API Reference
Safe House
Agents
Traces
Integrity
Checkpoints
Enforcement
Agent Containment
Conscience Values
Unified cards
AIP Webhooks
Auth
- GETGet authenticated user info and linked agents
- DELDelete authenticated user account and unlink agents
- GETCheck if email domain has SSO enabled
- POSTSign up with email + password
- POSTSign in with email + password
- POSTSign out and clear session cookies
- GETCookie-aware whoami
- POSTCLI password login — returns bearer tokens
- POSTCLI token refresh
- POSTExchange a cookie session for raw Supabase tokens
- POSTIssue a challenge for a TOTP factor
- POSTComplete MFA step-up or enrollment
- GETList the current user's TOTP factors
- POSTEnroll a new TOTP factor
- POSTUnenroll a TOTP factor
- POSTRequest a password reset email
- POSTResend email confirmation
- GETEmail-link landing (confirm / recovery / magic link)
- POSTBegin an SSO login flow
- GETIdP callback landing
- POSTBegin passkey enrollment — return WebAuthn creation options
- POSTVerify passkey registration + persist the credential
- POSTBegin passkey sign-in — return WebAuthn assertion options
- POSTVerify passkey assertion and issue a session
- GETList enrolled passkeys
- DELRemove an enrolled passkey
Billing
- POSTCreate Stripe checkout session
- POSTCreate Stripe billing portal session
- GETGet current subscription details
- POSTCancel subscription at period end
- POSTReactivate a subscription scheduled for cancellation
- POSTChange subscription plan
- GETList invoices
- GETGet authenticated user billing summary
- GETGet plan feature flags for authenticated user
- GETGet usage metrics for current user
- GETGet per-agent usage breakdown
- GETGet budget alert settings
- PUTSet budget alert threshold
- GETExport usage data as CSV
- POSTValidate a promo code
- POSTSubmit enterprise contact form
- GETList public pricing plans
- POSTCreate a personal API key
- GETList active API keys
- DELRevoke an API key
- POSTRotate a personal API key
Organizations
- POSTCreate organization
- GETList organizations for authenticated user
- GETGet organization details
- PATCHUpdate organization
- DELDelete organization (owner only)
- GETList organization members
- PATCHUpdate member role (owner only)
- DELRemove member or self-leave
- POSTInvite member to organization
- GETList pending invitations
- DELRevoke a pending invitation
- POSTAccept an organization invitation
- GETList agents in organization
- POSTCreate organization API key
- GETList organization API keys
- DELRevoke organization API key
- POSTRotate an organization API key
- GETGet SSO configuration for organization
- PUTConfigure SAML SSO for organization (owner only)
- DELRemove SSO configuration (owner only)
- POSTTest SSO metadata URL validity
- POSTEnable Safe House for an organization
- GETGet organization alignment template
- PUTSet organization alignment template
- DELDelete organization alignment template
- GETGet organization protection template
- PUTSet organization protection template
- DELDelete organization protection template
- GETGet organization usage
- GETGet organization cost rollup
- GETGet billing summary
- POSTOpen the Stripe Customer Portal
- GETRead the audit log
Teams
- Teams API
- POSTCreate a team
- GETGet team by ID
- PATCHUpdate team
- DELArchive team
- POSTAdd members to team
- DELRemove member from team
- GETGet team roster history
- GETList teams in organization
- GETGet team alignment card
- PUTSet team alignment card
- POSTDerive team card from member cards
- GETGet team card version history
Team Reputation
Webhook Notifications
Licensing
Verification
Reclassification
Reputation
Evaluate policy against historical traces
curl --request POST \
--url https://api.mnemom.ai/v1/policies/evaluate/historical \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"policy": {
"meta": {
"schema_version": "<string>",
"name": "<string>",
"description": "<string>",
"scope": "agent"
},
"capability_mappings": {},
"forbidden": [
{
"pattern": "<string>",
"reason": "<string>",
"severity": "high"
}
],
"escalation_triggers": [
{
"condition": "<string>",
"action": "notify",
"reason": "<string>"
}
],
"defaults": {
"unmapped_tool_action": "warn",
"unmapped_severity": "medium",
"fail_open": false,
"enforcement_mode": "observe",
"grace_period_hours": 0
}
},
"agent_id": "<string>",
"from": "2023-11-07T05:31:56Z",
"to": "2023-11-07T05:31:56Z",
"limit": 100
}
'{
"evaluation": {
"verdict": "pass",
"violations": [
{
"type": "forbidden",
"tool": "<string>",
"capability": "<string>",
"rule": "<string>",
"reason": "<string>",
"severity": "low"
}
],
"warnings": [
{
"tool": "<string>",
"message": "<string>"
}
],
"card_gaps": [
{
"capability": "<string>",
"missing_card_field": "<string>",
"suggestion": "<string>"
}
],
"coverage": 0.5
},
"traces_evaluated": 123,
"time_range": {
"from": "2023-11-07T05:31:56Z",
"to": "2023-11-07T05:31:56Z"
}
}Policy
Evaluate policy against history
Evaluate a CLPI policy against historical AIP traces for an agent. Replays past tool invocations through the policy to identify what would have been blocked, escalated, or flagged. Useful for understanding the impact of a policy change before rolling it out.
POST
/
policies
/
evaluate
/
historical
Evaluate policy against historical traces
curl --request POST \
--url https://api.mnemom.ai/v1/policies/evaluate/historical \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"policy": {
"meta": {
"schema_version": "<string>",
"name": "<string>",
"description": "<string>",
"scope": "agent"
},
"capability_mappings": {},
"forbidden": [
{
"pattern": "<string>",
"reason": "<string>",
"severity": "high"
}
],
"escalation_triggers": [
{
"condition": "<string>",
"action": "notify",
"reason": "<string>"
}
],
"defaults": {
"unmapped_tool_action": "warn",
"unmapped_severity": "medium",
"fail_open": false,
"enforcement_mode": "observe",
"grace_period_hours": 0
}
},
"agent_id": "<string>",
"from": "2023-11-07T05:31:56Z",
"to": "2023-11-07T05:31:56Z",
"limit": 100
}
'{
"evaluation": {
"verdict": "pass",
"violations": [
{
"type": "forbidden",
"tool": "<string>",
"capability": "<string>",
"rule": "<string>",
"reason": "<string>",
"severity": "low"
}
],
"warnings": [
{
"tool": "<string>",
"message": "<string>"
}
],
"card_gaps": [
{
"capability": "<string>",
"missing_card_field": "<string>",
"suggestion": "<string>"
}
],
"coverage": 0.5
},
"traces_evaluated": 123,
"time_range": {
"from": "2023-11-07T05:31:56Z",
"to": "2023-11-07T05:31:56Z"
}
}Authorizations
BearerAuthApiKeyAuth
Supabase JWT token in Authorization: Bearer header
Body
application/json
A complete CLPI policy document defining capability mappings, forbidden tools, escalation triggers, and enforcement defaults.
Show child attributes
Show child attributes
Agent whose historical traces will be evaluated
Start of time range for historical traces
End of time range for historical traces
Maximum number of traces to evaluate
⌘I