Corvair CorvairKnowledge Substrate
Home / Docs / API & MCP guide
Developers

One governed surface, for people and agents.

The REST API is the contract for everything the substrate can do. People reach it through the apps; agents reach it directly under a scoped authority. A set of lean MCP servers is a thin, governed cover over the same API, generated from the OpenAPI contract so the two cannot drift. Around 275 operations span the knowledge lifecycle, now including the FrameGraph runtime, the template and deliverable system, and coverage, every one declaring a safety class and the personas allowed to call it.

Overview

The API is an HTTP/JSON interface, described by an OpenAPI 3.1 contract generated from the implementation, so the published spec always matches the running service. The MCP servers, the client libraries, and these docs all derive from that one contract.

Protocol
HTTPS, application/json request and response. OKF bundle exports return a binary archive (tar, zip, or json).
Base URL
Your deployment's host, for example https://{your-deployment}/…. The substrate is deployed in your environment or as a managed service, so there is no single shared hostname.
Path shape
Flat resource paths grouped by router, for example /query/{kb_id}, /recipe, /curate/{kb_id}/queue. Knowledge-base-bound routes carry {kb_id}.
Scope
Around 275 operations across the ten functional routers plus the control-plane, packaging, marketplace, vault, news, composites, audit, cases, and sync groups, and the FrameGraph, template, deliverable, cluster, coverage, config, and export groups.
Contract
OpenAPI 3.1, validated. Each operation carries its safety class and the personas permitted, surfaced as schema extensions.
Streaming
Server-sent events for streamed answers, a WebSocket channel for people, and HMAC-signed webhooks for agents.
verified_user
Persona, tenant and knowledge-base scoping, audit, preview-and-apply, and the Validity Warrant are all enforced at the API. The MCP cover and any client never re-implement governance, they inherit it.

Authentication & personas

The principal, persona, home tenant, and knowledge-base access are resolved once per request. There are three security schemes:

oidc
People sign in by OpenID Connect single sign-on against your own identity provider.
agentJwt
Agents present a scoped, revocable bearer JWT signed with the agent-token secret.
apiKey
Services present an API key in a header for machine-to-machine calls.

Token claims carry sub (principal id), kind (person or agent), persona, kb_access, and scopes. Access is relationship-based: a principal is a reader or steward of a specific base, checked per request after the tenant is resolved. Every knowledge-base-bound path is scoped by tenant and kb_id and is persona-gated.

Persona taxonomy

The personas used across the endpoint tables are business_user (application user), steward, admin, auditor (also written compliance), partner_author, and agent; some routes also use subscriber (an entitled pack or OKF consumer). Licensed framing, generation, and render operations additionally require the caller's tenant to be entitled to the framework or pack.

Agent tokens

Issue an agent token by posting an AgentTokenRequest with the agent_id, the kb_ids and scopes it may use, an authority matrix (per action class and autonomy bound), and a ttl_minutes (default 60). Tokens are listable, scope-editable, rotatable, and revocable. An agent only composes the operations its scopes allow, and an agent at a low autonomy level stages a change into the approval queue rather than committing it directly.

POST/auth/tokenIssue a scoped agent token
POST/auth/token/revokeRevoke a token
GET/auth/meResolve the current principal and persona
POST/auth/tokens/{token_id}/rotateRotate an agent token

Safety classes

Every operation declares one of five safety classes. A client, the MCP cover, and the apps all use the class to decide when to confirm, to preview, or to poll before acting.

ClassMeaning
read-onlyNo change. No confirmation or preview required.
previewComputes and returns an impact diff and a preview_token. Never mutates.
mutatingCommits a change. Decision-bearing changes go through preview then apply.
destructiveIrreversible or cascading. Requires a prior preview; a destructive call without one is refused.
jobAsynchronous work that returns a job id to poll or stream. Aspect generation, deliverable render, and document export run as jobs.

The class is carried on each operation in the OpenAPI schema and consumed by the cover, so a client knows when a confirmation step is mandatory.

Core mechanics

Idempotency

Mutations accept an Idempotency-Key header. A replay returns the original result; a replay with a different body returns request.idempotency_mismatch. The apply request also carries an idempotency_key field.

Preview then apply

Mutating and destructive actions that change a base run a preview that returns an ImpactDiff and a preview_token, then a separate apply that commits, writes provenance, and emits a warrant where the action is decision-bearing.

