dograh/api/AGENTS.md

# API - Backend Service

FastAPI backend for the Dograh voice AI platform.

## Project Structure

```
api/
├── routes/           # API endpoint handlers
├── services/         # Domain logic, runtime systems, and extension seams
├── db/               # Database models and data access
├── schemas/          # Pydantic request/response schemas
├── tasks/            # Background jobs and post-call work
├── mcp_server/       # MCP surface exposed by the backend
├── utils/            # Shared utilities
├── alembic/          # Database migrations
└── tests/            # Test suite
```

## Where to Find Things

| Looking for...               | Go to...                                                                      |
| ---------------------------- | ----------------------------------------------------------------------------- |
| API endpoints                | `routes/` - domain routers mounted under `/api/v1`                            |
| Workflow graph and node data | `services/workflow/`                                                          |
| Live pipeline runtime        | `services/pipecat/`                                                           |
| Telephony providers/call flow| `services/telephony/`                                                         |
| Third-party integrations     | `services/integrations/`                                                      |
| Campaign and other domains   | `services/`                                                                   |
| Database access              | `db/`                                                                         |
| Request/response types       | `schemas/`                                                                    |
| Background jobs              | `tasks/`                                                                      |
| MCP backend surface          | `mcp_server/`                                                                 |
| Tests                        | `tests/`                                                                      |

## API Structure

- All routes are mounted at `/api/v1` prefix
- Routes are organized by domain under `routes/`
- Workflow execution spans `services/workflow/`, `services/pipecat/`, and `tasks/`
- Telephony is a full subsystem under `services/telephony/`, with provider-specific packages under `services/telephony/providers/`
- Integrations extend through `services/integrations/`; package-specific rules should live in that subtree's own `AGENTS.md`

## Database Migrations

```bash
./scripts/makemigrate.sh "description"  # Create migration
./scripts/migrate.sh                     # Run migrations
```

## Cross-Worker State Sync

When an API endpoint updates in-memory state (e.g. cached credentials, config objects), that change only affects the worker process that handled the request. With multiple FastAPI workers, **use `WorkerSyncManager`** (`services/worker_sync/`) to propagate changes to all workers via Redis pub/sub instead of updating local state directly.

## Organization Scoping (Security)

Most resources in this codebase are scoped to an organization. **Whenever you read or write an organization-scoped field, you must filter or validate by `organization_id`.** This is a tenant-isolation requirement, not a stylistic one — skipping the check lets a user in one org touch resources owned by another.

Concretely:

- **Reading** an org-scoped row by id: pass `organization_id=user.selected_organization_id` to the DB client (or query through an org-scoped helper). Never trust an id from the request body to imply ownership.
- **Writing** a foreign key that points at another org-scoped resource (e.g. attaching `inbound_workflow_id` to a phone number, setting `telephony_configuration_id` on a campaign): fetch the referenced row with the user's `organization_id` and reject with 404 if it doesn't belong. The FK constraint only proves the row exists — it doesn't prove the caller is allowed to reference it.
- **Listing** org-scoped resources: filter by `organization_id` at the query level, not in Python after the fact.

If a route's handler does not have access to an `organization_id` (e.g. webhook callbacks), derive it from the request payload and validate that derivation explicitly — don't assume.

## Development

```bash
uvicorn api.app:app --reload --port 8000
```
Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30			`# API - Backend Service`

			`FastAPI backend for the Dograh voice AI platform.`

			`## Project Structure`

			```
			`api/`
			`├── routes/ # API endpoint handlers`
feat: add Review AGENTS.md Skill 2026-05-20 16:20:07 +05:30			`├── services/ # Domain logic, runtime systems, and extension seams`
Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30			`├── db/ # Database models and data access`
			`├── schemas/ # Pydantic request/response schemas`
feat: add Review AGENTS.md Skill 2026-05-20 16:20:07 +05:30			`├── tasks/ # Background jobs and post-call work`
			`├── mcp_server/ # MCP surface exposed by the backend`
			`├── utils/ # Shared utilities`
Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30			`├── alembic/ # Database migrations`
			`└── tests/ # Test suite`
			```

			`## Where to Find Things`

feat: add Review AGENTS.md Skill 2026-05-20 16:20:07 +05:30			`\| Looking for... \| Go to... \|`
			`\| ---------------------------- \| ----------------------------------------------------------------------------- \|`
			\| API endpoints \| `routes/` - domain routers mounted under `/api/v1` \|
			\| Workflow graph and node data \| `services/workflow/` \|
			\| Live pipeline runtime \| `services/pipecat/` \|
			\| Telephony providers/call flow\| `services/telephony/` \|
			\| Third-party integrations \| `services/integrations/` \|
			\| Campaign and other domains \| `services/` \|
			\| Database access \| `db/` \|
			\| Request/response types \| `schemas/` \|
			\| Background jobs \| `tasks/` \|
			\| MCP backend surface \| `mcp_server/` \|
			\| Tests \| `tests/` \|
Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30
			`## API Structure`

			- All routes are mounted at `/api/v1` prefix
feat: add Review AGENTS.md Skill 2026-05-20 16:20:07 +05:30			- Routes are organized by domain under `routes/`
			- Workflow execution spans `services/workflow/`, `services/pipecat/`, and `tasks/`
			- Telephony is a full subsystem under `services/telephony/`, with provider-specific packages under `services/telephony/providers/`
			- Integrations extend through `services/integrations/`; package-specific rules should live in that subtree's own `AGENTS.md`
Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30
			`## Database Migrations`

			```bash
			`./scripts/makemigrate.sh "description" # Create migration`
			`./scripts/migrate.sh # Run migrations`
			```

feat: add worker sync events Add a worker sync event so that runtime updates on one worker can propagate across other workers using pubsub for multi worker deployments 2026-04-04 14:26:47 +05:30			`## Cross-Worker State Sync`

			When an API endpoint updates in-memory state (e.g. cached credentials, config objects), that change only affects the worker process that handled the request. With multiple FastAPI workers, use `WorkerSyncManager` (`services/worker_sync/`) to propagate changes to all workers via Redis pub/sub instead of updating local state directly.

feat: refactor telephony to support multiple telephony configurations (#251) Co-authored-by: Sabiha Khan <sabihak89@gmail.com> 2026-04-29 11:39:57 +05:30			`## Organization Scoping (Security)`

			Most resources in this codebase are scoped to an organization. Whenever you read or write an organization-scoped field, you must filter or validate by `organization_id`. This is a tenant-isolation requirement, not a stylistic one — skipping the check lets a user in one org touch resources owned by another.

			`Concretely:`

			- Reading an org-scoped row by id: pass `organization_id=user.selected_organization_id` to the DB client (or query through an org-scoped helper). Never trust an id from the request body to imply ownership.
			- Writing a foreign key that points at another org-scoped resource (e.g. attaching `inbound_workflow_id` to a phone number, setting `telephony_configuration_id` on a campaign): fetch the referenced row with the user's `organization_id` and reject with 404 if it doesn't belong. The FK constraint only proves the row exists — it doesn't prove the caller is allowed to reference it.
			- Listing org-scoped resources: filter by `organization_id` at the query level, not in Python after the fact.

			If a route's handler does not have access to an `organization_id` (e.g. webhook callbacks), derive it from the request payload and validate that derivation explicitly — don't assume.

Chore/add setup and contributing docs (#90) * chore: add dev setup documentation * Add agents.md files * simplify contributing documentation 2025-12-27 09:25:20 +05:30			`## Development`

			```bash
			`uvicorn api.app:app --reload --port 8000`
			```