openapi: 3.1.0 info: title: Barndoor Platform API version: 1.0.0 description: 'REST API for the Barndoor Platform - manage MCP servers, OAuth connections, and proxy MCP requests. ## Authentication All endpoints require a JWT Bearer token obtained through Auth0 OAuth 2.0 flow with PKCE. The SDK handles the OAuth flow automatically using interactive login. ## MCP Integration The `/mcp/{mcp_server_name}` endpoints provide streaming proxy access to third-party MCP servers (Salesforce, Notion, Slack, etc.) with automatic authentication and session management. ' contact: name: Barndoor Support url: https://barndoor.ai servers: - url: https://{organization_id}.platform.barndoor.ai description: Trial (Production) variables: organization_id: description: Your organization identifier default: your-org - url: https://{organization_id}.mcp.barndoor.ai description: Enterprise (Production) variables: organization_id: description: Your organization identifier default: your-org - url: https://{organization_id}.platform.barndooruat.com description: Enterprise (Production) variables: organization_id: description: Your organization identifier default: your-org - url: https://{organization_id}.platform.barndoordev.com description: Enterprise (Production) variables: organization_id: description: Your organization identifier default: your-org security: - BearerAuth: [] tags: - name: Servers description: Manage MCP server instances - name: Connections description: Manage OAuth connections to MCP servers - name: Policies description: Manage access control policies for agents and servers - name: Agents description: Manage AI agent registrations - name: MCP Proxy description: Proxy requests to MCP servers paths: /api/agents/counts: get: tags: - Agents summary: Get Agent Counts description: Get counts of agents grouped by type (internal vs external). operationId: getAgentCounts responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/AgentCounts' /api/agents/{agent_id}: delete: tags: - Agents summary: Unregister Agent description: "Unregister an agent from Barndoor.\n\nThis removes the agent's registration but does not delete the underlying\ \ \napplication directory. The agent can be re-registered using the same \napplication_directory_id.\n" operationId: unregisterAgent parameters: - name: agent_id in: path required: true schema: type: string format: uuid title: Agent Id responses: '204': description: Successful Response '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' get: tags: - Agents summary: Get Agent description: Get details of a specific agent by ID, including its application directory configuration. operationId: getAgent parameters: - name: agent_id in: path required: true schema: type: string format: uuid title: Agent Id responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/AgentResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' /api/agents: get: tags: - Agents summary: List Agents description: List registered agents with pagination. operationId: listAgents parameters: - name: search in: query required: false schema: anyOf: - type: string - type: 'null' description: Search applications by name or description title: Search description: Search applications by name or description - name: agent_type in: query required: false schema: anyOf: - $ref: '#/components/schemas/AgentType' - type: 'null' description: Filter by agent type title: Agent Type description: Filter by agent type - name: page in: query required: false schema: type: integer minimum: 1 description: Page number (1-based) default: 1 title: Page description: Page number (1-based) - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 1 description: Number of items per page (max 100) default: 10 title: Limit description: Number of items per page (max 100) responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PaginationResponse_AgentResponse_' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' post: tags: - Agents summary: Register Agent description: 'Register a new agent with Barndoor. Agents represent AI applications that can access MCP servers through Barndoor. Each agent must be associated with an application directory (OAuth client configuration). ' operationId: registerAgent requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AgentPayload' responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/Agent' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' /api/servers/{server_id}/connection: delete: tags: - Connections summary: Delete Connection description: 'Delete the current user''s connection to this server. This will remove the connection record and clean up any stored OAuth credentials. The user will need to reconnect to use this server again. ' operationId: deleteConnection parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid example: 123e4567-e89b-12d3-a456-426614174000 responses: '204': description: Connection deleted successfully '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Connection not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' get: tags: - Connections summary: Get Connection Status description: 'Get the user''s connection status for a specific server. Used to poll connection status during OAuth flows. ' operationId: getConnectionStatus parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid example: 123e4567-e89b-12d3-a456-426614174000 responses: '200': description: Connection status content: application/json: schema: $ref: '#/components/schemas/ConnectionStatusResponse' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' /api/servers/{server_id}/connect: post: tags: - Connections summary: Initiate OAuth Connection description: 'Initiate OAuth connection flow for a server. Returns an authorization URL that the user should visit to complete the OAuth flow. The server must have OAuth configuration set up by an admin. ' operationId: initiateConnection parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid example: 123e4567-e89b-12d3-a456-426614174000 - name: return_url in: query required: false description: Optional return URL after OAuth completion schema: type: string format: uri example: https://myapp.com/oauth/callback requestBody: required: true content: application/json: schema: type: object properties: {} example: {} responses: '200': description: Connection initiation successful content: application/json: schema: $ref: '#/components/schemas/ConnectionInitiationResponse' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Server missing OAuth configuration or other error content: application/json: schema: $ref: '#/components/schemas/Error' example: error: OAuthConfigurationError message: Server is missing OAuth configuration. Ask an admin to configure credentials before initiating a connection. /mcp/{mcp_server_name}: get: tags: - MCP Proxy summary: MCP Server Proxy Endpoint description: 'Proxies MCP JSON-RPC requests to third-party servers with automatic authentication. This endpoint supports both regular HTTP requests and Server-Sent Events (SSE) streaming for real-time MCP protocol communication. ## Usage - **JSON-RPC**: Send MCP protocol requests as JSON - **SSE Streaming**: Use `Accept: text/event-stream` for real-time communication - **Session Management**: Include `x-mcp-session-id` header for session tracking ## Authentication Flow 1. User must first connect to the server via `/api/servers/{server_id}/connect` 2. Complete OAuth flow for the third-party service 3. Use this endpoint to proxy MCP requests with automatic credential injection ' operationId: proxyMcpRequest parameters: - name: mcp_server_name in: path required: true description: MCP server name identifier schema: type: string pattern: ^[a-z0-9-]+$ example: salesforce - name: x-mcp-session-id in: header required: false description: MCP session identifier for request tracking schema: type: string example: sess_1234567890abcdef requestBody: required: false description: MCP JSON-RPC request payload content: application/json: schema: type: object description: MCP JSON-RPC 2.0 request properties: jsonrpc: type: string enum: - '2.0' description: JSON-RPC version method: type: string description: MCP method name example: tools/list params: type: object description: Method parameters additionalProperties: true id: oneOf: - type: string - type: number description: Request identifier required: - jsonrpc - method example: jsonrpc: '2.0' method: tools/list params: {} id: 1 responses: '200': description: MCP response or SSE stream content: application/json: schema: type: object description: MCP JSON-RPC 2.0 response properties: jsonrpc: type: string enum: - '2.0' result: type: object description: Method result additionalProperties: true error: type: object description: Error object if method failed properties: code: type: integer message: type: string data: type: object additionalProperties: true id: oneOf: - type: string - type: number description: Request identifier required: - jsonrpc - id example: jsonrpc: '2.0' result: tools: - name: get_accounts description: Get Salesforce accounts parameters: type: object properties: limit: type: integer description: Maximum number of accounts id: 1 text/event-stream: schema: type: string description: 'Server-Sent Events stream for real-time MCP communication. Each event contains a JSON-RPC message with event metadata. Example events: ``` data: {"jsonrpc": "2.0", "method": "notifications/initialized", "params": {}} data: {"jsonrpc": "2.0", "result": {"tools": [...]}, "id": 1} ``` ' example: 'data: {"jsonrpc": "2.0", "method": "notifications/initialized", "params": {}} data: {"jsonrpc": "2.0", "result": {"tools": []}, "id": 1} ' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '403': description: Forbidden - server not connected or access denied content: application/json: schema: $ref: '#/components/schemas/Error' example: error: ServerNotConnected message: Server 'salesforce' is not connected. Please initiate connection first. '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' '502': description: Bad Gateway - upstream server error content: application/json: schema: $ref: '#/components/schemas/Error' example: error: UpstreamError message: Failed to connect to Salesforce API /api/v2/policies/{policy_id}/clone: post: summary: Clone Policy description: 'Clone an existing policy, creating a new policy with the same configuration but with a modified name (appending " Copy") and DRAFT status.' operationId: clone_policy_admin_v2_policies__policy_id__clone_post parameters: - name: policy_id in: path required: true schema: type: string title: Policy Id responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PolicyDetailResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/policy: post: summary: Publish Policy operationId: publish_cerbos_policy_admin_policy_post