# 1. preview: see exactly what will change
POST /manipulate/{kb_id}/preview
  -> ImpactDiff { action, direct, cascade, risk_flags, reversible }
     + preview_token

# 2. apply: bind the commit to that preview
POST /manipulate/{kb_id}/apply
  { "preview_token": "...", "idempotency_key": "..." }

An apply whose preview has drifted returns CONFLICT and requires a fresh preview. The cascade respects the circuit breaker, so a runaway change is capped rather than committed.

Pagination

List endpoints are cursor-based. Send cursor and limit (maximum 200); receive { items, next_cursor, has_more }.

Real-time

People stream over a WebSocket at /ws/{kb_id}, authenticated on the upgrade handshake, receiving persona-filtered ChangeEvent objects (item, score, edge, job, curation, breaker) with replay-by-id across a reconnect. Agents receive the same events as HMAC-signed webhooks with a delivery log and retry. For answers, set stream on a query to receive server-sent events.

Common workflows

Ask a question and verify the answer

# ask: returns an AnswerEnvelope (answer + citation list)
POST /query/{kb_id}
  { "question": "What is our fair-lending control protocol?", "stream": false }

# inspect the reasoning and fetch the signed warrant
GET  /query/{kb_id}/trace/{answer_id}
GET  /query/{kb_id}/warrant/{answer_id}

Federate across several bases (your own, cross-tenant grants, and subscribed packs) with POST /query/federate; each base answers from its own governed content and the responses are composed with attribution.

Bring in and curate knowledge

# discover or upload sources, then watch the pipeline
POST /collect/{kb_id}/discover
POST /collect/{kb_id}/upload
GET  /catalog/{kb_id}/runs/{run_id}

# work the steward's queue; decisions are preview-then-apply
GET  /curate/{kb_id}/queue
POST /curate/{kb_id}/queue/{queue_id}/decision
POST /curate/{kb_id}/snapshot        # seal a point-in-time state
POST /curate/{kb_id}/swap            # atomic blue/green promotion

Author a base as code

POST /recipe                          # author
POST /recipe/{recipe_id}/validate
POST /recipe/{recipe_id}/compile      # preview the build
POST /recipe/{recipe_id}/hydrate      # gated build of the base

Frame a subject, read coverage, render a deliverable

# scout, set the coverage target, then generate the framed structure
POST /framegraph/{kb_id}/scout
POST /framegraph/{kb_id}/expected-questions
POST /framegraph/{kb_id}/generate                     # job: aspects + subsets

# read coverage, then render a warranted deliverable and export it
GET  /framegraph/{kb_id}/clusters/{cluster_id}/coverage
POST /deliverables/{deliverable_id}/render            # job
POST /export/{kb_id}                                  # job: the single export path
sync_alt
For portable export and round-trip import, see the OKF endpoints below and the knowledge-format page.

Endpoint reference

The ten functional routers, plus the platform and partner groups. Each row is representative, not exhaustive; the authoritative list is the OpenAPI contract. Personas and the safety class are declared on every operation.

auth sign-in & tokens

POST/auth/sso/callbackSSO callback
POST/auth/tokenIssue an agent token
GET/auth/tokensList tokens

recipe knowledge as code

POST/recipemutating Author a recipe
POST/recipe/{recipe_id}/compilepreview Compile to preview
POST/recipe/{recipe_id}/hydratemutating Build the base (gated)
POST/recipe/{recipe_id}/forkFork to a new base

collect discovery & ingestion

POST/collect/{kb_id}/discoverFind candidate sources
POST/collect/{kb_id}/uploadUpload a document
POST/collect/{kb_id}/importdestructive Replace-import
GET/collect/{kb_id}/sourcesList sources

catalog pipeline status

GET/catalog/{kb_id}/runs/{run_id}A pipeline run
GET/catalog/{kb_id}/progressLive progress
POST/catalog/{kb_id}/quarantine/{source_id}/decisionRelease or reject

substrate read-only views

GET/substrate/{kb_id}/mapTopic map
GET/substrate/{kb_id}/items/{item_id}An item
GET/substrate/{kb_id}/as-of/{date}As-of view
GET/substrate/{kb_id}/conflictsConflicts

query ask, search, research

POST/query/{kb_id}Ask (set stream for SSE)
GET/query/{kb_id}/warrant/{answer_id}Fetch the warrant
POST/query/{kb_id}/researchDeep research job
POST/query/federateFederated query

