vibn-agent-runner/vibn-frontend/app/api/ROUTES.md

API Route Map

Generated 2026-05-17. Auth column: session = NextAuth cookie, api_key = vibn_sk_… bearer, admin_secret = env-var secret, webhook_sig = HMAC-SHA256, public = no auth.

Tenant column: workspace = must belong to caller's workspace, project = must own project, user = must match session user, global = cross-workspace admin op.

Chat

Method	Path	Auth	Tenant	Purpose
POST	/api/chat	session	workspace	Main SSE chat with Gemini + tool loop
GET	/api/chat/threads	session	user	List threads
POST	/api/chat/threads	session	user	Create thread
GET	/api/chat/threads/[id]	session	user	Get thread + messages
PATCH	/api/chat/threads/[id]	session	user	Rename thread
DELETE	/api/chat/threads/[id]	session	user	Delete thread

AI (legacy, plan to deprecate)

Method	Path	Auth	Tenant	Purpose
POST	/api/ai/chat	session	project	Old collector-mode chat (pre-tool)
GET	/api/ai/conversation	session	project	Fetch saved conversation history
DELETE	/api/ai/conversation	session	project	Wipe conversation history
POST	/api/ai/conversation/reset	session	project	Alias for DELETE

Projects

Method	Path	Auth	Tenant	Purpose
GET	/api/projects	session	user	List user's projects
POST	/api/projects/create	session	user	Create project (enforces quota)
POST	/api/projects/delete	session	project	Delete project
GET/PATCH	/api/projects/[projectId]	session	project	Get / update project
GET	/api/projects/[projectId]/activity	session	project	Activity feed
POST	/api/projects/[projectId]/advisor	session	project	AI advisor
GET/POST	/api/projects/[projectId]/anatomy	session	project	Anatomy read/update
GET/POST	/api/projects/[projectId]/apps	session	project	App list / create
GET/POST	/api/projects/[projectId]/design-kit	session	project	Design kit CRUD
GET/POST	/api/projects/[projectId]/plan	session	project	Plan read/update
POST	/api/projects/[projectId]/plan/intelligent	session	project	AI plan generation
POST	/api/projects/[projectId]/plan/mvp	session	project	MVP plan
POST	/api/projects/[projectId]/plan/marketing	session	project	Marketing plan
POST	/api/projects/[projectId]/documents/upload	session	project	Upload brief
GET/POST	/api/projects/[projectId]/secrets	session	project	List/set project secrets (B-06)
GET/DELETE	/api/projects/[projectId]/secrets/[key]	session	project	Reveal/delete secret (B-06)
GET	/api/projects/[projectId]/knowledge	session	project	Knowledge items
POST	/api/projects/[projectId]/knowledge/batch-extract	session	project	Batch extract knowledge
GET/POST	/api/projects/[projectId]/agent/sessions	session	project	Agent session CRUD
GET	/api/projects/[projectId]/agent/sessions/[sessionId]	session	project	Session state
POST	/api/projects/[projectId]/agent/sessions/[sessionId]/approve	session	project	Approve session commit
POST	/api/projects/[projectId]/agent/sessions/[sessionId]/stop	session	project	Stop agent
GET	/api/projects/[projectId]/agent/sessions/[sessionId]/events	session	project	Event list
GET	/api/projects/[projectId]/agent/sessions/[sessionId]/events/stream	session	project	SSE event tail

Workspaces

Method	Path	Auth	Tenant	Purpose
GET	/api/workspaces	session/api_key	user	List workspaces
POST	/api/workspaces/delete	session	user	Delete workspace
GET	/api/workspaces/[slug]	session/api_key	workspace	Get workspace
GET/POST	/api/workspaces/[slug]/apps	session/api_key	workspace	List/create apps
GET/PATCH/DELETE	/api/workspaces/[slug]/apps/[uuid]	session/api_key	workspace	App CRUD
POST	/api/workspaces/[slug]/apps/[uuid]/deploy	session/api_key	workspace	Trigger deploy
GET	/api/workspaces/[slug]/apps/[uuid]/logs	session/api_key	workspace	Runtime logs
GET/PATCH	/api/workspaces/[slug]/apps/[uuid]/envs	session/api_key	workspace	Env vars
POST	/api/workspaces/[slug]/apps/[uuid]/exec	session/api_key	workspace	Remote exec
GET/POST	/api/workspaces/[slug]/databases	session/api_key	workspace	Database CRUD
GET	/api/workspaces/[slug]/domains	session/api_key	workspace	Domain list
GET/POST	/api/workspaces/[slug]/keys	session/api_key	workspace	API keys
POST	/api/workspaces/[slug]/provision	session/api_key	workspace	Provision workspace

