trustgraph/specs/api/openapi.yaml

openapi: 3.1.0

info:
  title: TrustGraph API Gateway
  version: "2.4"
  description: |
    REST API for TrustGraph - an AI-powered knowledge graph and RAG system.

    ## Overview

    The API provides access to:
    - **Global Services**: IAM (user management, authentication)
    - **Workspace-Scoped Services**: Configuration, flow management, knowledge storage, library management
    - **Flow-Scoped Services**: AI services like RAG, text completion, embeddings (require running flow)
    - **Import/Export**: Bulk data operations for triples, embeddings, entity contexts
    - **WebSocket**: Multiplexed interface for all services

    ## Authentication

    Clients authenticate by passing an opaque bearer token in the
    `Authorization` header.  The token is obtained via the IAM service
    (e.g. `tg-login` or `tg-create-api-key`).

    ```
    Authorization: Bearer <token>
    ```

    The gateway resolves the token to an authenticated identity and an
    associated workspace.  The token is an opaque string — clients must
    not make assumptions about its internal structure.

    ## Service Tiers

    ### Global Services
    System-wide services with no workspace scoping:
    - `iam` - User management, authentication, API key lifecycle

    ### Workspace-Scoped Services
    Operate within the workspace associated with the authenticated
    token.  The workspace is resolved by the gateway — it is not
    passed as an explicit parameter.

    Fixed endpoints accessible via `/api/v1/{kind}`:
    - `config` - Configuration management
    - `flow` - Flow lifecycle and blueprints
    - `librarian` - Document library management
    - `knowledge` - Knowledge graph core management
    - `collection-management` - Collection metadata

    ### Flow-Scoped Services
    Require a `flow` parameter identifying the processing flow to use.
    Workspace context comes from the authenticated token.

    Accessed via `/api/v1/flow/{flow}/service/{kind}`:
    - AI services: agent, text-completion, prompt, RAG (document/graph)
    - Embeddings: embeddings, graph-embeddings, document-embeddings
    - Query: triples, rows, nlp-query, structured-query, sparql-query, row-embeddings
    - Data loading: text-load, document-load
    - Utilities: mcp-tool, structured-diag

    ## Field Naming

    All JSON fields use **kebab-case**: `flow-id`, `blueprint-name`, `doc-limit`, etc.

    ## Error Responses

    All endpoints may return errors in this format:
    ```json
    {
      "error": {
        "type": "gateway-error",
        "message": "Timeout"
      }
    }
    ```

  contact:
    name: TrustGraph Project
    url: https://trustgraph.ai
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html

servers:
  - url: http://localhost:8088
    description: Local development server

security:
  - bearerAuth: []

tags:
  - name: Config
    description: Configuration management (workspace-scoped)
  - name: Flow
    description: Flow lifecycle and blueprint management (workspace-scoped)
  - name: Librarian
    description: Document library management (workspace-scoped)
  - name: Knowledge
    description: Knowledge graph core management (workspace-scoped)
  - name: Collection
    description: Collection metadata management (workspace-scoped)
  - name: Flow Services
    description: AI and query services hosted within flow instances (flow-scoped)
  - name: Import/Export
    description: Bulk data import and export
  - name: WebSocket
    description: WebSocket interfaces
  - name: Metrics
    description: System metrics and monitoring

paths:
  /api/v1/config:
    $ref: './paths/config.yaml'
  /api/v1/flow:
    $ref: './paths/flow.yaml'
  /api/v1/librarian:
    $ref: './paths/librarian.yaml'
  /api/v1/knowledge:
    $ref: './paths/knowledge.yaml'
  /api/v1/collection-management:
    $ref: './paths/collection-management.yaml'

  # Flow-hosted services (require running flow instance)
  /api/v1/flow/{flow}/service/agent:
    $ref: './paths/flow/agent.yaml'
  /api/v1/flow/{flow}/service/document-rag:
    $ref: './paths/flow/document-rag.yaml'
  /api/v1/flow/{flow}/service/graph-rag:
    $ref: './paths/flow/graph-rag.yaml'
  /api/v1/flow/{flow}/service/text-completion:
    $ref: './paths/flow/text-completion.yaml'
  /api/v1/flow/{flow}/service/prompt:
    $ref: './paths/flow/prompt.yaml'
  /api/v1/flow/{flow}/service/embeddings:
    $ref: './paths/flow/embeddings.yaml'
  /api/v1/flow/{flow}/service/mcp-tool:
    $ref: './paths/flow/mcp-tool.yaml'
  /api/v1/flow/{flow}/service/triples:
    $ref: './paths/flow/triples.yaml'
  /api/v1/flow/{flow}/service/rows:
    $ref: './paths/flow/rows.yaml'
  /api/v1/flow/{flow}/service/nlp-query:
    $ref: './paths/flow/nlp-query.yaml'
  /api/v1/flow/{flow}/service/structured-query:
    $ref: './paths/flow/structured-query.yaml'
  /api/v1/flow/{flow}/service/structured-diag:
    $ref: './paths/flow/structured-diag.yaml'
  /api/v1/flow/{flow}/service/graph-embeddings:
    $ref: './paths/flow/graph-embeddings.yaml'
  /api/v1/flow/{flow}/service/document-embeddings:
    $ref: './paths/flow/document-embeddings.yaml'
  /api/v1/flow/{flow}/service/row-embeddings:
    $ref: './paths/flow/row-embeddings.yaml'
  /api/v1/flow/{flow}/service/text-load:
    $ref: './paths/flow/text-load.yaml'
  /api/v1/flow/{flow}/service/document-load:
    $ref: './paths/flow/document-load.yaml'
  /api/v1/flow/{flow}/service/sparql-query:
    $ref: './paths/flow/sparql-query.yaml'