curate shape & maintain

GET/curate/{kb_id}/queueCuration queue
POST/curate/{kb_id}/retractdestructive Retract, with cascade
POST/curate/{kb_id}/swapAtomic blue/green swap
POST/curate/{kb_id}/conflicts/{conflict_id}/resolveResolve a conflict

manipulate what-if, preview/apply

POST/manipulate/{kb_id}/previewpreview Impact diff
POST/manipulate/{kb_id}/applymutating Commit a preview
POST/manipulate/{kb_id}/revertRevert

agents oversight & controls

GET/agents/{kb_id}/activityAgent activity
POST/agents/{kb_id}/approveApprove staged changes
POST/agents/{kb_id}/breakers/{breaker_id}/resetReset a circuit breaker

admin runs the platform, never content

GET/admin/workersWorker health
POST/admin/accessGrant access
GET/admin/usageUsage rollups
visibility_off
No /admin route returns knowledge content. The administrator runs the machinery; reading what a base knows is a steward or auditor capability, enforced at the API and in IAM.

Platform & partner groups

GroupPurposePersona
health/healthz, /readyz probesoperator
evalEvaluation sets and gated runssteward
tenantControl plane: tenants, grants, quotas, residencyoperator
packagingBuild, version, validate, publish virtual-expert packspartner_author
marketplaceBrowse and subscribe to packs (catalog only)admin
vaultA user's own files and saved resultsbusiness_user
newsMonitored news and the digestbusiness_user
compositesGroup several bases into one addressable basesteward
auditWarrants, crosswalks, replay, sampling, evidence packagescompliance
casesGaps, disputes, and help requestsbusiness_user
syncGeneric export and the OKF targetsteward, admin

Framing, deliverables & coverage

The FrameGraph runtime and the template system are first-class API surfaces, the same engine behind the Canvas in the app and the Browse and steward projections. A frame is applied over a topic graph; the result is a cached, navigable knowledge cluster (a Snap) with a coverage read; a deliverable renders a structured, warranted document from it. Licensed frameworks and templates run only for an entitled tenant, and the internal prompt bundle is never returned.

frames the catalogue, applied

GET/framesList frames of reference (metadata only)
GET/frames/{frame_id}Aspects, concept tags, schemas (no prompts)
POST/frames/{frame_id}/runmutating entitled. Run a frame against a seed

framegraph the runtime

GET/framegraph/frameworksUnified framework catalogue
GET/framegraph/conceptsThe 22 shared concepts and the subset catalogue
POST/framegraph/{kb_id}/scoutProfile a subject (stage 1)
POST/framegraph/{kb_id}/expected-questionsmutating Generate and save the coverage target
POST/framegraph/{kb_id}/generatejob entitled. Generate aspects and their subsets
POST/framegraph/{kb_id}/synthesizeAll-aspect synthesis pass
POST/framegraph/{kb_id}/infer-edgesRelationship inference (graph edges)
POST/framegraph/{kb_id}/projectReproject the cached cluster onto another framework

clusters Snaps & coverage

GET/framegraph/{kb_id}/clustersList knowledge clusters (Snaps)
POST/framegraph/{kb_id}/clustersmutating Create or save a cluster (Snap)
GET/framegraph/{kb_id}/clusters/{cluster_id}Read a cluster: entities, relationships, timeline, sets, coverage
GET/framegraph/{kb_id}/clusters/{cluster_id}/coverageCoverage read: expected questions answered against open, with the coverage_gaps routed to the gap agent

deliverables structured, warranted outputs

GET/deliverablesList deliverable action templates
GET/deliverables/{deliverable_id}Outline, guideline link, rubric, exec-summary coverage
POST/deliverables/{deliverable_id}/renderjob entitled. Render a deliverable from a framed structure

config & export

GET/framegraph/{kb_id}/configEffective FrameGraph configuration for the caller
PUT/framegraph/{kb_id}/config/overridesmutating Caller overrides, within steward limits
PUT/admin/{kb_id}/framegraph/configmutating steward. Set defaults, limits, and locks
POST/export/{kb_id}job The single server-side document export path (UI, agents, mobile)
verified_user
A rendered deliverable is warrantable: its Validity Warrant records the frame and template ids and versions, the rubric id and score, and the premise chain with trust tiers. The coverage report is itself a deliverable, produced through the same render job.

