75:["$","$L7e",null,{"full":true,"children":[["$","$L7f",null,{"children":"Delete an application"}],["$","$L80",null,{"children":["$","$L81",null,{"payload":{"bundled":{"openapi":"3.2.0","info":{"title":"Admiral API","description":"The Admiral REST API for managing applications, infrastructure, and deployments. See https://admiral.io/docs for complete documentation."},"paths":{"/api/v1/agent/revisions/{revision_id}/bundle":{"get":{"tags":["Cluster Agent"],"summary":"Retrieve a revision bundle","description":"The bundle contains pre-rendered Kubernetes manifests (from Helm template,\n kustomize build, or raw manifests) ready for server-side apply. The agent\n does not need to render anything -- it applies the bundle as-is.\n\n The cluster is identified by the service access token's binding. Returns\n PERMISSION_DENIED if the revision's target cluster does not match the\n SAT's cluster binding. Returns NOT_FOUND if the revision does not exist\n or has been canceled.\n\n Scope: `cluster:deploy` | Token types: `sat`","operationId":"ClusterAPI_GetRevisionBundle","parameters":[{"name":"revision_id","in":"path","description":"The revision to fetch the bundle for (UUID).","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to fetch the bundle for (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.GetRevisionBundleResponse"}}}}}}},"/api/v1/agent/revisions/{revision_id}/result":{"post":{"tags":["Cluster Agent"],"summary":"Report revision result","description":"The cluster is identified by the service access token's binding. Returns\n PERMISSION_DENIED if the revision's target cluster does not match the\n SAT's cluster binding.\n\n Scope: `cluster:deploy` | Token types: `sat`","operationId":"ClusterAPI_ReportRevisionResult","parameters":[{"name":"revision_id","in":"path","description":"The revision being reported on (UUID).","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision being reported on (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision being reported on (UUID)."},"result":{"title":"result","description":"The result of applying the revision.","$ref":"#/components/schemas/admiral.cluster.v1.RevisionResult"}},"title":"ReportRevisionResultRequest","required":["result"],"additionalProperties":false,"description":"ReportRevisionResultRequest contains the outcome of applying a workload\n revision to the cluster."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ReportRevisionResultResponse"}}}}}}},"/api/v1/agent/status":{"post":{"tags":["Cluster Agent"],"summary":"Report cluster status","description":"The cluster is identified by the service access token -- the server resolves the\n cluster from the SAT's binding. No cluster_id is required in the request.\n\n This endpoint is agent-facing and restricted to service access tokens.\n\n Scope: `cluster:status` | Token types: `sat`","operationId":"ClusterAPI_ReportClusterStatus","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ReportClusterStatusRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ReportClusterStatusResponse"}}}}}}},"/api/v1/applications":{"get":{"tags":["Applications"],"summary":"List applications","description":"Scope: `app:read`","operationId":"ApplicationAPI_ListApplications","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by application name.\n - `labels.key` -- filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by application name.\n - `labels.key` -- filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`"}},{"name":"page_size","in":"query","description":"Maximum number of applications to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of applications to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.ListApplicationsResponse"}}}}}},"post":{"tags":["Applications"],"summary":"Create an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_CreateApplication","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.CreateApplicationRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.CreateApplicationResponse"}}}}}}},"/api/v1/applications/{application.id}":{"patch":{"tags":["Applications"],"summary":"Update an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_UpdateApplication","parameters":[{"name":"application.id","in":"path","description":"Unique identifier for the application (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the application (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"application":{"title":"application","description":"The application with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.application.v1.Application"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateApplicationRequest","required":["application"],"additionalProperties":false,"description":"UpdateApplicationRequest contains the application fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.UpdateApplicationResponse"}}}}}}},"/api/v1/applications/{application_id}":{"get":{"tags":["Applications"],"summary":"Retrieve an application","description":"Scope: `app:read`","operationId":"ApplicationAPI_GetApplication","parameters":[{"name":"application_id","in":"path","description":"The unique identifier of the application (UUID).","required":true,"schema":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.GetApplicationResponse"}}}}}},"delete":{"tags":["Applications"],"summary":"Delete an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_DeleteApplication","parameters":[{"name":"application_id","in":"path","description":"The unique identifier of the application to delete (UUID).","required":true,"schema":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application to delete (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.DeleteApplicationResponse"}}}}}}},"/api/v1/clusters":{"get":{"tags":["Clusters"],"summary":"List clusters","description":"Scope: `cluster:read`","operationId":"ClusterAPI_ListClusters","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by cluster name.\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['health_status'] = 'HEALTHY' AND field['labels.region'] = 'us-east-1'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by cluster name.\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['health_status'] = 'HEALTHY' AND field['labels.region'] = 'us-east-1'`"}},{"name":"page_size","in":"query","description":"Maximum number of clusters to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of clusters to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ListClustersResponse"}}}}}},"post":{"tags":["Clusters"],"summary":"Create a cluster","description":"The response includes a `plain_text_token` -- the raw SAT secret shown\n exactly once. Deploy this token to the K8s agent (e.g., via Helm values\n or a Kubernetes Secret). The agent uses it to authenticate with\n AgentAPI.RegisterAgent on first boot.