Account, team, secrets, image, and cluster administration. Whoami and team membership, secret CRUD for use inside pods and sandboxes, Docker image builds with public/private visibility, registry credential checks, FRP plugin validation, and admin-only cluster + node-log endpoints.
openapi: 3.1.0
info:
title: Prime Intellect Platform API
version: 0.1.0
description: Account, team, secrets, image, and cluster administration. Whoami, team listing, secret CRUD, Docker image
builds and visibility, registry credential checks, FRP plugin validation, and admin-only cluster + node-log operations.
contact:
name: Prime Intellect
url: https://www.primeintellect.ai
servers:
- url: https://api.primeintellect.ai
security:
- HTTPBearer: []
tags:
- name: user
- name: teams
- name: Secrets
- name: Images
- name: Template
- name: FRP Plugin
- name: admin-clusters
- name: admin-users
paths:
/api/admin/clusters:
get:
tags:
- admin-clusters
summary: List Clusters
description: List non-terminated clusters.
operationId: list_clusters_api_admin_clusters_get
security:
- HTTPBearer: []
parameters:
- name: vaultEnabled
in: query
required: false
schema:
anyOf:
- type: boolean
- type: 'null'
description: If true, return only vault-enabled clusters; if false, only non-vault-enabled. Omit to include both.
title: Vaultenabled
description: If true, return only vault-enabled clusters; if false, only non-vault-enabled. Omit to include both.
- name: search
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Case-insensitive substring match against cluster name or id.
title: Search
description: Case-insensitive substring match against cluster name or id.
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
description: Number of items to skip.
default: 0
title: Offset
description: Number of items to skip.
- name: limit
in: query
required: false
schema:
type: integer
maximum: 100
minimum: 1
description: Max items to return (1-100).
default: 20
title: Limit
description: Max items to return (1-100).
- name: detailed
in: query
required: false
schema:
type: boolean
description: If true, populate `nodes` for each cluster (one entry per pod). Otherwise only the `controller` connection
is returned.
default: false
title: Detailed
description: If true, populate `nodes` for each cluster (one entry per pod). Otherwise only the `controller` connection
is returned.
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_list_AdminClusterSummary__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Insufficient permissions
/api/admin/clusters/{cluster_id}:
get:
tags:
- admin-clusters
summary: Get Cluster
description: Return full DB details for one cluster (columns + nodes + SSH keys).
operationId: get_cluster_api_admin_clusters__cluster_id__get
security:
- HTTPBearer: []
parameters:
- name: cluster_id
in: path
required: true
schema:
type: string
title: Cluster Id
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_ClusterDetailResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Insufficient permissions
/api/admin/clusters/{cluster_id}/authorizations/certificate:
post:
tags:
- admin-clusters
summary: Request Certificate
description: 'Sign the requesting admin''s SSH public key via Vault.
If a ``publicKey`` is provided in the body, it is signed directly.
Otherwise the admin''s DB-stored SSH public key is used.'
operationId: request_certificate_api_admin_clusters__cluster_id__authorizations_certificate_post
security:
- HTTPBearer: []
parameters:
- name: cluster_id
in: path
required: true
schema:
type: string
title: Cluster Id
requestBody:
content:
application/json:
schema:
anyOf:
- $ref: '#/components/schemas/CertificateRequest'
- type: 'null'
title: Request
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_CertificateResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Insufficient permissions
/api/admin/clusters/{cluster_id}/node-logs:
get:
tags:
- admin-clusters
summary: List Cluster Node Logs
description: Return paginated ClusterNodeLog entries for one cluster, newest first.
operationId: list_cluster_node_logs_api_admin_clusters__cluster_id__node_logs_get
security:
- HTTPBearer: []
parameters:
- name: cluster_id
in: path
required: true
schema:
type: string
title: Cluster Id
- name: podId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Filter logs to a single pod.
title: Podid
description: Filter logs to a single pod.