responses: '200': description: Successful Response content: application/json: schema: {} security: - HTTPBearer: [] /api/policies/restrictions/disable/{restriction_name}: put: summary: Disable Restriction operationId: disable_restriction_admin_policies_restrictions_disable__restriction_name__put parameters: - name: restriction_name in: path required: true schema: type: string title: Restriction Name - name: id in: query required: false schema: type: array items: type: string title: Id responses: '200': description: Successful Response content: application/json: schema: {} '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/policies/restrictions/enable/{restriction_name}: put: summary: Enable Restriction operationId: enable_restriction_admin_policies_restrictions_enable__restriction_name__put parameters: - name: restriction_name in: path required: true schema: type: string title: Restriction Name - name: id in: query required: false schema: type: array items: type: string title: Id responses: '200': description: Successful Response content: application/json: schema: {} '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/v2/policies/filter-definitions: get: summary: Get Filter Definitions description: 'Return filter categories for the policies list UI. Static filter options for status, plus dynamic filters for MCP servers and agents based on the organization''s registry.' operationId: get_filter_definitions_admin_v2_policies_filter_definitions_get responses: '200': description: Successful Response content: application/json: schema: items: $ref: '#/components/schemas/FilterCategory' type: array title: Response Get Filter Definitions Admin V2 Policies Filter Definitions Get security: - HTTPBearer: [] /api/v2/policies/summary: get: summary: Get Policies Summary description: Return summary counts of policies by status. operationId: get_policies_summary_admin_v2_policies_summary_get responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PolicySummaryResponse' security: - HTTPBearer: [] /api/v2/policies/{policy_id}: get: summary: Get Policy operationId: get_policy_admin_v2_policies__policy_id__get parameters: - name: policy_id in: path required: true schema: type: string format: uuid title: Policy Id responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PolicyDetailResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] patch: summary: Update Policy operationId: update_policy_admin_v2_policies__policy_id__patch parameters: - name: policy_id in: path required: true schema: type: string format: uuid title: Policy Id requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdatePolicy' responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PolicyDetailResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/v2/policies: get: summary: List Policies operationId: list_policies_admin_v2_policies_get parameters: - name: search in: query required: false schema: anyOf: - type: string - type: 'null' description: Search by policy ID, name, description, or support contact title: Search description: Search by policy ID, name, description, or support contact - name: status in: query required: false schema: anyOf: - items: type: string type: array - type: 'null' description: Filter by status values title: Status description: Filter by status values - name: mcp_server_id in: query required: false schema: anyOf: - items: type: string type: array - type: 'null' description: Filter by MCP server IDs title: Mcp Server Id description: Filter by MCP server IDs - name: agent_id in: query required: false schema: anyOf: - items: type: string type: array - type: 'null' description: Filter by agent/application IDs title: Agent Id description: Filter by agent/application IDs - name: page in: query required: false schema: type: integer minimum: 1 description: Page number (1-based) default: 1 title: Page description: Page number (1-based) - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 1 description: Number of items per page (max 100) default: 10 title: Limit description: Number of items per page (max 100) responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PaginationResponse_PolicySummary_' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/v2/policies/{policy_id}/revisions: get: summary: List Policy Revisions description: "List all revisions for a given policy with pagination.\n\nUses the same authorization as get_policy -\ \ if a user can read a policy,\nthey can view its revision history.\n\nArgs:\n changes_summary: Include human-readable\ \ change descriptions in response" operationId: list_policy_revisions_admin_v2_policies__policy_id__revisions_get parameters: - name: policy_id in: path required: true schema: type: string format: uuid title: Policy Id - name: changes_summary in: query required: false schema: type: boolean description: Include human-readable change descriptions in response default: false title: Changes Summary description: Include human-readable change descriptions in response - name: page in: query required: false schema: type: integer minimum: 1 description: Page number (1-based) default: 1 title: Page description: Page number (1-based) - name: limit in: query required: false schema: type: integer maximum: 100 minimum: 1 description: Number of items per page (max 100) default: 10 title: Limit description: Number of items per page (max 100) responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/PaginationResponse_PolicyRevisionSummary_' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/v2/policies/validate: post: summary: Validate Policy description: 'Validate a policy before creation or update. Checks for duplicate names and overlapping MCP server/agent combinations. When exclude_policy_id is provided (edit mode), that policy is excluded from validation.' operationId: validate_policy_admin_v2_policies_validate_post requestBody: content: application/json: schema: $ref: '#/components/schemas/ValidatePolicyRequest' required: true responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/ValidatePolicyResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - HTTPBearer: [] /api/servers: post: tags: - Servers summary: Create MCP Server description: 'Create a new MCP server instance from a server directory template. The server will be created in `pending` status until OAuth credentials are configured. If `client_id` and `client_secret` are provided, the server will be set to `active` status. ' operationId: createServer requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServerCreateRequest' responses: '200': description: Server created successfully content: application/json: schema: $ref: '#/components/schemas/ServerCreateResponse' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server directory template not found content: application/json: schema: $ref: '#/components/schemas/Error' '422': description: Validation error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' get: tags: - Servers summary: List MCP Servers description: 'List all MCP servers available to the caller''s organization. Returns paginated results with server details including connection status. ' operationId: listServers parameters: - name: page in: query required: false schema: type: integer minimum: 1 default: 1 description: Page number (1-based) - name: limit in: query required: false schema: type: integer minimum: 1 maximum: 100 default: 10 description: Number of items per page (max 100) - name: search in: query required: false schema: type: string description: Search servers by name or slug - name: status in: query required: false schema: type: string enum: - pending - active - error description: Filter by server status - name: connection_status in: query required: false schema: type: string enum: - available - pending - connected - error - not_connected description: Filter by connection status. `not_connected` expands to pending, error, and available. responses: '200': description: Paginated list of MCP servers content: application/json: schema: $ref: '#/components/schemas/PaginationResponse_ServerResponse_' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' /api/servers/{server_id}: delete: tags: - Servers summary: Delete MCP Server description: 'Delete an MCP server and all associated connections. This will: - Remove all user connections to this server - Clean up stored OAuth credentials - Delete the server configuration For custom server types, this will also delete the associated server directory. ' operationId: deleteServer parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid responses: '204': description: Server deleted successfully content: application/json: schema: $ref: '#/components/schemas/ServerDetail' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' get: tags: - Servers summary: Get Server Details description: 'Get detailed information about a specific MCP server. Returns extended information including MCP URL if available. ' operationId: getServer parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid example: 123e4567-e89b-12d3-a456-426614174000 responses: '200': description: Server details content: application/json: schema: $ref: '#/components/schemas/ServerDetail' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' put: tags: - Servers summary: Update MCP Server description: 'Update an existing MCP server''s configuration. You can update the name, slug, OAuth credentials, and metadata. If updating OAuth credentials, provide the actual values (not obfuscated). ' operationId: updateServer parameters: - name: server_id in: path required: true description: Server UUID schema: type: string format: uuid requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServerUpdateRequest' responses: '200': description: Server updated successfully content: application/json: schema: $ref: '#/components/schemas/ServerDetail' '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '409': description: Conflict - slug already in use content: application/json: schema: $ref: '#/components/schemas/Error' '422': description: Validation error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' /sse/{mcp_server_name}: get: tags: - MCP Proxy summary: SSE Server Proxy Endpoint description: 'Server-Sent Events proxy endpoint for real-time streaming communication with third-party servers. This endpoint provides dedicated SSE streaming capabilities separate from the MCP protocol, allowing for custom event streaming and real-time data flows. ## Usage - **SSE Streaming**: Optimized for `text/event-stream` communication - **Real-time Events**: Custom event types and data streaming - **Session Management**: Include `x-mcp-session-id` header for session tracking ## Authentication Flow 1. User must first connect to the server via `/api/servers/{server_id}/connect` 