  # Document streaming
  /api/v1/document-stream:
    $ref: './paths/document-stream.yaml'

  # Import/Export endpoints
  /api/v1/import-core:
    $ref: './paths/import-core.yaml'
  /api/v1/export-core:
    $ref: './paths/export-core.yaml'

  # WebSocket endpoints
  /api/v1/socket:
    $ref: './paths/websocket.yaml'

  # Metrics endpoint
  /api/metrics:
    $ref: './paths/metrics.yaml'
  /api/metrics/{path}:
    $ref: './paths/metrics-path.yaml'

components:
  securitySchemes:
    bearerAuth:
      $ref: './security/bearerAuth.yaml'
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`openapi: 3.1.0`

			`info:`
			`title: TrustGraph API Gateway`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`version: "2.4"`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`description: \|`
			`REST API for TrustGraph - an AI-powered knowledge graph and RAG system.`

			`## Overview`

			`The API provides access to:`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`- Global Services: IAM (user management, authentication)`
			`- Workspace-Scoped Services: Configuration, flow management, knowledge storage, library management`
			`- Flow-Scoped Services: AI services like RAG, text completion, embeddings (require running flow)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- Import/Export: Bulk data operations for triples, embeddings, entity contexts`
			`- WebSocket: Multiplexed interface for all services`

Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`## Authentication`

			`Clients authenticate by passing an opaque bearer token in the`
			`Authorization` header. The token is obtained via the IAM service
			(e.g. `tg-login` or `tg-create-api-key`).

			```
			`Authorization: Bearer <token>`
			```

			`The gateway resolves the token to an authenticated identity and an`
			`associated workspace. The token is an opaque string — clients must`
			`not make assumptions about its internal structure.`

			`## Service Tiers`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00
			`### Global Services`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`System-wide services with no workspace scoping:`
			- `iam` - User management, authentication, API key lifecycle

			`### Workspace-Scoped Services`
			`Operate within the workspace associated with the authenticated`
			`token. The workspace is resolved by the gateway — it is not`
			`passed as an explicit parameter.`

REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			Fixed endpoints accessible via `/api/v1/{kind}`:
			- `config` - Configuration management
			- `flow` - Flow lifecycle and blueprints
			- `librarian` - Document library management
			- `knowledge` - Knowledge graph core management
			- `collection-management` - Collection metadata

Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`### Flow-Scoped Services`
			Require a `flow` parameter identifying the processing flow to use.
			`Workspace context comes from the authenticated token.`

			Accessed via `/api/v1/flow/{flow}/service/{kind}`:
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- AI services: agent, text-completion, prompt, RAG (document/graph)`
			`- Embeddings: embeddings, graph-embeddings, document-embeddings`
Update docs for 2.2 release (#766) - Update protocol specs - Update protocol docs - Update API specs 2026-04-07 22:24:59 +01:00			`- Query: triples, rows, nlp-query, structured-query, sparql-query, row-embeddings`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- Data loading: text-load, document-load`
			`- Utilities: mcp-tool, structured-diag`

			`## Field Naming`

			All JSON fields use kebab-case: `flow-id`, `blueprint-name`, `doc-limit`, etc.

			`## Error Responses`

			`All endpoints may return errors in this format:`
			```json
			`{`
			`"error": {`
			`"type": "gateway-error",`
			`"message": "Timeout"`
			`}`
			`}`
			```

			`contact:`
			`name: TrustGraph Project`
			`url: https://trustgraph.ai`
			`license:`
			`name: Apache 2.0`
			`url: https://www.apache.org/licenses/LICENSE-2.0.html`

			`servers:`
			`- url: http://localhost:8088`
			`description: Local development server`

