Authentication
All requests authenticate with a Bearer token:
Authorization: Bearer cisora_live_...
Get a key at Settings → API Keys.
POST
/api/agent/eventsauth: Bearer (API key)Bulk ingest one or more agent actions. Up to 500 events per request.
Request
{
"events": [
{
"agent_name": "customer-support-bot",
"action_type": "tool_call",
"tool_name": "send_email",
"inputs": { "to": "alice@example.com" },
"outputs": { "id": "msg_123" },
"duration_ms": 142,
"cost_usd": 0.0,
"metadata": { "recipient": "alice@example.com" }
}
]
}Response
{ "ok": true, "inserted": 1, "errors": [] }POST
/api/agent/checkauth: Bearer (API key)Synchronous policy decision. Returns a decision in <50ms p99.
Request
{
"agent_name": "customer-support-bot",
"action_type": "tool_call",
"tool_name": "database_write",
"metadata": { "table": "users", "field": "email" }
}Response
{
"decision": "block",
"reason": "policy",
"policy_id": "uuid-...",
"policy_name": "no-pii-writes"
}GET
/api/agent/inventoryauth: session cookieList all agents discovered for your org.
Response
{
"ok": true,
"agents": [
{ "id": "uuid", "name": "customer-support-bot", "agent_type": "claude", "risk_score": 42, "last_seen_at": "..." }
]
}GET
/api/agent/actions?agent_id=...&decision=...&limit=100&before=...auth: session cookieQuery agent actions with filters and pagination.
GET / POST / PUT / DELETE
/api/policiesauth: session cookieCRUD for policies. Body shape matches the Policy DSL (see /docs/policies).
POST
/api/agent/incidents/detectauth: session cookieManually trigger the anomaly detector for the current org. (Cron runs every 5 minutes regardless.)