\n\n Scope: `cluster:write`","operationId":"ClusterAPI_CreateCluster","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.CreateClusterRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.CreateClusterResponse"}}}}}}},"/api/v1/clusters/{cluster.id}":{"patch":{"tags":["Clusters"],"summary":"Update a cluster","description":"Scope: `cluster:write`","operationId":"ClusterAPI_UpdateCluster","parameters":[{"name":"cluster.id","in":"path","description":"Unique identifier for the cluster (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the cluster (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"cluster":{"title":"cluster","description":"The cluster with updated fields. The `id` field is required.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.cluster.v1.Cluster"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateClusterRequest","required":["cluster"],"additionalProperties":false,"description":"UpdateClusterRequest contains the cluster fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.UpdateClusterResponse"}}}}}}},"/api/v1/clusters/{cluster_id}":{"get":{"tags":["Clusters"],"summary":"Retrieve a cluster","description":"Returns the Cluster record with its server-derived health_status. For\n detailed telemetry (node counts, resource usage, workload summary), use\n GetClusterStatus instead.\n\n Scope: `cluster:read`","operationId":"ClusterAPI_GetCluster","parameters":[{"name":"cluster_id","in":"path","description":"The unique identifier of the cluster (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.GetClusterResponse"}}}}}},"delete":{"tags":["Clusters"],"summary":"Delete a cluster","description":"Scope: `cluster:write`","operationId":"ClusterAPI_DeleteCluster","parameters":[{"name":"cluster_id","in":"path","description":"The unique identifier of the cluster to delete (UUID).\n All associated service access tokens will be revoked.","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster to delete (UUID).\n All associated service access tokens will be revoked."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.DeleteClusterResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/status":{"get":{"tags":["Clusters"],"summary":"Retrieve cluster status","description":"Returns NOT_FOUND if the cluster does not exist. If the cluster exists but\n no agent has reported telemetry yet, the response will have health_status\n PENDING and no status message.\n\n Scope: `cluster:read`","operationId":"ClusterAPI_GetClusterStatus","parameters":[{"name":"cluster_id","in":"path","description":"The unique identifier of the cluster (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.GetClusterStatusResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/tokens":{"get":{"tags":["Cluster Tokens"],"summary":"List cluster tokens","description":"Scope: `cluster:read`","operationId":"ClusterAPI_ListClusterTokens","parameters":[{"name":"cluster_id","in":"path","description":"The cluster to list tokens for (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster to list tokens for (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"}},{"name":"page_size","in":"query","description":"Maximum number of tokens to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ListClusterTokensResponse"}}}}}},"post":{"tags":["Cluster Tokens"],"summary":"Create a cluster token","description":"Use this to create additional SATs for an existing cluster (e.g., for\n zero-downtime token rotation). The initial SAT is created automatically\n by CreateCluster.\n\n Scope: `cluster:write`","operationId":"ClusterAPI_CreateClusterToken","parameters":[{"name":"cluster_id","in":"path","description":"The cluster to bind this token to (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster to bind this token to (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-agent-key\").\n Must be unique within the cluster's tokens. Lowercase alphanumeric and\n hyphens only."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateClusterTokenRequest","additionalProperties":false,"description":"CreateClusterTokenRequest contains the parameters for creating a new SAT\n bound to a cluster."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.CreateClusterTokenResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/tokens/{token_id}":{"get":{"tags":["Cluster Tokens"],"summary":"Retrieve a cluster token","description":"Scope: `cluster:read`","operationId":"ClusterAPI_GetClusterToken","parameters":[{"name":"cluster_id","in":"path","description":"The cluster the token belongs to (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster the token belongs to (UUID)."}},{"name":"token_id","in":"path","description":"The unique identifier of the token (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.GetClusterTokenResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/tokens/{token_id}/revoke":{"post":{"tags":["Cluster Tokens"],"summary":"Revoke a cluster token","description":"Scope: `cluster:write`","operationId":"ClusterAPI_RevokeClusterToken","parameters":[{"name":"cluster_id","in":"path","description":"The cluster the token belongs to (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster the token belongs to (UUID)."}},{"name":"token_id","in":"path","description":"The unique identifier of the token to revoke (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeClusterTokenRequest","additionalProperties":false,"description":"RevokeClusterTokenRequest identifies a cluster SAT to revoke."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.RevokeClusterTokenResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/workloads":{"get":{"tags":["Cluster Workloads"],"summary":"List workloads","description":"Scope: `cluster:read`","operationId":"ClusterAPI_ListWorkloads","parameters":[{"name":"cluster_id","in":"path","description":"The cluster whose workloads to list (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster whose workloads to list (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `namespace` -- filter by Kubernetes namespace.\n - `kind` -- filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name` -- filter by workload name.\n - `health_status` -- filter by workload health status.\n\n Example: `field['namespace'] = 'production' AND field['health_status'] = 'DEGRADED'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `namespace` -- filter by Kubernetes namespace.\n - `kind` -- filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name` -- filter by workload name.\n - `health_status` -- filter by workload health status.\n\n Example: `field['namespace'] = 'production' AND field['health_status'] = 'DEGRADED'`"}},{"name":"page_size","in":"query","description":"Maximum number of workloads to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of workloads to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ListWorkloadsResponse"}}}}}}},"/api/v1/clusters/{cluster_id}/workloads/status":{"post":{"tags":["Cluster Agent"],"summary":"Report workload status","description":"This endpoint is agent-facing and restricted to service access tokens.