			`security:`
			`- bearerAuth: []`

			`tags:`
			`- name: Config`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: Configuration management (workspace-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Flow`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: Flow lifecycle and blueprint management (workspace-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Librarian`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: Document library management (workspace-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Knowledge`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: Knowledge graph core management (workspace-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Collection`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: Collection metadata management (workspace-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Flow Services`
Update API docs for 2.4 (#960) - Update API specs for 2.4 (#960) - Update API docs - Regenerate Python docs 2026-05-28 17:55:51 +01:00			`description: AI and query services hosted within flow instances (flow-scoped)`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`- name: Import/Export`
			`description: Bulk data import and export`
			`- name: WebSocket`
			`description: WebSocket interfaces`
			`- name: Metrics`
			`description: System metrics and monitoring`

			`paths:`
			`/api/v1/config:`
			`$ref: './paths/config.yaml'`
			`/api/v1/flow:`
			`$ref: './paths/flow.yaml'`
			`/api/v1/librarian:`
			`$ref: './paths/librarian.yaml'`
			`/api/v1/knowledge:`
			`$ref: './paths/knowledge.yaml'`
			`/api/v1/collection-management:`
			`$ref: './paths/collection-management.yaml'`

			`# Flow-hosted services (require running flow instance)`
			`/api/v1/flow/{flow}/service/agent:`
			`$ref: './paths/flow/agent.yaml'`
			`/api/v1/flow/{flow}/service/document-rag:`
			`$ref: './paths/flow/document-rag.yaml'`
			`/api/v1/flow/{flow}/service/graph-rag:`
			`$ref: './paths/flow/graph-rag.yaml'`
			`/api/v1/flow/{flow}/service/text-completion:`
			`$ref: './paths/flow/text-completion.yaml'`
			`/api/v1/flow/{flow}/service/prompt:`
			`$ref: './paths/flow/prompt.yaml'`
			`/api/v1/flow/{flow}/service/embeddings:`
			`$ref: './paths/flow/embeddings.yaml'`
			`/api/v1/flow/{flow}/service/mcp-tool:`
			`$ref: './paths/flow/mcp-tool.yaml'`
			`/api/v1/flow/{flow}/service/triples:`
			`$ref: './paths/flow/triples.yaml'`
Structured data 2 (#645) * Structured data refactor - multi-index tables, remove need for manual mods to the Cassandra tables * Tech spec updated to track implementation 2026-02-23 15:56:29 +00:00			`/api/v1/flow/{flow}/service/rows:`
			`$ref: './paths/flow/rows.yaml'`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`/api/v1/flow/{flow}/service/nlp-query:`
			`$ref: './paths/flow/nlp-query.yaml'`
			`/api/v1/flow/{flow}/service/structured-query:`
			`$ref: './paths/flow/structured-query.yaml'`
			`/api/v1/flow/{flow}/service/structured-diag:`
			`$ref: './paths/flow/structured-diag.yaml'`
			`/api/v1/flow/{flow}/service/graph-embeddings:`
			`$ref: './paths/flow/graph-embeddings.yaml'`
			`/api/v1/flow/{flow}/service/document-embeddings:`
			`$ref: './paths/flow/document-embeddings.yaml'`
Row embeddings APIs exposed (#646) * Added row embeddings API and CLI support * Updated protocol specs * Row embeddings agent tool * Add new agent tool to CLI 2026-02-23 21:52:56 +00:00			`/api/v1/flow/{flow}/service/row-embeddings:`
			`$ref: './paths/flow/row-embeddings.yaml'`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`/api/v1/flow/{flow}/service/text-load:`
			`$ref: './paths/flow/text-load.yaml'`
			`/api/v1/flow/{flow}/service/document-load:`
			`$ref: './paths/flow/document-load.yaml'`
Update docs for 2.2 release (#766) - Update protocol specs - Update protocol docs - Update API specs 2026-04-07 22:24:59 +01:00			`/api/v1/flow/{flow}/service/sparql-query:`
			`$ref: './paths/flow/sparql-query.yaml'`
REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00
Update API specs for 2.1 (#699) * Updating API specs for 2.1 * Updated API and SDK docs 2026-03-17 20:36:31 +00:00			`# Document streaming`
			`/api/v1/document-stream:`
			`$ref: './paths/document-stream.yaml'`

REST API OpenAPI spec (#612) * OpenAPI spec in specs/api. Checked lint with redoc. 2026-01-15 11:04:37 +00:00			`# Import/Export endpoints`
			`/api/v1/import-core:`
			`$ref: './paths/import-core.yaml'`
			`/api/v1/export-core:`
			`$ref: './paths/export-core.yaml'`

			`# WebSocket endpoints`
			`/api/v1/socket:`
			`$ref: './paths/websocket.yaml'`

			`# Metrics endpoint`
			`/api/metrics:`
			`$ref: './paths/metrics.yaml'`
			`/api/metrics/{path}:`
			`$ref: './paths/metrics-path.yaml'`

			`components:`
			`securitySchemes:`
			`bearerAuth:`
			`$ref: './security/bearerAuth.yaml'`