2. Complete OAuth flow for the third-party service 3. Use this endpoint for real-time event streaming with automatic credential injection ' operationId: proxySSERequest parameters: - name: mcp_server_name in: path required: true description: MCP server name identifier schema: type: string pattern: ^[a-z0-9-]+$ example: salesforce - name: x-mcp-session-id in: header required: false description: MCP session identifier for request tracking schema: type: string example: sess_1234567890abcdef requestBody: required: false description: Optional request payload for SSE initialization content: application/json: schema: type: object description: SSE initialization parameters properties: event_types: type: array items: type: string description: Types of events to subscribe to example: - data_update - status_change filters: type: object description: Event filtering parameters additionalProperties: true example: object_type: Account limit: 100 example: event_types: - data_update - status_change filters: object_type: Account limit: 100 responses: '200': description: SSE event stream content: text/event-stream: schema: type: string description: 'Server-Sent Events stream for real-time communication. Events follow the SSE format with optional event types and data payloads. Example events: ``` event: connected data: {"status": "ready", "timestamp": "2024-01-01T00:00:00Z"} event: data_update data: {"type": "Account", "id": "123", "changes": {...}} event: error data: {"error": "rate_limit", "message": "Rate limit exceeded"} ``` ' example: 'event: connected data: {"status": "ready", "timestamp": "2024-01-01T00:00:00Z"} event: data_update data: {"type": "Account", "id": "123", "name": "Acme Corp"} event: status_change data: {"status": "disconnected", "reason": "timeout"} ' application/json: schema: type: object description: Fallback JSON response if SSE not supported properties: status: type: string example: streaming_not_supported message: type: string example: Client does not support SSE, use /mcp endpoint instead '401': description: Unauthorized - invalid or missing JWT token content: application/json: schema: $ref: '#/components/schemas/Error' '403': description: Forbidden - server not connected or access denied content: application/json: schema: $ref: '#/components/schemas/Error' example: error: ServerNotConnected message: Server 'salesforce' is not connected. Please initiate connection first. '404': description: Server not found content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/Error' '502': description: Bad Gateway - upstream server error content: application/json: schema: $ref: '#/components/schemas/Error' example: error: UpstreamError message: Failed to connect to Salesforce streaming API components: schemas: AgentCounts: properties: all: type: integer title: All internal: type: integer title: Internal external: type: integer title: External type: object required: - all - internal - external title: AgentCounts HTTPValidationError: properties: detail: items: $ref: '#/components/schemas/ValidationError' type: array title: Detail type: object title: HTTPValidationError ValidationError: properties: loc: items: anyOf: - type: string - type: integer type: array title: Location msg: type: string title: Message type: type: string title: Error Type input: title: Input ctx: type: object title: Context type: object required: - loc - msg - type title: ValidationError AgentResponse: properties: id: type: string format: uuid title: Id created_at: type: string format: date-time title: Created At updated_at: type: string format: date-time title: Updated At organization_id: type: string format: uuid title: Organization Id application_directory_id: type: string format: uuid title: Agent Directory Id application_directory: $ref: '#/components/schemas/AgentDirectoryBase' agent_type: $ref: '#/components/schemas/AgentType' description: Determine agent type based on application directory properties. readOnly: true type: object required: - id - created_at - updated_at - organization_id - application_directory_id - application_directory - agent_type title: AgentResponse AgentDirectoryBase: properties: id: type: string format: uuid title: Id created_at: type: string format: date-time title: Created At updated_at: type: string format: date-time title: Updated At name: type: string title: Name description: anyOf: - type: string - type: 'null' title: Description organization_id: type: string format: uuid title: Organization Id external_id: anyOf: - type: string - type: 'null' title: External Id public: type: boolean title: Public dcr: type: boolean title: Dcr post_login_success: type: boolean title: Post Login Success callbacks: anyOf: - items: type: string type: array - type: 'null' title: Callbacks description: OAuth callback URLs stored in alphanumeric ascending order type: object required: - id - created_at - updated_at - name - description - organization_id - external_id - public - dcr - post_login_success - callbacks title: AgentDirectoryBase AgentType: type: string enum: - internal - external title: AgentType description: Agent type classification for applications. PaginationResponse_AgentResponse_: properties: data: items: $ref: '#/components/schemas/AgentResponse' type: array title: Data description: Array of items for current page pagination: $ref: '#/components/schemas/PaginationMeta' description: Pagination metadata type: object required: - data - pagination title: PaginationResponse[AgentResponse] PaginationMeta: properties: page: type: integer title: Page description: Current page number limit: type: integer title: Limit description: Items per page total: type: integer title: Total description: Total number of items pages: type: integer title: Pages description: Total number of pages previous_page: anyOf: - type: integer - type: 'null' title: Previous Page description: Previous page number (null if first page) next_page: anyOf: - type: integer - type: 'null' title: Next Page description: Next page number (null if last page) type: object required: - page - limit - total - pages - previous_page - next_page title: PaginationMeta description: Pagination metadata. AgentPayload: properties: application_directory_id: type: string title: Agent Directory Id type: object required: - application_directory_id title: AgentPayload Agent: properties: id: type: string format: uuid title: Id created_at: type: string format: date-time title: Created At updated_at: type: string format: date-time title: Updated At organization_id: type: string format: uuid title: Organization Id application_directory_id: type: string format: uuid title: Agent Directory Id type: object required: - id - created_at - updated_at - organization_id - application_directory_id title: Agent Error: type: object required: - error - message properties: error: type: string description: Error type identifier example: ServerNotFound message: type: string description: Human-readable error message example: Server with ID '123' not found details: type: object description: Additional error details additionalProperties: true ConnectionStatusResponse: type: object required: - status properties: status: type: string enum: - available - pending - connected - error description: Current connection status example: connected ConnectionInitiationResponse: type: object properties: auth_url: type: string format: uri description: OAuth authorization URL to redirect user to example: https://login.salesforce.com/services/oauth2/authorize?... additionalProperties: true PolicyDetailResponse: properties: policy: $ref: '#/components/schemas/PolicyDetail' type: object required: - policy title: PolicyDetailResponse description: Envelope for detail responses. PolicyDetail: properties: id: type: string format: uuid title: Id organization_id: type: string title: Organization Id name: type: string title: Name status: type: string title: Status support_contact: anyOf: - type: string - type: 'null' title: Support Contact description: anyOf: - type: string - type: 'null' title: Description mcp_server_id: type: string title: Mcp Server Id application_ids: items: type: string type: array title: Application Ids tags: items: type: string type: array title: Tags rules: items: $ref: '#/components/schemas/PolicyRule-Output' type: array title: Rules created_at: type: string format: date-time title: Created At updated_at: type: string format: date-time title: Updated At created_by_user_id: type: string title: Created By User Id updated_by_user_id: type: string title: Updated By User Id type: object required: - id - organization_id - name - status - mcp_server_id - created_at - updated_at - created_by_user_id - updated_by_user_id title: PolicyDetail description: Detailed representation of a policy including rules. PolicyRule-Output: properties: name: anyOf: - type: string - type: 'null' title: Name description: Optional display name for the rule default: '' authorized: anyOf: - type: boolean - type: 'null' title: Authorized description: Determines if the actions are allowed (True) or denied (False) default: false actions: items: type: string type: array title: Actions description: Actions this rule applies to roles_groups: items: type: string type: array title: Roles Groups description: Roles or groups this rule applies to condition: anyOf: - $ref: '#/components/schemas/PolicyRuleCondition-Output' - type: 'null' description: Optional condition that must be met for the rule to apply type: object title: PolicyRule description: Represents a single policy rule with compatible conditions. PolicyRuleCondition-Output: properties: match: oneOf: - $ref: '#/components/schemas/Expression' - $ref: '#/components/schemas/OperatorAll-Output' - $ref: '#/components/schemas/OperatorAny-Output' - $ref: '#/components/schemas/OperatorNone-Output' title: Match type: object required: - match title: PolicyRuleCondition Expression: properties: expr: type: string title: Expr type: object required: - expr title: Expression OperatorAll-Output: properties: all: $ref: '#/components/schemas/ConditionOf-Output' type: object required: - all title: OperatorAll OperatorAny-Output: properties: any: $ref: '#/components/schemas/ConditionOf-Output' type: object required: - any title: OperatorAny OperatorNone-Output: properties: none: $ref: '#/components/schemas/ConditionOf-Output' type: object required: - none title: OperatorNone ConditionOf-Output: properties: of: items: oneOf: - $ref: '#/components/schemas/Expression' - $ref: '#/components/schemas/OperatorAll-Output' - $ref: '#/components/schemas/OperatorAny-Output' - $ref: '#/components/schemas/OperatorNone-Output' type: array title: Of type: object required: - of title: ConditionOf FilterCategory: properties: id: type: string title: Id label: type: string