Warden

API reference · v1

Warden API.

Four endpoints, three webhooks, one MCP server. Pick the surface that fits. Full OpenAPI spec at https://warden.flowvolt.io/openapi.json.

Authentication

Per-tenant bearer key.

Provision one key per tenant in /workspace. Send it as Authorization: Bearer wk_... on every request.

curl https://warden.flowvolt.io/api/warden/agents \
  -H "Authorization: Bearer wk_live_xxx"

POST /api/warden/agents

Register or update an agent.

Idempotent on (tenant, slug). Use this every time you spin up a new AI agent, regardless of vendor.

curl https://warden.flowvolt.io/api/warden/agents \
  -X POST \
  -H "Authorization: Bearer wk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "slug": "nora-inbox",
    "name": "Nora",
    "owner": "lars@flowvolt.io",
    "purpose": "Draft inbox replies in operator voice.",
    "model": "claude-sonnet-4-6",
    "mandate": "Draft only. Never auto-send. Cost cap 5 USD/day."
  }'

POST /api/warden/log

Log one agent action.

Auto-registers the agent as unmanaged if not seen before. Paused agents have their actions recorded as blocked.

curl https://warden.flowvolt.io/api/warden/log \
  -X POST \
  -H "Authorization: Bearer wk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "agent": "nora-inbox",
    "action_type": "draft.replied",
    "summary": "Drafted reply to ACME on pricing question.",
    "payload": { "thread_id": "abc123" },
    "status": "done",
    "cost_usd": 0.0042
  }'

GET /api/warden/public/[tenant]

Public Glass Workforce.

Unauthenticated. Returns the agents and recent audit events the tenant has chosen to publish. Used by the public Glass Workforce and per-customer trust pages.

curl https://warden.flowvolt.io/api/warden/public/flowvolt

Webhooks

Push events into your CRM, Slack, or PagerDuty.

Configure endpoints in /workspace/webhooks. Every delivery is signed with HMAC-SHA256 in the x-warden-signature header.

agent.registeredagent.updatedpassport.updatedaudit.event.loggedintake.completed
{
  "event": "audit.event.logged",
  "tenant_id": "acme",
  "occurred_at": "2026-08-02T07:00:00.000Z",
  "data": {
    "id": "evt_...",
    "agent": "nora-inbox",
    "action_type": "draft.replied",
    "status": "done",
    "summary": "Drafted reply to ACME on pricing question."
  }
}

MCP server

Talk to Warden from any AI assistant.

Streamable HTTP at https://warden.flowvolt.io/api/mcp. Discovery at /.well-known/mcp.json. Tools: register_agent, log_event, list_agents,list_recent_actions, get_passport.

Rate limits

Generous on log, strict on register.

POST /api/warden/log: 600 requests/minute per tenant.
POST /api/warden/agents: 60 requests/minute per tenant.
Breach returns 429 with a retry-after header.