Runtime composite — alignment + protection + capabilities in one call

curl --request GET \
  --url https://api.mnemom.ai/v1/agents/{agent_id}/state \
  --header 'Authorization: Bearer <token>'

{
  "alignment": {
    "card_version": "<string>",
    "agent_id": "<string>",
    "values": {
      "declared": [
        "<string>"
      ],
      "definitions": {},
      "conflicts_with": [
        "<string>"
      ]
    },
    "autonomy": {
      "bounded_actions": [
        "<string>"
      ],
      "escalation_triggers": [
        {
          "condition": "<string>",
          "reason": "<string>"
        }
      ],
      "forbidden_actions": [
        "<string>"
      ],
      "max_autonomous_value": {
        "amount": 123,
        "currency": "<string>"
      }
    },
    "audit": {
      "retention_days": 123,
      "queryable": true,
      "trace_format": "<string>",
      "query_endpoint": "<string>",
      "storage": {
        "location": "<string>"
      }
    },
    "card_id": "<string>",
    "issued_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "principal": {
      "identifier": "<string>",
      "escalation_contact": "<string>"
    },
    "conscience": {
      "values": [
        {
          "content": "<string>",
          "id": "<string>"
        }
      ]
    },
    "integrity": {},
    "capabilities": {},
    "enforcement": {
      "forbidden_tools": [
        {
          "pattern": "<string>",
          "reason": "<string>"
        }
      ],
      "fail_open": true,
      "grace_period_hours": 123
    },
    "extensions": {},
    "_composition": {
      "canonical_id": "<string>",
      "composed_at": "2023-11-07T05:31:56Z",
      "scopes_applied": [
        {
          "scope": "<string>",
          "version": 123,
          "template_version": 123,
          "card_id": "<string>"
        }
      ],
      "exemptions_applied": [
        "<string>"
      ],
      "source_card_id": "<string>",
      "source_policy_id": "<string>"
    }
  },
  "protection": {
    "card_version": "<string>",
    "agent_id": "<string>",
    "thresholds": {
      "warn": 0.5,
      "quarantine": 0.5,
      "block": 0.5
    },
    "screen_surfaces": {
      "incoming": true,
      "outgoing": true,
      "tool_calls": true,
      "tool_responses": true
    },
    "trusted_sources": {
      "domains": [
        "<string>"
      ],
      "agent_ids": [
        "<string>"
      ],
      "ip_ranges": [
        "<string>"
      ]
    },
    "card_id": "<string>",
    "issued_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "extensions": {},
    "_composition": {
      "canonical_id": "<string>",
      "composed_at": "2023-11-07T05:31:56Z",
      "scopes_applied": [
        {
          "scope": "<string>",
          "version": 123,
          "template_version": 123,
          "card_id": "<string>"
        }
      ],
      "exemptions_applied": [
        "<string>"
      ],
      "source_card_id": "<string>",
      "source_policy_id": "<string>"
    }
  },
  "capabilities": [
    {
      "name": "<string>",
      "class": "<string>",
      "domain": "<string>",
      "grant_provenance": {
        "layer_id": "<string>",
        "kind": "<string>"
      },
      "display_name": "<string>",
      "description": "<string>",
      "schema": {},
      "source_connector": "<string>"
    }
  ],
  "content_hash": "<string>",
  "version": 2,
  "composed_at": "2023-11-07T05:31:56Z",
  "expires_at": "2023-11-07T05:31:56Z"
}

Agents

Runtime composite — alignment + protection + capabilities in one call

Returns the agent’s complete operational envelope as a single response: composed alignment card, composed protection card, and a capabilities[] array of full tool definitions (from the W1.1 tools registry — {name, class, domain, description, schema, source_connector, grant_provenance}, NOT bare name strings). SDK consumers (first-party SDKs, future Tier-1 customers, OSC instances) call this instead of assembling the envelope client-side. ETag-driven 304 short-circuit; Cache-Control: private, max-age=60. cards-as-primitive Phase 4 W2.3.

