approval flows, risk classification.
  • OBO -- On-Behalf-Of delegated access via RFC 8693 token exchange. Backed by the DelegationGrant model with TTL, scope, and revocation tracking. Consent flow requires explicit user approval. Access Manifest account domain governs allowed scopes, denied scopes, max delegation TTL, and consent requirements per service.
  • MCP Discovery -- Auto-discovery of MCP server auth requirements via RFC 9728 (Protected Resource Metadata) and auto-registration via RFC 7591 (Dynamic Client Registration) during the app install flow. Checks credential inheritance before DCR.
  • Scoped Tools (/v1/scoped-tools) -- Org- and workspace-level tool installations with enforcement modes (available, required, blocked). The /effective endpoint resolves the three-tier cascade (org → workspace → agent) with auth status for each tool.
  • Scoped Credentials (/v1/scoped-credentials) -- Org- and workspace-level credentials with sharing modes (inherit, enforce, isolated). The /effective endpoint resolves which credential an agent should use for a given service.
  • Auditor Registry -- Self-hosted auditor registration, health checks.
  • Model Registry -- Self-hosted model registration, remote attestation.

These endpoints are documented in the OpenAPI spec below.