API And Events
AgentHub public contracts are split into REST APIs, WebSocket events, runtime adapter events, and IM integration events. This page describes the intended boundaries; complete OpenAPI specs, event schemas, and SDK packages are still in development.
Development status
This page is not a complete API reference. Hub / Edge APIs and event schemas are evolving with the implementation. Before public integration, use the OpenAPI specs, event docs, and release notes in the owning repositories.
Contract Layers
| Layer | Audience | Purpose | Status |
|---|---|---|---|
| Hub API | Web, Desktop, IM Gateway | Sessions, projects, devices, tasks, permissions, audit | In development |
| Edge API | Desktop, Hub, operator tools | Workspace, run lifecycle, runtime adapters, artifacts, diff, preview | In development |
| WebSocket Events | Web, Desktop, Hub | Run progress, message deltas, diff, approval, state changes | In development |
| Runtime Adapter Events | Edge internals | Normalized events for Claude Code, Codex, OpenCode, and custom runtimes | Contract shaped |
| IM Integration Events | Feishu/Lark Gateway | Message events, card actions, binding state | In development |
The owning source for protocol details is the AgentHub repository api/ directory. This public site keeps the reader-facing map: what each layer is for, which side owns it, and what should not cross the boundary.
Stability Matrix
| Area | Current stability | You can rely on | Do not rely on |
|---|---|---|---|
| Public site health/stats | Live entry, fields follow implementation | Public pages, discovery files, low-risk health/status semantics | Private ops fields, admin routes, unauthorized audit |
| Hub client API | In development | TokenDance ID -> Hub session -> product authorization boundary | Paths or fields outside published OpenAPI |
| Edge loopback API | In development, usable for local preview | health, run, event, workspace allowlist, runtime profile semantics | Fixed port, fixed token transport, undeclared fields |
| WebSocket events | In development | event envelope, run lifecycle, error-code direction | Unversioned payload internals |
| Runtime adapter contract | Contract shaped | Normalized message/tool/diff/artifact/approval/failure semantics | Stable import path or third-party SDK submission process |
| Feishu/Lark events | In development | im.message.receive_v1, card.action.trigger, 3-second ack, async queue | Feishu OAuth as product login or full context in card payloads |
Last public verification date: 2026-06-09. If the AgentHub repository OpenAPI or event schema conflicts with this page, treat the owning repository schema as authoritative and update this page in the same pass.
Hub API
Hub API owns collaboration and permission boundaries. Typical resources include:
sessions: user sessions, Hub sessions, and low-risk personalization state.projects: team projects, workspace links, visibility, and membership.devices: Desktop / Edge device registration, presence, and routing targets.tasks: work requests from Web, Desktop, or IM.runs: agent execution instances and run state.audit: important actions, approvals, failures, and authorization decisions.
Hub API should not expose model API keys, and Web clients must not bypass Hub to operate local workspaces directly.
Expected Hub API groups:
| Group | Typical paths | Notes |
|---|---|---|
| Authentication | /client/auth/* | TokenDance ID relying-party flow and Hub-local session issuance |
| Sessions | /client/sessions, /client/sessions/{id} | Web/Desktop collaboration state |
| Messages | /client/sessions/{id}/messages | User and agent conversation records |
| Agent tasks | /web/agent-tasks | Hub-owned task creation for Web and collaboration surfaces |
| Agent profiles | /client/agents, /client/sessions/{id}/agents | Runtime/profile inventory and per-session agent instances |
| Devices and targets | device registration, target routing endpoints | Used when Hub chooses which Edge may receive work |
| Audit and status | public stats, health, audit/event endpoints | Public stats can be exposed; sensitive audit stays authorized |
Public examples should use placeholder hosts and tokens. Do not copy production admin keys, JWTs, or private callback payloads into docs.
The minimum request shape looks like this. Paths and fields remain in preview until the public OpenAPI is stable:
GET /client/sessions HTTP/1.1
Host: hub.example.invalid
Authorization: Bearer <agenthub_session_token>
Accept: application/json
{
"items": [
{
"id": "session_123",
"projectId": "project_123",
"title": "Local review",
"state": "active",
"updatedAt": "2026-06-09T00:00:00Z"
}
],
"nextCursor": null
}
Edge API
Edge API owns the local execution boundary. Typical capabilities include:
- list and select workspaces;
- start, cancel, and inspect runs;
- read run events, artifacts, diffs, and previews;
- manage runtime adapter presets;
- perform local health checks.
Edge sits close to the filesystem and process boundary, so it should default to conservative behavior: least privilege, workspace allowlist, explicit approval, and auditable events.
