Rensei docs
API ReferenceWorker Protocol

Cancel an undelivered daemon mutation

Cancels a pending mutation before it is delivered to the daemon. Returns 409 if already delivered or terminal. Returns 404 if the mutation does not exist or does not belong to the caller's org. Once a heartbeat delivers the mutation, the only way to "undo" is to enqueue the inverse op (e.g. `project.remove` for a wrongly applied `project.add`).

DELETE
/api/daemon/mutations/{mutationId}

Authorization

rsk_Bearer
AuthorizationBearer <token>

Rensei API key. Format: rsk_live_<random>. Generated in Settings or via POST /api/org/{orgId}/keys. Used by CLI (af), daemon, and programmatic integrations.

In: header

Path Parameters

mutationId*string

Response Body

application/json

application/json

application/json

application/json

application/json

curl -X DELETE "https://example.com/api/daemon/mutations/string"
{
  "cancelled": true
}
{
  "error": "Session not found"
}
{
  "error": "Session not found"
}
{
  "error": "Session not found"
}
{
  "cancelled": false,
  "reason": "already_delivered"
}

Enqueue a daemon-config mutation

Enqueues a configuration mutation for delivery to a specific daemon host on its next heartbeat. Supported ops: - `project.add` - add project to daemon allowlist - `project.remove` - remove project from allowlist - `pool.deleted` - notify daemon of a deleted resource pool - `modelAccess.set` - write a machine-scoped model-access policy - `modelAccess.clear` - clear a workload-specific access policy Requires org admin/owner role. The cancel window closes as soon as the daemon's next heartbeat stamps `deliveredAt`.

Get queued session detail for cloud runners

Lets a cloud runner-in-box (e2b/modal/daytona) fetch its session detail from the platform rather than the local daemon control API (`127.0.0.1:7734/api/daemon/sessions/:id`), which does not exist inside a cloud sandbox. The provisioner stamps `DONMAI_DAEMON_URL=<platform-url>` into the box's env so `donmai agent run` fetches its detail here. Source of truth is the Redis `work:items` hash. The full payload is available **only while the session is still QUEUED** - it is deleted on claim. Auth: bearer worker token (runtime JWT or legacy `WORKER_API_KEY`). The response includes `authToken`, system prompts, repo URL, and org ID - not readable without authentication.