\n\n Scope: `cluster:status` | Token types: `sat`","operationId":"ClusterAPI_ReportWorkloadStatus","parameters":[{"name":"cluster_id","in":"path","description":"The cluster these workloads belong to (UUID).","required":true,"schema":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster these workloads belong to (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster these workloads belong to (UUID)."},"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.WorkloadStatus"},"title":"workloads","description":"Per-workload status snapshots."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ReportWorkloadStatusRequest","additionalProperties":false,"description":"ReportWorkloadStatusRequest contains incremental workload telemetry from a K8s agent."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.cluster.v1.ReportWorkloadStatusResponse"}}}}}}},"/api/v1/components":{"get":{"tags":["Components"],"summary":"List components","description":"The response behavior depends on the filter:\n - Filter by `application_id` only: returns application-level component\n definitions (defaults).\n - Filter by `application_id` + `environment_id`: returns the resolved\n view with environment overrides applied. Disabled components are\n included with `disabled=true`. The `has_override` field indicates\n whether the component differs from its application-level default.\n\n Scope: `app:read`","operationId":"ComponentAPI_ListComponents","parameters":[{"name":"filter","in":"query","description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (required for meaningful\n results since components always belong to an application).\n - `environment_id` -- when present, triggers the resolved view with\n environment overrides applied to each component.\n - `category` -- filter by component category (INFRASTRUCTURE, WORKLOAD).\n - `name` -- filter by component name.","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (required for meaningful\n results since components always belong to an application).\n - `environment_id` -- when present, triggers the resolved view with\n environment overrides applied to each component.\n - `category` -- filter by component category (INFRASTRUCTURE, WORKLOAD).\n - `name` -- filter by component name."}},{"name":"page_size","in":"query","description":"Maximum number of components to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of components to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.ListComponentsResponse"}}}}}},"post":{"tags":["Components"],"summary":"Create a component","description":"The component name must be unique within the application. The source must\n exist and be accessible to the caller's tenant.\n\n Scope: `app:write`","operationId":"ComponentAPI_CreateComponent","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.CreateComponentRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.CreateComponentResponse"}}}}}}},"/api/v1/components/{component.id}":{"patch":{"tags":["Components"],"summary":"Update a component","description":"When renaming a component, the server validates that no other components\n reference the old name in their values_template expressions and rejects\n the rename if references exist.\n\n Scope: `app:write`","operationId":"ComponentAPI_UpdateComponent","parameters":[{"name":"component.id","in":"path","description":"Unique identifier for the component (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the component (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"component":{"title":"component","description":"The component with updated fields. Only fields specified in\n `update_mask` are updated.","$ref":"#/components/schemas/admiral.component.v1.Component"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `source_id`, `version`,\n `values_template`, `depends_on`, `outputs`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateComponentRequest","required":["component"],"additionalProperties":false,"description":"UpdateComponentRequest contains the component fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.UpdateComponentResponse"}}}}}}},"/api/v1/components/{component_id}":{"get":{"tags":["Components"],"summary":"Retrieve a component","description":"Scope: `app:read`","operationId":"ComponentAPI_GetComponent","parameters":[{"name":"component_id","in":"path","description":"Unique identifier of the component (UUID).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.GetComponentResponse"}}}}}},"delete":{"tags":["Components"],"summary":"Delete a component","description":"Scope: `app:write`","operationId":"ComponentAPI_DeleteComponent","parameters":[{"name":"component_id","in":"path","description":"Unique identifier of the component to delete (UUID).\n Fails if other components depend on this component (via depends_on\n or output references in values_template).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component to delete (UUID).\n Fails if other components depend on this component (via depends_on\n or output references in values_template)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.DeleteComponentResponse"}}}}}}},"/api/v1/components/{component_id}/overrides":{"get":{"tags":["Components"],"summary":"List component overrides","description":"Scope: `env:read`","operationId":"ComponentAPI_ListComponentOverrides","parameters":[{"name":"component_id","in":"path","description":"Unique identifier of the component to list overrides for (UUID).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component to list overrides for (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of overrides to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of overrides to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.ListComponentOverridesResponse"}}}}}}},"/api/v1/components/{component_id}/overrides/{environment_id}":{"get":{"tags":["Components"],"summary":"Retrieve a component override","description":"Scope: `env:read`","operationId":"ComponentAPI_GetComponentOverride","parameters":[{"name":"component_id","in":"path","description":"The component (UUID).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"The component (UUID)."}},{"name":"environment_id","in":"path","description":"The environment (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The environment (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.GetComponentOverrideResponse"}}}}}},"put":{"tags":["Components"],"summary":"Set a component override","description":"For example, a \"redis\" component might use a Helm chart source in dev but\n a Terraform ElastiCache module in prod.