Expected Local Edge groups:
| Group | Typical paths | Notes |
|---|---|---|
| Health | /health, /v1/health | Confirms process, runtime, and local readiness |
| Runtime inventory | /v1/agents, /v1/runners | Lists real runtime adapters and compatibility runner presets |
| Runs | /v1/runs, /v1/runs/{id} | Starts and inspects local execution |
| Events | /v1/events | WebSocket stream for run events and replay |
| Permissions | /v1/permissions/decide | Local approval bridge for runtime actions |
| Artifacts and previews | run artifact, diff, file, preview endpoints | Local-only, workspace-scoped data |
Browser WebSocket clients cannot reliably set custom headers, so a local Edge token may be passed during WebSocket upgrade using a query parameter. This protects only the loopback Edge process; Hub/Remote/Cloud routing still requires Hub-issued sessions, target authorization, and audit.
Preview example for creating a Local Edge run:
POST /v1/runs HTTP/1.1
Host: 127.0.0.1:3210
Content-Type: application/json
Authorization: Bearer <local_edge_token>
{
"workspace": "workspace_123",
"agentId": "codex-local",
"input": {
"text": "Review README and suggest one documentation improvement."
},
"mode": "read_only"
}
Example WebSocket event stream:
ws://127.0.0.1:3210/v1/events?runId=run_123&token=<local_edge_token>
WebSocket Events
WebSocket events stream execution progress to Desktop/Web:
| Event | Meaning |
|---|---|
run.started | Run created and started |
run.message.delta | Agent message delta |
run.tool.call | Agent requested a tool call |
run.tool.result | Tool call result |
run.diff.ready | Reviewable diff generated |
run.artifact.ready | File, report, or preview artifact available |
run.approval.requested | User confirmation required |
run.completed | Run completed |
run.failed | Run failed |
Fields should remain versionable. Clients must not depend on undeclared internal fields.
Event Vocabulary
Use this vocabulary across API docs, runtime adapters, Desktop/Web rendering, search terms, and release notes. Do not mix bare names such as message.delta with run-scoped names.
| Family | Canonical names | Notes |
|---|---|---|
| Lifecycle | run.created, run.started, run.completed, run.failed, run.cancelled | Drives timeline state and terminal status |
| Message | run.message.delta, run.message.completed | Streams assistant/user-visible transcript text |
| Tool | run.tool.call, run.tool.result | Describes normalized runtime tool activity |
| File and diff | run.file.read, run.file.changed, run.diff.ready, run.patch.proposed | Paths must be relative to the allowed workspace |
| Artifact and preview | run.artifact.ready, run.preview.ready | Links generated reports, screenshots, previews, or docs |
| Approval | run.approval.requested, run.approval.resolved | Pauses risky write, shell, network, publish, or deploy actions |
| Runtime failure | runtime.unavailable, runtime.timeout, schema.validation_failed | Stable failure codes for triage and UI recovery |
| Integration | integration.message.received, integration.card.action, identity.binding.required | Gateway-to-Hub normalized events; raw Feishu/Lark names stay in gateway logs |
Event Envelope
Every event should be easy for Desktop/Web to render and easy for audit code to store. Keep a stable envelope and version the payload:
| Field | Meaning |
|---|---|
id | Stable event id or sequence-backed id |
seq | Monotonic sequence within a stream where available |
type | Event type, for example run.tool.call |
runId | Run that produced the event |
sessionId | Hub session or local thread when applicable |
agentId | Runtime adapter or Hub agent instance when known |
createdAt | Timestamp generated by the owning service |
payload | Versionable event-specific body |
Recommended client behavior:
- ignore unknown event types while preserving them in logs;
- deduplicate by
idorseq; - render partial events as progressive state, not final truth;
- keep raw event details out of public screenshots when they contain paths, prompts, or model output that should stay private.
Example event:
{
"id": "evt_001",
"seq": 1,
"type": "run.tool.call",
"runId": "run_123",
"sessionId": "session_123",
"agentId": "codex-local",
"createdAt": "2026-06-09T00:00:00Z",
"payload": {
"tool": "read_file",
"label": "Read README",
"status": "started"
}
}
Runtime Adapter Events
Runtime adapters normalize CLI/runtime output. Claude Code NDJSON, Codex JSONL/event streams, and OpenCode JSON events should all become AgentHub events.
An adapter should at least express:
- run start, completion, and failure;
- model messages and deltas;
- tool calls and tool results;
- file changes, diffs, and artifacts;
- states that require approval or additional input.
Runtime adapter events should use the run-scoped vocabulary above when describing runtime output: text deltas, tool calls, tool results, file changes, permission requests, session initialization, and final results. Adapter-specific raw messages may be attached for debugging only when they do not expose secrets.
IM Integration Events
Feishu/Lark integration events are handled by Integration Gateway and converted into Hub tasks or actions. Current focus:
im.message.receive_v1: direct message or group @mention to the bot.card.action.trigger: interactive card action callback.- TokenDance ID binding state updates.