GET

agents

{agent_id}

state

Runtime composite — alignment + protection + capabilities in one call

curl --request GET \
  --url https://api.mnemom.ai/v1/agents/{agent_id}/state \
  --header 'Authorization: Bearer <token>'

{
  "alignment": {
    "card_version": "<string>",
    "agent_id": "<string>",
    "values": {
      "declared": [
        "<string>"
      ],
      "definitions": {},
      "conflicts_with": [
        "<string>"
      ]
    },
    "autonomy": {
      "bounded_actions": [
        "<string>"
      ],
      "escalation_triggers": [
        {
          "condition": "<string>",
          "reason": "<string>"
        }
      ],
      "forbidden_actions": [
        "<string>"
      ],
      "max_autonomous_value": {
        "amount": 123,
        "currency": "<string>"
      }
    },
    "audit": {
      "retention_days": 123,
      "queryable": true,
      "trace_format": "<string>",
      "query_endpoint": "<string>",
      "storage": {
        "location": "<string>"
      }
    },
    "card_id": "<string>",
    "issued_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "principal": {
      "identifier": "<string>",
      "escalation_contact": "<string>"
    },
    "conscience": {
      "values": [
        {
          "content": "<string>",
          "id": "<string>"
        }
      ]
    },
    "integrity": {},
    "capabilities": {},
    "enforcement": {
      "forbidden_tools": [
        {
          "pattern": "<string>",
          "reason": "<string>"
        }
      ],
      "fail_open": true,
      "grace_period_hours": 123
    },
    "extensions": {},
    "_composition": {
      "canonical_id": "<string>",
      "composed_at": "2023-11-07T05:31:56Z",
      "scopes_applied": [
        {
          "scope": "<string>",
          "version": 123,
          "template_version": 123,
          "card_id": "<string>"
        }
      ],
      "exemptions_applied": [
        "<string>"
      ],
      "source_card_id": "<string>",
      "source_policy_id": "<string>"
    }
  },
  "protection": {
    "card_version": "<string>",
    "agent_id": "<string>",
    "thresholds": {
      "warn": 0.5,
      "quarantine": 0.5,
      "block": 0.5
    },
    "screen_surfaces": {
      "incoming": true,
      "outgoing": true,
      "tool_calls": true,
      "tool_responses": true
    },
    "trusted_sources": {
      "domains": [
        "<string>"
      ],
      "agent_ids": [
        "<string>"
      ],
      "ip_ranges": [
        "<string>"
      ]
    },
    "card_id": "<string>",
    "issued_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "extensions": {},
    "_composition": {
      "canonical_id": "<string>",
      "composed_at": "2023-11-07T05:31:56Z",
      "scopes_applied": [
        {
          "scope": "<string>",
          "version": 123,
          "template_version": 123,
          "card_id": "<string>"
        }
      ],
      "exemptions_applied": [
        "<string>"
      ],
      "source_card_id": "<string>",
      "source_policy_id": "<string>"
    }
  },
  "capabilities": [
    {
      "name": "<string>",
      "class": "<string>",
      "domain": "<string>",
      "grant_provenance": {
        "layer_id": "<string>",
        "kind": "<string>"
      },
      "display_name": "<string>",
      "description": "<string>",
      "schema": {},
      "source_connector": "<string>"
    }
  ],
  "content_hash": "<string>",
  "version": 2,
  "composed_at": "2023-11-07T05:31:56Z",
  "expires_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization

string

header

required

Supabase JWT token in Authorization: Bearer header

Path Parameters

agent_id

string

required

Agent identifier (e.g. smolt-abc123)

Response

Runtime state envelope.

alignment

object

required

Unified alignment card (ADR-008). Authored in YAML or JSON; composed server-side with platform defaults, org template, and active exemptions before storage.

Show child attributes

protection

object

required

Unified protection card (ADR-037). Safe House thresholds + trusted-source policy for a single agent. Shape matches src/composition/types.ts::UnifiedProtectionCard (canonical) and what the runtime validator at src/composition/validate.ts accepts. The customer-facing docs at /concepts/protection-card and /specifications/protection-card-schema document this same shape.

Show child attributes

capabilities

object[]

required

Show child attributes

content_hash

string

required

Pattern: ^sha256:[0-9a-f]{64}$

version

integer

required

Required range: x >= 1

composed_at

string<date-time>

required

expires_at

string<date-time>

required

Update agent settings List trust edges from or to an agent

⌘I