\n\n This is an upsert -- if an override already exists for this component +\n environment combination, it is replaced.\n\n Scope: `env:write`","operationId":"ComponentAPI_SetComponentOverride","parameters":[{"name":"component_id","in":"path","description":"The component to override (UUID).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"The component to override (UUID)."}},{"name":"environment_id","in":"path","description":"The environment this override applies to (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this override applies to (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component to override (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this override applies to (UUID)."},"disabled":{"type":"boolean","title":"disabled","description":"When true, the component is not deployed in this environment."},"source_id":{"type":["string","null"],"title":"source_id","format":"uuid","description":"Override source (UUID). When set, replaces the component's default source."},"version":{"type":["string","null"],"title":"version","description":"Override version. When set, replaces the component's default version."},"values_template":{"type":["string","null"],"title":"values_template","maxLength":65536,"description":"Override values template. When set, completely replaces the component's\n default values template (no merge)."},"depends_on":{"type":"array","items":{"type":"string","format":"uuid"},"title":"depends_on","description":"Override depends_on (component UUIDs). When set, replaces the component's\n default depends_on."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Override outputs. When set, replaces the component's declared outputs."}},"title":"SetComponentOverrideRequest","additionalProperties":false,"description":"SetComponentOverrideRequest creates or replaces an environment-level override."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.SetComponentOverrideResponse"}}}}}},"delete":{"tags":["Components"],"summary":"Delete a component override","description":"Scope: `env:write`","operationId":"ComponentAPI_DeleteComponentOverride","parameters":[{"name":"component_id","in":"path","description":"The component (UUID).","required":true,"schema":{"type":"string","title":"component_id","format":"uuid","description":"The component (UUID)."}},{"name":"environment_id","in":"path","description":"The environment (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The environment (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.component.v1.DeleteComponentOverrideResponse"}}}}}}},"/api/v1/connections":{"get":{"tags":["Connections"],"summary":"List connections","description":"Scope: `connection:read`","operationId":"ConnectionAPI_ListConnections","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by connection name.\n - `type` -- filter by connection type (GIT_TOKEN, HELM_HTTP, etc.).\n - `status` -- filter by connection status (ACTIVE, ERROR, UNTESTED).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'GIT_TOKEN' AND field['status'] = 'ACTIVE'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by connection name.\n - `type` -- filter by connection type (GIT_TOKEN, HELM_HTTP, etc.).\n - `status` -- filter by connection status (ACTIVE, ERROR, UNTESTED).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'GIT_TOKEN' AND field['status'] = 'ACTIVE'`"}},{"name":"page_size","in":"query","description":"Maximum number of connections to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of connections to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.ListConnectionsResponse"}}}}}},"post":{"tags":["Connections"],"summary":"Create a connection","description":"The connection type and auth config must match -- for example, a GIT_TOKEN\n connection requires a GitTokenAuth config. The server validates connectivity\n on creation when possible and sets the initial status accordingly.\n\n Scope: `connection:write`","operationId":"ConnectionAPI_CreateConnection","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.CreateConnectionRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.CreateConnectionResponse"}}}}}}},"/api/v1/connections/{connection.id}":{"patch":{"tags":["Connections"],"summary":"Update a connection","description":"When updating auth_config, the entire auth config is replaced -- partial\n updates within the auth config oneof are not supported. Omitting auth_config\n from the update_mask leaves credentials unchanged.\n\n Scope: `connection:write`","operationId":"ConnectionAPI_UpdateConnection","parameters":[{"name":"connection.id","in":"path","description":"Unique identifier for the connection (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the connection (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"connection":{"title":"connection","description":"The connection with updated fields.\n Only fields specified in `update_mask` are updated.\n\n When updating auth_config, the entire auth config is replaced.\n Omitting auth_config from the update_mask leaves credentials unchanged.","$ref":"#/components/schemas/admiral.connection.v1.Connection"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `auth_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateConnectionRequest","required":["connection"],"additionalProperties":false,"description":"UpdateConnectionRequest contains the connection fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.UpdateConnectionResponse"}}}}}}},"/api/v1/connections/{connection_id}":{"get":{"tags":["Connections"],"summary":"Retrieve a connection","description":"Returns connection metadata and status. Sensitive credential fields are\n never included in the response.\n\n Scope: `connection:read`","operationId":"ConnectionAPI_GetConnection","parameters":[{"name":"connection_id","in":"path","description":"The unique identifier of the connection (UUID).","required":true,"schema":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.GetConnectionResponse"}}}}}},"delete":{"tags":["Connections"],"summary":"Delete a connection","description":"Scope: `connection:write`","operationId":"ConnectionAPI_DeleteConnection","parameters":[{"name":"connection_id","in":"path","description":"The unique identifier of the connection to delete (UUID).\n Fails if any sources still reference this connection.","required":true,"schema":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection to delete (UUID).\n Fails if any sources still reference this connection."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.DeleteConnectionResponse"}}}}}}},"/api/v1/connections/{connection_id}/test":{"post":{"tags":["Connections"],"summary":"Test a connection","description":"This operation makes a network call to the external system and may take\n several seconds depending on the remote endpoint.