MCP

Method	Path	Auth	Tenant	Purpose
POST	/api/mcp	session/api_key	workspace	All 40+ MCP tools
GET/POST/DELETE	/api/mcp/generate-key	session	user	Manage MCP API keys

Auth / Sessions

Method	Path	Auth	Tenant	Purpose
GET/POST	/api/auth/[...nextauth]	public	-	NextAuth handlers
GET	/api/user/api-key	session	user	Get/create user API key
GET	/api/sessions	session	user	Session history
POST	/api/sessions/track	session	user	Track session event
POST	/api/sessions/associate-project	session	user	Link session to project

GitHub Integrations

Method	Path	Auth	Tenant	Purpose
GET/POST/DELETE	/api/github/connect	session	user	Legacy GitHub OAuth connect
GET	/api/github/repos	session	user	List connected repos
GET	/api/github/repo-tree	session	user	Repo file tree
GET	/api/github/file-content	session	user	Single file content
POST	/api/github/oauth/token	public	-	OAuth token exchange
GET	/api/integrations/github/connect	session	user	New OAuth connect
GET	/api/integrations/github/callback	public	-	OAuth callback
POST	/api/integrations/github/disconnect	session	user	Disconnect GitHub
GET	/api/integrations/github/repos	session	user	New integration repos

Webhooks

Method	Path	Auth	Tenant	Purpose
POST	/api/webhooks/gitea	webhook_sig	project	Gitea push events → context snapshot
POST	/api/webhooks/coolify	webhook_sig	project	Deploy status → context snapshot

Invites (P4.8)

Method	Path	Auth	Tenant	Purpose
GET/POST	/api/invites	admin_secret	global	Create / list invite tokens
GET	/api/invites/[token]	public	-	Validate token (used by auth page)
POST	/api/invites/[token]	session	user	Redeem token on signup

Admin / Ops

Method	Path	Auth	Tenant	Purpose
POST	/api/admin/migrate	admin_secret	global	Run SQL migrations
GET	/api/admin/path-b	admin_secret	global	Path B kill-switch state
POST	/api/admin/path-b/disable	admin_secret	global	Disable Path B
POST	/api/admin/path-b/enable	admin_secret	global	Enable Path B
POST	/api/admin/path-b/idle-sweep	admin_secret	global	Suspend idle dev containers
POST	/api/admin/path-b/autosave	admin_secret	global	Autosave workspace
POST	/api/admin/backfill-isolation	admin_secret	global	Backfill tenant isolation
POST	/api/admin/path-b	admin_secret	global	Path B bulk status
GET	/api/internal/infra-health	admin_secret	global	Coolify + SSH probe

Utilities

Method	Path	Auth	Tenant	Purpose
POST	/api/context/summarize	session	user	Gemini one-shot doc summary
GET	/api/activity	session	user	Workspace activity feed
GET	/api/work-completed	session	project	Work completed items
GET	/api/stats	session	user	Usage stats
GET	/api/preview/embed	session	user	HTML proxy for preview iframes
GET/POST	/api/extension/link-project	session	user	Browser extension project link
POST	/api/vision/update	session	project	Update project vision
GET	/api/keys	session	user	User key management
GET	/api/design-systems/[id]/preview	public	-	Design system preview HTML
GET	/api/design-systems/[id]/showcase	public	-	Design system showcase

Deprecated / V0

Method	Path	Auth	Tenant	Purpose
*	/api/v0/*	varies	varies	Legacy v0 integration (verify still used)
*	/api/openai/*	session	user	OpenAI GPT import (verify still used)
*	/api/chatgpt/*	session	user	ChatGPT conversation import