- name: eventType
in: query
required: false
schema:
anyOf:
- $ref: '#/components/schemas/ClusterNodeLogEventTypeEnum'
- type: 'null'
description: Filter logs to a single event type.
title: Eventtype
description: Filter logs to a single event type.
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
description: Number of items to skip.
default: 0
title: Offset
description: Number of items to skip.
- name: limit
in: query
required: false
schema:
type: integer
maximum: 100
minimum: 1
description: Max items to return (1-100, default 20).
default: 20
title: Limit
description: Max items to return (1-100, default 20).
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_list_ClusterNodeLogEntry__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Insufficient permissions
/api/admin/users/whoami:
get:
tags:
- admin-users
summary: Get Current User
description: 'Identity + envelope for the calling admin API key.
Intentionally bypasses ``require_admin_permission``: any valid, non-
expired, non-disabled admin API key whose owner is still ADMIN/MANAGER
can call this. Returning the resolved permission envelope is what makes
a freshly-minted scoped key able to discover what it can do.'
operationId: get_current_user_api_admin_users_whoami_get
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_AdminWhoamiResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'403':
description: Insufficient permissions
security:
- HTTPBearer: []
/api/v1/frp/validate:
post:
tags:
- FRP Plugin
summary: Validate Frp Plugin
description: 'Validate frpc client connections.
This endpoint is called by frps server plugin for:
- Login: Validates tunnel token when client connects
- NewProxy: Validates proxy creation requests
This endpoint is public but security is enforced via per-tunnel
token validation. An attacker would need both a valid tunnel_id AND
the corresponding frp_token to get a successful response.'
operationId: validate_frp_plugin_api_v1_frp_validate_post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/FrpPluginRequest'
required: true
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/FrpPluginResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/images:
get:
tags:
- Images
summary: List User Images
description: 'List images and builds for the current user, scoped by team context. Returns personal images by default,
or team images if teamId is provided.
Pagination note: `limit`, `offset`, and `totalCount` count logical images
(unique `owner/imageName:imageTag`). A single image may produce multiple
`data[]` rows (one per artifact type plus any active builds), so
`len(data)` can exceed `limit` and `totalCount` reflects images, not rows.'
operationId: list_user_images_api_v1_images_get
security:
- HTTPBearer: []
parameters:
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Filter by team ID. If provided, returns only that team's images. If not provided, returns only personal
images.
title: Teamid
description: Filter by team ID. If provided, returns only that team's images. If not provided, returns only personal
images.
- name: offset
in: query
required: false
schema:
type: integer
default: 0
title: Offset
- name: limit
in: query
required: false
schema:
type: integer
default: 100
title: Limit
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_List_ImageResponse__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
x-mint:
content: '## Rate Limit
300 requests per 60 seconds per IP and token.'
/api/v1/images/build:
post:
tags:
- Images
summary: Initiate Image Build
description: 'Initiate an image build process.
Returns a presigned URL to upload the build context (tar.gz file).
After uploading, call /images/build/{build_id}/start to begin the build.'
operationId: initiate_image_build_api_v1_images_build_post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/BuildImageRequest'
required: true
responses:
'201':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/BuildImageResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
security:
- HTTPBearer: []
x-mint:
content: '## Rate Limit
150 requests per 60 seconds per IP and token.'
/api/v1/images/build/{build_id}:
get:
tags:
- Images
summary: Get Build Status
description: Get the status of an image build.
operationId: get_build_status_api_v1_images_build__build_id__get
security:
- HTTPBearer: []
parameters:
- name: build_id
in: path
required: true
schema:
type: string
title: Build Id
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/BuildStatusResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/images/build/{build_id}/start:
post:
tags:
- Images
summary: Start Image Build
description: 'Start the image build process after uploading the build context.