\n\n Scope: `connection:write`","operationId":"ConnectionAPI_TestConnection","parameters":[{"name":"connection_id","in":"path","description":"The unique identifier of the connection to test (UUID).","required":true,"schema":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection to test (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"connection_id":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection to test (UUID)."}},"title":"TestConnectionRequest","additionalProperties":false,"description":"TestConnectionRequest identifies a connection to validate."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.connection.v1.TestConnectionResponse"}}}}}}},"/api/v1/deployments":{"get":{"tags":["Deployments"],"summary":"List deployments","description":"Common filter fields: `application_id`, `environment_id`, `status`,\n `trigger_type`. Use to view deployment history for an environment.\n\n Scope: `deploy:read`","operationId":"DeploymentAPI_ListDeployments","parameters":[{"name":"filter","in":"query","description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- deployments for a specific application.\n - `environment_id` -- deployments to a specific environment.\n - `status` -- filter by deployment status.\n - `trigger_type` -- filter by trigger type (MANUAL, CI, DESTROY).","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- deployments for a specific application.\n - `environment_id` -- deployments to a specific environment.\n - `status` -- filter by deployment status.\n - `trigger_type` -- filter by trigger type (MANUAL, CI, DESTROY)."}},{"name":"page_size","in":"query","description":"Maximum number of deployments to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of deployments to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.ListDeploymentsResponse"}}}}}},"post":{"tags":["Deployments"],"summary":"Create a deployment","description":"The server resolves all components (with environment overrides applied),\n builds the dependency DAG, and begins rendering and executing revisions.\n\n To destroy all resources in an environment (e.g., before deleting the\n environment), set `destroy` to true. This runs Terraform destroy for\n infrastructure components and deletes workload resources from the cluster,\n in reverse dependency order.\n\n Concurrency: only one deployment can be active per application+environment\n at a time. If a deployment is already in progress (PENDING or RUNNING),\n the new deployment is queued and will start automatically when the\n current deployment completes or is cancelled.\n\n Scope: `deploy:write`","operationId":"DeploymentAPI_CreateDeployment","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.CreateDeploymentRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.CreateDeploymentResponse"}}}}}}},"/api/v1/deployments/{deployment_id}":{"get":{"tags":["Deployments"],"summary":"Retrieve a deployment","description":"Scope: `deploy:read`","operationId":"DeploymentAPI_GetDeployment","parameters":[{"name":"deployment_id","in":"path","description":"Unique identifier of the deployment (UUID).","required":true,"schema":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.GetDeploymentResponse"}}}}}}},"/api/v1/deployments/{deployment_id}/cancel":{"post":{"tags":["Deployments"],"summary":"Cancel a deployment","description":"Scope: `deploy:write`","operationId":"DeploymentAPI_CancelDeployment","parameters":[{"name":"deployment_id","in":"path","description":"Unique identifier of the deployment to cancel (UUID).","required":true,"schema":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment to cancel (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment to cancel (UUID)."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Optional reason for cancellation."}},"title":"CancelDeploymentRequest","additionalProperties":false,"description":"CancelDeploymentRequest cancels an in-progress deployment."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.CancelDeploymentResponse"}}}}}}},"/api/v1/deployments/{deployment_id}/revisions":{"get":{"tags":["Deployments"],"summary":"List revisions","description":"Scope: `deploy:read`","operationId":"DeploymentAPI_ListRevisions","parameters":[{"name":"deployment_id","in":"path","description":"Unique identifier of the deployment to list revisions for (UUID).","required":true,"schema":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment to list revisions for (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of revisions to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of revisions to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.ListRevisionsResponse"}}}}}}},"/api/v1/deployments/{deployment_id}/revisions/{revision_id}":{"get":{"tags":["Deployments"],"summary":"Retrieve a revision","description":"Scope: `deploy:read`","operationId":"DeploymentAPI_GetRevision","parameters":[{"name":"deployment_id","in":"path","description":"The deployment (UUID).","required":true,"schema":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment (UUID)."}},{"name":"revision_id","in":"path","description":"The revision (UUID).","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.GetRevisionResponse"}}}}}}},"/api/v1/deployments/{deployment_id}/revisions/{revision_id}/retry":{"post":{"tags":["Deployments"],"summary":"Retry a revision","description":"Scope: `deploy:write`","operationId":"DeploymentAPI_RetryRevision","parameters":[{"name":"deployment_id","in":"path","description":"The deployment (UUID).","required":true,"schema":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment (UUID)."}},{"name":"revision_id","in":"path","description":"The revision to retry (UUID). Must be in FAILED status.","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment (UUID)."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}},"title":"RetryRevisionRequest","additionalProperties":false,"description":"RetryRevisionRequest retries a failed revision."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.deployment.v1.RetryRevisionResponse"}}}}}}},"/api/v1/environments":{"get":{"tags":["Environments"],"summary":"List environments","description":"Scope: `env:read`","operationId":"EnvironmentAPI_ListEnvironments","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `application_id` -- filter by parent application (UUID).\n - `name` -- filter by environment name.\n - `workload_type` -- filter by workload target type (KUBERNETES).\n - `infrastructure_type` -- filter by infrastructure target type (TERRAFORM).\n - `labels.key` -- filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `application_id` -- filter by parent application (UUID).\n - `name` -- filter by environment name.\n - `workload_type` -- filter by workload target type (KUBERNETES).\n - `infrastructure_type` -- filter by infrastructure target type (TERRAFORM).