API Reference

One page per operation, grouped by tag. Each page renders the request/response schemas from openapi/rensei-api.yaml plus an interactive playground. For prose guides (auth modes, webhook signing, the worker protocol lifecycle), start from the API overview.

Worker Protocol

Endpoints used by the af / rensei-tui daemon to register workers, heartbeat, poll for queued work, and report session lifecycle events. Auth: runtime JWT (Bearer eyJ…) on all post-registration calls.

• Daemon-native worker registration
• Daemon heartbeat (v1)
• AF-compatible worker registration
• Poll for queued work
• AF-compatible worker heartbeat
• Refresh expired runtime JWT
• Read session state
• FSM status transition
• Post agent activity (thought/action/response)
• Post completion summary
• Post milestone progress message
• Refresh issue lock TTL
• ACK inbox message (Redis XACK)
• Transfer session to another worker
• Report tool execution error
• Post security scan event
• Fetch latest recovery packet for crash resumption
• Generate and store a recovery packet for a crashed session
• Get full recovery chain history for a session
• Reserve file lock for a session
• Release specific file locks
• Release all file locks for a session
• Check file conflicts for a session
• Worker rejection of a pre-claimed session
• Update Linear agent session with external URLs
• Record a routing observation (MAB reward)
• Sample MAB router for provider selection
• Ingest batched interview token-delta frames
• Resolve credential env map for a session
• SSE stream for credential rotation events
• Trigger credential rotation fan-out
• List daemon mutation history for a host
• Enqueue a daemon-config mutation
• Cancel an undelivered daemon mutation
• Get queued session detail for cloud runners

Sessions ( Public)

Public session monitoring endpoints. Most require an rsk_ API key or session cookie (authenticatePublicRequest). The per-session prompt/stop actions accept the same auth.

• List enriched sessions for the authenticated org
• Get enriched session detail
• Send a prompt to a running session
• Stop a running session
• Get session activity time-series
• Real-time fleet statistics (org-scoped)
• MAB router performance posteriors and recent decisions
• Phase-level cycle time, cost, and rework aggregations

Authentication

OAuth 2.0 M2M token endpoint and API key management.

• Issue M2M access token (client_credentials)
• Mint a new rsk_ API key

A2 A

Agent-to-Agent discovery and dispatch listing. The .well-known routes are fully unauthenticated; the dispatch listing requires a session cookie.

• A2A peer-discovery AgentCard
• List registered A2A agents for the org
• Register a remote A2A agent
• Get a registered A2A agent
• Update agent trust level
• Delete a registered A2A agent
• Re-fetch AgentCard for an existing registration
• List A2A task dispatches for the authenticated org

Webhooks

Inbound webhook ingestion from Linear, GitHub, GitHub Actions, and Vercel. Authenticated by HMAC signature. Responds with an immediate 200 ACK; all processing is deferred via after().

• Inbound webhook from a provider

Audit

Tamper-evident audit log. The events endpoint requires an rsk_ key or session cookie. The .well-known/audit-keys JWKS is fully public.

• List tamper-evident audit events
• Per-workspace JWKS for audit signature verification

M C P

JSON-RPC 2.0 over HTTP POST. Exposes per-session workflow tools, A2A peer agents, and agent memory (recall/remember) to running agent subprocesses.

• Per-session MCP tool surface (JSON-RPC 2.0)