OKF endpoints

Export a source, a collection, or a whole base as a portable OKF bundle, and import external OKF directly. These live on cks-sync and are entitlement-aware: a non-entitled caller receives source metadata only on licensed content, and a licensed bundle returns 402 to a caller without the entitlement.

MethodPathPurpose
GET/sync/{kb}/okf/manifestList the OKF bundles in a base (entitlement-aware)
GET/sync/{kb}/okf/sources/{source_id}Export a source bundle (format = tar / zip / json)
GET/sync/{kb}/okf/collections/{collection_id}Export a collection bundle
GET/sync/{kb}/okf/bundleExport the whole base (entitlement-filtered)
POST/sync/{kb}/okf/import/previewPreview a round-trip import (impact diff + token)
POST/sync/{kb}/okf/importApply an import (returns 202, load enqueued)
POST/okf/validateOKF v0.1 conformance check

Import is preview-then-apply and mutating. Conformance is checked against the declared okf_version; a newer minor version is a warning, not a rejection, and CKS hard-rejects only on structural non-conformance (unparseable frontmatter or a missing type).

The MCP cover

The MCP surface is a curated subset of the API exposed as governed tools, decomposed into eight lean servers so a client loads only the short tool list it needs. The tools are generated from the OpenAPI contract (one tool per operation, named {group}_{action}), so the agent surface cannot silently widen. Persona is checked on connection and again per call; every tool carries tenant and knowledge-base context; and each tool's safety class tells the client when to confirm, preview, or poll first.

travel_explore

cks-explore

Read and ask, all personas, read-only. query_ask, query_trace, query_warrant_get, query_federate, substrate_map, query_search, news_list.

menu_book

cks-recipe

Knowledge as code, steward. recipe_create, recipe_validate, recipe_compile, recipe_fork, recipe_hydrate, recipe_publish.

tune

cks-curate

Shape and maintain a base, steward and agent. The collect, curate, and manipulate verbs plus typed actions, including the destructive curate_retract that requires a prior curate_preview.

smart_toy

cks-agents

Oversight and approvals, steward and admin. agents_activity, agents_queue, agents_approve, agents_item_history.

inventory_2

cks-packaging

Build and publish virtual-expert packs, partner. packaging_pack_build, packaging_version, packaging_validate, packaging_publish.

storefront

cks-catalog

Discover and subscribe to packs, tenant admin. catalog_browse, catalog_get, catalog_subscribe, and the destructive catalog_unsubscribe.

hub

cks-frames

Frames, deliverables, and the FrameGraph runtime; all personas, entitlement-gated. frames_run, deliverables_render, framegraph_scout, framegraph_generate, framegraph_project, cluster_get, cluster_coverage, export_document. Licensed frameworks run, render, and generate only for an entitled tenant; the prompt bundle is never exposed.

sync_alt

cks-sync

Export and sync with generic targets, steward and admin. sync_export, sync_pull, sync_push, the vault tools, and the OKF tools (okf.export_source, okf.export_kb, okf.import_preview, okf.import_apply, okf.validate).

block

API-only by design

The tenant control plane, platform operations, agent-control and breaker configuration, admin pack import and promote, the eval run, health probes, and the auditor's assurance reads and exports stay off MCP. An operator console uses the API directly.

Errors & limits

Errors share one structured shape: { code, message, request_id, details? }, with namespaced codes. Every response carries a request_id for correlation.

CodeWhen
auth.unauthenticatedMissing or invalid token (401).
auth.kb_access_deniedThe principal has no access to that base (403).
request.validationThe request body failed validation.
request.idempotency_mismatchA replayed key with a different body.
mutation.preview_requiredA destructive action attempted without a preview.
agent.breaker_openA circuit breaker capped a cascading change.
upstream.timeoutA dependency did not respond in time.

Common HTTP statuses: 202 (import accepted and enqueued), 204 (revoke or delete), 402 (not entitled to licensed content), 404 (not found), 409 (a drifted preview), and 503 (/readyz when a dependency is not ready).

Quotas and spend

Rather than a fixed request-rate ceiling, control is per tenant and persona: tenant quotas on knowledge bases, storage, daily tokens, and seats; usage metering and per-user reporting against included limits; spend budgets with circuit breakers; and agent-action breakers. Exceeding a quota throttles or refuses with a clear error rather than silently degrading a neighbour. The pagination limit is capped at 200.