\n - `labels.key` -- filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`"}},{"name":"page_size","in":"query","description":"Maximum number of environments to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of environments to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.ListEnvironmentsResponse"}}}}}},"post":{"tags":["Environments"],"summary":"Create an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_CreateEnvironment","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.CreateEnvironmentRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.CreateEnvironmentResponse"}}}}}}},"/api/v1/environments/{environment.id}":{"patch":{"tags":["Environments"],"summary":"Update an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_UpdateEnvironment","parameters":[{"name":"environment.id","in":"path","description":"Unique identifier for the environment (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the environment (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"environment":{"title":"environment","description":"The environment with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.environment.v1.Environment"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `workload_targets`,\n `infrastructure_targets`, `labels`.\n\n When updating target lists, the entire list is replaced -- there is no\n partial merge of individual targets within the list.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateEnvironmentRequest","required":["environment"],"additionalProperties":false,"description":"UpdateEnvironmentRequest contains the environment fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.UpdateEnvironmentResponse"}}}}}}},"/api/v1/environments/{environment_id}":{"get":{"tags":["Environments"],"summary":"Retrieve an environment","description":"Scope: `env:read`","operationId":"EnvironmentAPI_GetEnvironment","parameters":[{"name":"environment_id","in":"path","description":"The unique identifier of the environment (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.GetEnvironmentResponse"}}}}}},"delete":{"tags":["Environments"],"summary":"Delete an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_DeleteEnvironment","parameters":[{"name":"environment_id","in":"path","description":"The unique identifier of the environment to delete (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment to delete (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.DeleteEnvironmentResponse"}}}}}}},"/api/v1/healthcheck":{"get":{"tags":["Health"],"summary":"Check service health","description":"Healthcheck verifies that the service is running and healthy.\n Returns an empty response on success. Use this endpoint for load balancer\n health checks and monitoring systems.","operationId":"HealthcheckAPI_Healthcheck","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.healthcheck.v1.HealthcheckResponse"}}}}}}},"/api/v1/runner/heartbeat":{"post":{"tags":["Runner Execution"],"summary":"Send runner heartbeat","description":"The runner is identified by the service access token -- the server resolves the\n runner from the SAT's binding. No runner_id is required in the request.\n\n This endpoint is runner-facing and restricted to service access tokens.\n\n Scope: `runner:exec` | Token types: `sat`","operationId":"RunnerAPI_Heartbeat","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.HeartbeatRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.HeartbeatResponse"}}}}}}},"/api/v1/runner/jobs/claim":{"post":{"tags":["Runner Execution"],"summary":"Claim a job","description":"The runner is identified by the service access token -- no runner_id is required.\n\n This endpoint is runner-facing and restricted to service access tokens.\n\n Scope: `runner:exec` | Token types: `sat`","operationId":"RunnerAPI_ClaimJob","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ClaimJobRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ClaimJobResponse"}}}}}}},"/api/v1/runner/jobs/{job_id}/bundle":{"get":{"tags":["Runner Execution"],"summary":"Retrieve a job bundle","description":"The bundle contains everything the runner needs to execute the Terraform\n operation: rendered .tf files, resolved variables, provider configuration,\n backend configuration, and the required Terraform version.\n\n This endpoint is runner-facing and restricted to service access tokens.\n\n Scope: `runner:exec` | Token types: `sat`","operationId":"RunnerAPI_GetJobBundle","parameters":[{"name":"job_id","in":"path","description":"The job to fetch the bundle for (UUID).","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job to fetch the bundle for (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.GetJobBundleResponse"}}}}}}},"/api/v1/runner/jobs/{job_id}/result":{"post":{"tags":["Runner Execution"],"summary":"Report job result","description":"This endpoint is runner-facing and restricted to service access tokens.\n\n Scope: `runner:exec` | Token types: `sat`","operationId":"RunnerAPI_ReportJobResult","parameters":[{"name":"job_id","in":"path","description":"The job being reported on (UUID).","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job being reported on (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job being reported on (UUID)."},"result":{"title":"result","description":"The job result with status, outputs, and error information.","$ref":"#/components/schemas/admiral.runner.v1.JobResult"}},"title":"ReportJobResultRequest","required":["result"],"additionalProperties":false,"description":"ReportJobResultRequest contains the outcome of a completed job."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ReportJobResultResponse"}}}}}}},"/api/v1/runner/jobs/{job_id}/state":{"get":{"tags":["State Backend"],"summary":"Retrieve state for a job","description":"The server validates that the SAT's runner binding matches the runner\n assigned to this job. Returns PERMISSION_DENIED if they do not match.\n Returns NOT_FOUND if the job does not exist or has been cancelled.\n\n Maps to Terraform HTTP backend GET on the state address.\n\n Scope: `state:read` | Token types: `sat`","operationId":"StateAPI_GetState","parameters":[{"name":"job_id","in":"path","description":"The job to fetch state for (UUID). The server resolves the component\n and environment from the job's binding.","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job to fetch state for (UUID). The server resolves the component\n and environment from the job's binding."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.GetStateResponse"}}}}}},"post":{"tags":["State Backend"],"summary":"Push state for a job","description":"The server validates that the SAT's runner binding matches the runner\n assigned to this job. Returns PERMISSION_DENIED if they do not match.\n Returns FAILED_PRECONDITION if the serial is not greater than the current\n serial. Returns INVALID_ARGUMENT if the lineage does not match the\n existing state record.