This creates a sandbox with Docker-in-Docker to build and push the image.'
operationId: start_image_build_api_v1_images_build__build_id__start_post
security:
- HTTPBearer: []
parameters:
- name: build_id
in: path
required: true
schema:
type: string
title: Build Id
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/StartBuildRequest'
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/BuildStatusResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/images/builds:
get:
tags:
- Images
summary: List Image Builds
description: List all image builds for the current user.
operationId: list_image_builds_api_v1_images_builds_get
security:
- HTTPBearer: []
parameters:
- name: offset
in: query
required: false
schema:
type: integer
default: 0
title: Offset
- name: limit
in: query
required: false
schema:
type: integer
default: 100
title: Limit
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_List_BuildStatusResponse__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/images/{image_name}/{image_tag}:
delete:
tags:
- Images
summary: Delete User Image
description: 'Delete a user image from the database and Google Artifact Registry.
For team images, only the image creator or team admins can delete.'
operationId: delete_user_image_api_v1_images__image_name___image_tag__delete
security:
- HTTPBearer: []
parameters:
- name: image_name
in: path
required: true
schema:
type: string
title: Image Name
- name: image_tag
in: path
required: true
schema:
type: string
title: Image Tag
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Team ID if deleting a team image
title: Teamid
description: Team ID if deleting a team image
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteImageResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
x-mint:
content: '## Rate Limit
100 requests per 60 seconds per IP and token.'
/api/v1/images/{image_name}/{image_tag}/visibility:
patch:
tags:
- Images
summary: Update Image Visibility
description: Publish or unpublish an image in the current personal or team context.
operationId: update_image_visibility_api_v1_images__image_name___image_tag__visibility_patch
security:
- HTTPBearer: []
parameters:
- name: image_name
in: path
required: true
schema:
type: string
title: Image Name
- name: image_tag
in: path
required: true
schema:
type: string
title: Image Tag
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateImageVisibilityRequest'
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateImageVisibilityResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
x-mint:
content: '## Rate Limit
100 requests per 60 seconds per IP and token.'
/api/v1/secrets/:
get:
tags:
- Secrets
summary: List Secrets
description: 'List global secrets for the authenticated user or a team.
If teamId is provided, returns secrets for that team (requires team membership).
Otherwise, returns the user''s personal secrets.'
operationId: list_secrets_api_v1_secrets__get
security:
- HTTPBearer: []
parameters:
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Filter by team ID
title: Teamid
description: Filter by team ID
- name: offset
in: query
required: false
schema:
type: integer
default: 0
title: Offset
- name: limit
in: query
required: false
schema:
type: integer
default: 100
title: Limit
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_List_SecretResponse__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
post:
tags:
- Secrets
summary: Create Secret
description: 'Create a new global secret.
The secret will be encrypted and stored securely. If teamId is provided,
the secret will be associated with that team (requires team membership).'
operationId: create_secret_api_v1_secrets__post
security:
- HTTPBearer: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SecretCreateRequest'
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_SecretResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/secrets/{secret_id}:
get:
tags:
- Secrets
summary: Get Secret
description: 'Get a specific secret by ID.
Note: The secret value is not returned, only metadata.'
operationId: get_secret_api_v1_secrets__secret_id__get
security:
- HTTPBearer: []
parameters:
- name: secret_id
in: path
required: true
schema:
type: string
title: Secret Id
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Team ID for team secrets
title: Teamid
description: Team ID for team secrets
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_SecretResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
patch:
tags:
- Secrets
summary: Update Secret
description: 'Update an existing secret.
You can update the name, value, and/or description.'
operationId: update_secret_api_v1_secrets__secret_id__patch
security:
- HTTPBearer: []
parameters:
- name: secret_id
in: path
required: true
schema:
type: string
title: Secret Id
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Team ID for team secrets
title: Teamid
description: Team ID for team secrets
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SecretUpdateRequest'
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_SecretResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
delete:
tags:
- Secrets
summary: Delete Secret
description: 'Delete a secret.
