Resolve credential env map for a session
Called by the host daemon at session spawn to obtain the merged environment variable map for the agent. The `orgId` in the body must match the authenticated org (cross-tenant guard). Audit event emitted asynchronously (does not include secret values).
Authorization
rsk_Bearer Rensei API key. Format: rsk_live_<random>. Generated in Settings or via POST /api/org/{orgId}/keys. Used by CLI (af), daemon, and programmatic integrations.
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://example.com/api/daemon/credentials/snapshot" \ -H "Content-Type: application/json" \ -d '{ "orgId": "string", "sessionId": "string" }'{
"env": {
"property1": "string",
"property2": "string"
},
"refreshUntil": "2019-08-24T14:15:22Z"
}{
"error": "Session not found"
}{
"error": "Session not found"
}{
"error": "Session not found"
}{
"error": "Session not found"
}Ingest batched interview token-delta frames
Used by the interview runner to relay streamed assistant token deltas to the browser. Frames are batched (≤100ms or 20 tokens per flush) and published to `interviewTokenChannel(interviewId)` via Redis pub/sub, where `GET /api/interview/[id]/stream` picks them up for SSE re-delivery to the browser. Auth mirrors `/api/sessions/{id}/activity` (worker runtime JWT).
SSE stream for credential rotation events
Server-Sent Events stream. Emits `UPDATE` events when an upstream OAuth rotation occurs for the session's credentials. Keyed by `sessionId` query parameter.