\n\n Maps to Terraform HTTP backend POST on the state address.\n\n Scope: `state:write` | Token types: `sat`","operationId":"StateAPI_PushState","parameters":[{"name":"job_id","in":"path","description":"The job pushing state (UUID).","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job pushing state (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job pushing state (UUID)."},"data":{"type":"string","title":"data","maxLength":67108864,"minLength":1,"format":"byte","description":"The raw Terraform state data (JSON-encoded). Maximum 64 MiB."},"md5":{"type":"string","title":"md5","minLength":1,"description":"MD5 hash of the state data."},"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"Terraform state serial number. Must be greater than the current serial."},"lineage":{"type":"string","title":"lineage","minLength":1,"description":"Terraform state lineage. Must match the existing lineage if the state\n record already exists."}},"title":"PushStateRequest","additionalProperties":false,"description":"PushStateRequest stores a new state version."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.PushStateResponse"}}}}}}},"/api/v1/runner/jobs/{job_id}/state/lock":{"post":{"tags":["State Backend"],"summary":"Lock state for a job","description":"The server validates that the SAT's runner binding matches the runner\n assigned to this job. Returns PERMISSION_DENIED if they do not match.\n Returns FAILED_PRECONDITION if the state is already locked by a different\n operation. The lock_id is generated by Terraform and must be passed to\n UnlockState.\n\n Maps to Terraform HTTP backend POST on the lock address.\n\n Scope: `state:write` | Token types: `sat`","operationId":"StateAPI_LockState","parameters":[{"name":"job_id","in":"path","description":"The job requesting the lock (UUID).","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job requesting the lock (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job requesting the lock (UUID)."},"lock_id":{"type":"string","title":"lock_id","format":"uuid","description":"Terraform-generated lock ID (UUID)."},"operation":{"type":"string","title":"operation","description":"The Terraform operation requesting the lock."},"who":{"type":"string","title":"who","description":"Identifier of who is requesting the lock."},"version":{"type":"string","title":"version","description":"Terraform/OpenTofu version of the client requesting the lock."}},"title":"LockStateRequest","additionalProperties":false,"description":"LockStateRequest acquires an exclusive lock on the job's state."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.LockStateResponse"}}}}}}},"/api/v1/runner/jobs/{job_id}/state/unlock":{"post":{"tags":["State Backend"],"summary":"Unlock state for a job","description":"The server validates that the SAT's runner binding matches the runner\n assigned to this job. Returns PERMISSION_DENIED if they do not match.\n Returns FAILED_PRECONDITION if the lock_id does not match the currently\n held lock. Returns NOT_FOUND if no lock is held.\n\n Maps to Terraform HTTP backend POST on the unlock address.\n\n Scope: `state:write` | Token types: `sat`","operationId":"StateAPI_UnlockState","parameters":[{"name":"job_id","in":"path","description":"The job releasing the lock (UUID).","required":true,"schema":{"type":"string","title":"job_id","format":"uuid","description":"The job releasing the lock (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job releasing the lock (UUID)."},"lock_id":{"type":"string","title":"lock_id","format":"uuid","description":"The lock_id to release (UUID). Must match the currently held lock."}},"title":"UnlockStateRequest","additionalProperties":false,"description":"UnlockStateRequest releases the lock on the job's state."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.UnlockStateResponse"}}}}}}},"/api/v1/runners":{"get":{"tags":["Runners"],"summary":"List runners","description":"Scope: `runner:read`","operationId":"RunnerAPI_ListRunners","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by runner name.\n - `kind` -- filter by runner kind (TERRAFORM, WORKFLOW).\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['kind'] = 'TERRAFORM' AND field['health_status'] = 'HEALTHY'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by runner name.\n - `kind` -- filter by runner kind (TERRAFORM, WORKFLOW).\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['kind'] = 'TERRAFORM' AND field['health_status'] = 'HEALTHY'`"}},{"name":"page_size","in":"query","description":"Maximum number of runners to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of runners to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ListRunnersResponse"}}}}}},"post":{"tags":["Runners"],"summary":"Create a runner","description":"The response includes a `plain_text_token` -- the raw SAT secret shown\n exactly once. Deploy this token to the runner binary for authentication.\n\n Scope: `runner:write`","operationId":"RunnerAPI_CreateRunner","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.CreateRunnerRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.CreateRunnerResponse"}}}}}}},"/api/v1/runners/{runner.id}":{"patch":{"tags":["Runners"],"summary":"Update a runner","description":"Scope: `runner:write`","operationId":"RunnerAPI_UpdateRunner","parameters":[{"name":"runner.id","in":"path","description":"Unique identifier for the runner (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the runner (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"runner":{"title":"runner","description":"The runner with updated fields. The `id` field is required.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.runner.v1.Runner"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateRunnerRequest","required":["runner"],"additionalProperties":false,"description":"UpdateRunnerRequest contains the runner fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.UpdateRunnerResponse"}}}}}}},"/api/v1/runners/{runner_id}":{"get":{"tags":["Runners"],"summary":"Retrieve a runner","description":"Returns the Runner record with its server-derived health_status. For\n detailed telemetry (active jobs, capacity), use GetRunnerStatus instead.\n\n Scope: `runner:read`","operationId":"RunnerAPI_GetRunner","parameters":[{"name":"runner_id","in":"path","description":"The unique identifier of the runner (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.GetRunnerResponse"}}}}}},"delete":{"tags":["Runners"],"summary":"Delete a runner","description":"Scope: `runner:write`","operationId":"RunnerAPI_DeleteRunner","parameters":[{"name":"runner_id","in":"path","description":"The unique identifier of the runner to delete (UUID).