This operation cannot be undone. Secrets that are linked to environments
will be automatically unlinked.'
operationId: delete_secret_api_v1_secrets__secret_id__delete
security:
- HTTPBearer: []
parameters:
- name: secret_id
in: path
required: true
schema:
type: string
title: Secret Id
- name: teamId
in: query
required: false
schema:
anyOf:
- type: string
- type: 'null'
description: Team ID for team secrets
title: Teamid
description: Team ID for team secrets
responses:
'200':
description: Successful Response
content:
application/json:
schema: {}
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/teams/{team_id}/members:
get:
tags:
- teams
summary: List Team Members
operationId: list_team_members_api_v1_teams__team_id__members_get
security:
- HTTPBearer: []
parameters:
- name: team_id
in: path
required: true
schema:
type: string
title: Team Id
- name: offset
in: query
required: false
schema:
type: integer
default: 0
title: Offset
- name: limit
in: query
required: false
schema:
type: integer
default: 100
title: Limit
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_List_TeamMemberDetail__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/template/check-docker-image:
post:
tags:
- Template
summary: Check Docker Image
description: Check whether a docker image is accessible (optionally with registry credentials).
operationId: check_docker_image_api_v1_template_check_docker_image_post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DockerImageCheckRequest'
required: true
responses:
'200':
description: Successful Response
content:
application/json:
schema: {}
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
security:
- HTTPBearer: []
/api/v1/template/registry-credentials:
get:
tags:
- Template
summary: List Registry Credentials
description: List registry credentials owned by the requesting user or their teams.
operationId: list_registry_credentials_api_v1_template_registry_credentials_get
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/RegistryCredentialsListResponse'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
security:
- HTTPBearer: []
/api/v1/user/slug:
patch:
tags:
- user
summary: Set Username Slug
operationId: set_username_slug_api_v1_user_slug_patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserSlugUpdateRequest'
required: true
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_User_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
security:
- HTTPBearer: []
/api/v1/user/teams:
get:
tags:
- user
summary: List My Teams
operationId: list_my_teams_api_v1_user_teams_get
security:
- HTTPBearer: []
parameters:
- name: offset
in: query
required: false
schema:
type: integer
default: 0
title: Offset
- name: limit
in: query
required: false
schema:
type: integer
default: 100
title: Limit
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericPaginationResponse_List_TeamSummary__'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/v1/user/whoami:
get:
tags:
- user
summary: Get Whoami
operationId: get_whoami_api_v1_user_whoami_get
responses:
'200':
description: Successful Response
content:
application/json:
schema:
$ref: '#/components/schemas/GenericResponse_WhoamiResponse_'
'401':
description: Authorization failed
'422':
description: Invalid request data
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
security:
- HTTPBearer: []
components:
securitySchemes:
HTTPBearer:
type: http
scheme: bearer
schemas:
GenericResponse_AdminWhoamiResponse_:
properties:
data:
anyOf:
- $ref: '#/components/schemas/AdminWhoamiResponse'
- type: 'null'
description: Response data
status:
anyOf:
- type: string
- type: 'null'
title: Status
description: Response status
type: object
title: GenericResponse[AdminWhoamiResponse]
AdminWhoamiResponse:
properties:
id:
type: string
title: Id
role:
$ref: '#/components/schemas/UserRoleEnum'
default: USER
createdAt:
type: string
format: date-time
title: Createdat
name:
type: string
title: Name
slug:
anyOf:
- type: string
- type: 'null'
title: Slug
email:
type: string
title: Email
image:
anyOf:
- type: string
- type: 'null'
title: Image
emailVerified:
anyOf:
- type: boolean
- type: 'null'
title: Emailverified
hasBetaAccess:
type: boolean
title: Hasbetaaccess
default: false
isBanned:
type: boolean
title: Isbanned
default: false
skipPrepay:
type: boolean
title: Skipprepay
default: false
blacklist:
items:
type: string
type: array
title: Blacklist
default: []
permissions:
additionalProperties:
items:
type: string
type: array
type: object
title: Permissions
description: 'Resolv
# --- truncated at 32 KB (75 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/prime-intellect/refs/heads/main/openapi/prime-intellect-platform-api-openapi.yml