title: Label options: items: $ref: '#/components/schemas/FilterOption' type: array title: Options type: object required: - id - label title: FilterCategory description: Category of filter options for the advanced filter UI. FilterOption: properties: value: type: string title: Value label: type: string title: Label type: object required: - value - label title: FilterOption description: Individual filter option. PolicySummaryResponse: properties: active: type: integer title: Active default: 0 draft: type: integer title: Draft default: 0 inactive: type: integer title: Inactive default: 0 archived: type: integer title: Archived default: 0 total: type: integer title: Total default: 0 type: object title: PolicySummaryResponse description: Summary counts of policies by status. PaginationResponse_PolicySummary_: properties: data: items: $ref: '#/components/schemas/PolicySummary' type: array title: Data description: Array of items for current page pagination: $ref: '#/components/schemas/PaginationMeta' description: Pagination metadata type: object required: - data - pagination title: PaginationResponse[PolicySummary] PolicySummary: properties: id: type: string format: uuid title: Id name: type: string title: Name status: type: string title: Status mcp_server_id: type: string title: Mcp Server Id mcp_server_name: anyOf: - type: string - type: 'null' title: Mcp Server Name application_ids: items: type: string type: array title: Application Ids application_names: items: type: string type: array title: Application Names tags: items: type: string type: array title: Tags updated_at: type: string format: date-time title: Updated At updated_by_user_id: type: string title: Updated By User Id updated_by_user_name: anyOf: - type: string - type: 'null' title: Updated By User Name description: anyOf: - type: string - type: 'null' title: Description rules_count: type: integer title: Rules Count default: 0 type: object required: - id - name - status - mcp_server_id - updated_at - updated_by_user_id title: PolicySummary description: Summary row used for policy list views. PaginationResponse_PolicyRevisionSummary_: properties: data: items: $ref: '#/components/schemas/PolicyRevisionSummary' type: array title: Data description: Array of items for current page pagination: $ref: '#/components/schemas/PaginationMeta' description: Pagination metadata type: object required: - data - pagination title: PaginationResponse[PolicyRevisionSummary] PolicyRevisionSummary: properties: id: type: string format: uuid title: Id policy_id: type: string format: uuid title: Policy Id changes: additionalProperties: true type: object title: Changes description: Changes made in this revision changes_summary: anyOf: - items: type: string type: array - type: 'null' title: Changes Summary description: Human-readable list of change descriptions revised_at: type: string format: date-time title: Revised At revised_by: type: string title: Revised By revised_by_name: anyOf: - type: string - type: 'null' title: Revised By Name description: Name of the user who made the revision type: object required: - id - policy_id - changes - revised_at - revised_by title: PolicyRevisionSummary description: Summary of a policy revision. UpdatePolicy: properties: name: anyOf: - type: string - type: 'null' title: Name description: Human-friendly policy name, unique within an organization description: anyOf: - type: string - type: 'null' title: Description description: Longer description of the policy. support_contact: anyOf: - type: string - type: 'null' title: Support Contact description: Primary point of contact associated with the policy. tags: anyOf: - items: type: string type: array - type: 'null' title: Tags description: Tags for categorizing the policy. status: anyOf: - $ref: '#/components/schemas/PolicyStatus' - type: 'null' description: The current lifecycle status of the policy. application_ids: anyOf: - items: type: string type: array - type: 'null' title: Application Ids description: List of application (agent) identifiers to which this policy applies. rules: anyOf: - items: $ref: '#/components/schemas/PolicyRule-Input' type: array - type: 'null' title: Rules description: Full set of rules that govern the policy. type: object title: UpdatePolicy description: Request body for partial updates to an existing policy. PolicyStatus: type: string enum: - DRAFT - ACTIVE - INACTIVE - ARCHIVED title: PolicyStatus description: Policy lifecycle status. PolicyRule-Input: properties: name: anyOf: - type: string - type: 'null' title: Name description: Optional display name for the rule default: '' authorized: anyOf: - type: boolean - type: 'null' title: Authorized description: Determines if the actions are allowed (True) or denied (False) default: false actions: items: type: string type: array title: Actions description: Actions this rule applies to roles_groups: items: type: string type: array title: Roles Groups description: Roles or groups this rule applies to condition: anyOf: - $ref: '#/components/schemas/PolicyRuleCondition-Input' - type: 'null' description: Optional condition that must be met for the rule to apply type: object title: PolicyRule description: Represents a single policy rule with compatible conditions. PolicyRuleCondition-Input: properties: match: oneOf: - $ref: '#/components/schemas/Expression' - $ref: '#/components/schemas/OperatorAll-Input' - $ref: '#/components/schemas/OperatorAny-Input' - $ref: '#/components/schemas/OperatorNone-Input' title: Match type: object required: - match title: PolicyRuleCondition OperatorAll-Input: properties: all: $ref: '#/components/schemas/ConditionOf-Input' type: object required: - all title: OperatorAll OperatorAny-Input: properties: any: $ref: '#/components/schemas/ConditionOf-Input' type: object required: - any title: OperatorAny OperatorNone-Input: properties: none: $ref: '#/components/schemas/ConditionOf-Input' type: object required: - none title: OperatorNone ConditionOf-Input: properties: of: items: oneOf: - $ref: '#/components/schemas/Expression' - $ref: '#/components/schemas/OperatorAll-Input' - $ref: '#/components/schemas/OperatorAny-Input' - $ref: '#/components/schemas/OperatorNone-Input' type: array title: Of type: object required: - of title: ConditionOf ValidatePolicyRequest: properties: name: type: string maxLength: 255 minLength: 1 title: Name description: Policy name to validate mcp_server_id: anyOf: - type: string - type: 'null' title: Mcp Server Id description: MCP server ID to check for overlaps application_ids: anyOf: - items: type: string type: array - type: 'null' title: Application Ids description: Application IDs to check for overlaps exclude_policy_id: anyOf: - type: string - type: 'null' title: Exclude Policy Id description: Policy ID to exclude from validation (for edit mode) type: object required: - name title: ValidatePolicyRequest description: Request body for validating a policy before creation. ValidatePolicyResponse: properties: name_is_unique: type: boolean title: Name Is Unique description: Whether the policy name is unique within the organization no_overlap_if_active: type: boolean title: No Overlap If Active description: Whether the policy would overlap with existing active policies overlapping_policy_names: items: type: string type: array title: Overlapping Policy Names description: Names of overlapping active policies, if any type: object required: - name_is_unique - no_overlap_if_active title: ValidatePolicyResponse description: Response for policy validation. ServerCreateRequest: type: object required: - name - mcp_server_directory_id properties: name: type: string description: Human-readable name for the server example: My Salesforce Instance mcp_server_directory_id: type: string format: uuid description: ID of the server directory template to create from slug: type: string description: Optional URL-friendly identifier (auto-generated if not provided) pattern: ^[a-z0-9-]+$ client_id: type: string description: OAuth client ID (for OAuth-enabled servers) client_secret: type: string description: OAuth client secret (for OAuth-enabled servers) meta: type: object description: Additional metadata for the server additionalProperties: true ServerCreateResponse: type: object properties: id: type: string format: uuid description: ID of the newly created server connection_id: type: string nullable: true description: Connection ID if a connection was created auth_url: type: string nullable: true description: OAuth authorization URL if authentication is required ServerDetail: allOf: - $ref: '#/components/schemas/ServerSummary' - type: object properties: url: type: string format: uri nullable: true description: MCP base URL from the server directory example: https://api.salesforce.com/mcp ServerSummary: type: object required: - id - name - slug - connection_status properties: id: type: string format: uuid description: Unique identifier for the server example: 123e4567-e89b-12d3-a456-426614174000 name: type: string description: Human-readable name of the server example: Salesforce Production slug: type: string description: URL-friendly identifier used in API paths pattern: ^[a-z0-9-]+$ example: salesforce provider: type: string nullable: true description: Third-party provider name example: salesforce connection_status: type: string enum: - available - pending - connected - error description: 'Current connection status: - `available`: Server is available but not connected - `pending`: Connection is in progress or credentials missing - `connected`: Server is connected and ready to use - `error`: Connection failed or encountered an error ' example: connected PaginationResponse_ServerResponse_: type: object properties: data: type: array items: $ref: '#/components/schemas/ServerDetail' description: Array of servers for current page pagination: $ref: '#/components/schemas/PaginationMeta' description: Pagination metadata required: - data - pagination ServerUpdateRequest: type: object properties: name: type: string description: Human-readable name for the server example: My Salesforce Instance slug: type: string description: URL-friendly identifier pattern: ^[a-z0-9-]+$ client_id: type: string description: OAuth client ID (provide actual value, not obfuscated) client_secret: type: string description: OAuth client secret (provide actual value, not obfuscated) meta: type: object description: Additional metadata for the server additionalProperties: true securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT description: 'JWT token obtained through Auth0 OAuth 2.0 flow with PKCE. The token should be included in the Authorization header: `Authorization: Bearer ` Use the Barndoor SDK''s `loginInteractive()` function to obtain tokens automatically. ' HTTPBearer: type: http scheme: bearer