These events must be acknowledged quickly, slow work must be queued asynchronously, and secrets or full workspace context must not be placed in card payloads.
Error Shape
REST APIs should return a predictable error shape so Web/Desktop can show recoverable failures without parsing logs:
| Field | Meaning |
|---|---|
code | Stable machine-readable error code |
message | Short user-facing message |
requestId | Correlation id for logs and support |
details | Optional structured details safe for the caller |
Use specific codes for expected states: invalid agent id, unauthorized target, workspace outside allowlist, permission denied, runtime unavailable, timeout, cancellation, and schema validation failure.
Recommended error codes:
| Code | HTTP | Scenario |
|---|---|---|
invalid_agent_id | 400 | Requested agent/profile does not exist |
unauthorized_target | 403 | Hub does not allow this session to route to the target Edge |
workspace_outside_allowlist | 403 | Workspace is outside the Edge allowlist |
permission_denied | 403 | User or policy denied write, shell, network, or another action |
runtime_unavailable | 503 | Runtime CLI is missing, unauthenticated, or adapter is unavailable |
run_timeout | 504 | Run exceeded the configured timeout |
run_cancelled | 409 | Run was cancelled by the user or system |
schema_validation_failed | 422 | Request or event payload failed schema validation |
Authorization Matrix
The contract should make the authorization boundary explicit before a handler starts work.
| Action | Required authority | Rejection should look like |
|---|---|---|
| Read public docs/status | Public site | Static 404 or public-safe error |
| Open Hub Web session | TokenDance ID subject + Hub product session | unauthorized or login redirect boundary |
| Read project/session/task | Hub project membership | permission_denied with request id |
| Route a task to an Edge | Hub target authorization + Edge presence | unauthorized_target or target_offline |
| Read workspace file preview | Edge workspace allowlist + product authorization when remote | workspace_outside_allowlist |
| Start a runtime run | Edge policy + runtime profile availability | runtime_unavailable or permission_denied |
| Apply file writes or shell commands | Explicit user approval or policy grant | approval_rejected or permission_denied |
| Create Feishu/Lark task | Verified Integration Gateway event + TokenDance ID binding | binding_required or permission_denied |
Do not reuse TokenDance API keys for these product actions. TokenDance API keys authenticate model API calls through TokenDance Gateway; AgentHub product actions require TokenDance ID and Hub/Edge authorization.
Pagination And Idempotency
Hub APIs that list sessions, projects, tasks, runs, audit events, or messages should support cursor pagination. Public docs should not promise offset pagination unless the owning OpenAPI says so.
Recommended list shape:
{
"items": [],
"nextCursor": null,
"requestId": "req_123"
}
Write endpoints that can be retried by Web, Desktop, Hub, or Integration Gateway should accept an idempotency key, or derive one from the upstream event id. This matters most for IM card actions, task creation, run creation, approval actions, and artifact publication.
Compatibility Checklist
Before treating an API or event group as stable, verify:
- English and Chinese docs describe the same status and boundary.
- OpenAPI or event schema exists in the owning AgentHub repository.
- Desktop/Web render unknown fields safely.
- Error codes cover unauthorized target, workspace allowlist, runtime unavailable, timeout, cancellation, and schema validation.
- Request and event examples use placeholder hosts, placeholder tokens, and redacted paths.
- Search index, sidebar TOC,
llms.txt, sitemap, FAQ, and changelog mention the contract where relevant.
Security Boundary
- TokenDance ID authenticates the user; Hub issues and validates AgentHub product sessions.
- TokenDance API keys authenticate model API calls. They are not AgentHub browser login credentials.
- Web is Hub-only and must not call Local Edge directly.
- Desktop may call Local Edge on loopback for local execution.
- Edge may touch local files only inside allowlisted workspaces.
- Feishu/Lark events must resolve account binding through TokenDance ID before becoming Hub tasks.
Versioning
- REST APIs should be governed by OpenAPI.
- WebSocket events should have versionable schemas.
- Runtime adapter contract changes must be synchronized with Desktop/Web rendering and audit logic.
- Until a public SDK package is released, examples in docs are architectural guidance and do not promise stable import paths.
Schema Sources
Use this page as the public reading guide. For implementation work, consult these source-of-truth files in the AgentHub repository:
| Source | Purpose | Public link |
|---|---|---|
api/openapi.yaml | REST resource and schema contract | GitHub |
api/events.md | WebSocket and runtime event vocabulary | GitHub |
api/conventions.md | Naming, pagination, error, and compatibility conventions | GitHub |
edge-server/README.md | Local Edge runtime and loopback API boundary | GitHub |
app/desktop/README.md | Desktop-to-Edge expectations | GitHub |
app/web/README.md | Web-to-Hub expectations | GitHub |