\n All associated service access tokens will be revoked.","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner to delete (UUID).\n All associated service access tokens will be revoked."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.DeleteRunnerResponse"}}}}}}},"/api/v1/runners/{runner_id}/jobs":{"get":{"tags":["Runner Jobs"],"summary":"List runner jobs","description":"Scope: `runner:read`","operationId":"RunnerAPI_ListRunnerJobs","parameters":[{"name":"runner_id","in":"path","description":"The runner whose jobs to list (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The runner whose jobs to list (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `status` -- filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type` -- filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `deployment_id` -- jobs for a specific deployment (UUID).\n\n Example: `field['status'] = 'RUNNING'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `status` -- filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type` -- filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `deployment_id` -- jobs for a specific deployment (UUID).\n\n Example: `field['status'] = 'RUNNING'`"}},{"name":"page_size","in":"query","description":"Maximum number of jobs to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of jobs to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ListRunnerJobsResponse"}}}}}}},"/api/v1/runners/{runner_id}/status":{"get":{"tags":["Runners"],"summary":"Retrieve runner status","description":"Returns NOT_FOUND if the runner does not exist. If the runner exists but\n has not heartbeated yet, health_status will be PENDING and status will\n be absent.\n\n Scope: `runner:read`","operationId":"RunnerAPI_GetRunnerStatus","parameters":[{"name":"runner_id","in":"path","description":"The unique identifier of the runner (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.GetRunnerStatusResponse"}}}}}}},"/api/v1/runners/{runner_id}/tokens":{"get":{"tags":["Runner Tokens"],"summary":"List runner tokens","description":"Scope: `runner:read`","operationId":"RunnerAPI_ListRunnerTokens","parameters":[{"name":"runner_id","in":"path","description":"The runner to list tokens for (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The runner to list tokens for (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"}},{"name":"page_size","in":"query","description":"Maximum number of tokens to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.ListRunnerTokensResponse"}}}}}},"post":{"tags":["Runner Tokens"],"summary":"Create a runner token","description":"Use this to create additional SATs for an existing runner (e.g., for\n zero-downtime token rotation). The initial SAT is created automatically\n by CreateRunner.\n\n Scope: `runner:write`","operationId":"RunnerAPI_CreateRunnerToken","parameters":[{"name":"runner_id","in":"path","description":"The runner to bind this token to (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The runner to bind this token to (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-runner-key\").\n Must be unique within the runner's tokens. Lowercase alphanumeric and\n hyphens only."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateRunnerTokenRequest","additionalProperties":false,"description":"CreateRunnerTokenRequest contains the parameters for creating a new SAT\n bound to a runner."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.CreateRunnerTokenResponse"}}}}}}},"/api/v1/runners/{runner_id}/tokens/{token_id}":{"get":{"tags":["Runner Tokens"],"summary":"Retrieve a runner token","description":"Scope: `runner:read`","operationId":"RunnerAPI_GetRunnerToken","parameters":[{"name":"runner_id","in":"path","description":"The runner the token belongs to (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The runner the token belongs to (UUID)."}},{"name":"token_id","in":"path","description":"The unique identifier of the token (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.GetRunnerTokenResponse"}}}}}}},"/api/v1/runners/{runner_id}/tokens/{token_id}/revoke":{"post":{"tags":["Runner Tokens"],"summary":"Revoke a runner token","description":"Scope: `runner:write`","operationId":"RunnerAPI_RevokeRunnerToken","parameters":[{"name":"runner_id","in":"path","description":"The runner the token belongs to (UUID).","required":true,"schema":{"type":"string","title":"runner_id","format":"uuid","description":"The runner the token belongs to (UUID)."}},{"name":"token_id","in":"path","description":"The unique identifier of the token to revoke (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeRunnerTokenRequest","additionalProperties":false,"description":"RevokeRunnerTokenRequest identifies a runner SAT to revoke."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.runner.v1.RevokeRunnerTokenResponse"}}}}}}},"/api/v1/sources":{"get":{"tags":["Sources"],"summary":"List sources","description":"Scope: `source:read`","operationId":"SourceAPI_ListSources","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by source name.\n - `type` -- filter by source type (TERRAFORM_REGISTRY, HELM_OCI, etc.).\n - `catalog` -- filter by catalog status (true/false).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'TERRAFORM_REGISTRY' AND field['catalog'] = 'true'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by source name.\n - `type` -- filter by source type (TERRAFORM_REGISTRY, HELM_OCI, etc.).\n - `catalog` -- filter by catalog status (true/false).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'TERRAFORM_REGISTRY' AND field['catalog'] = 'true'`"}},{"name":"page_size","in":"query","description":"Maximum number of sources to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of sources to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.ListSourcesResponse"}}}}}},"post":{"tags":["Sources"],"summary":"Create a source","description":"The source type and source_config must match -- for example, a\n TERRAFORM_REGISTRY source requires a TerraformRegistryConfig.\n\n Scope: `source:write`","operationId":"SourceAPI_CreateSource","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.CreateSourceRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.CreateSourceResponse"}}}}}}},"/api/v1/sources/{source.id}":{"patch":{"tags":["Sources"],"summary":"Update a source","description":"Scope: `source:write`","operationId":"SourceAPI_UpdateSource","parameters":[{"name":"source.id","in":"path","description":"Unique identifier for the source (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the source (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"source":{"title":"source","description":"The source with updated fields. Only fields specified in `update_mask`\n are updated.","$ref":"#/components/schemas/admiral.source.v1.Source"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `url`, `connection_id`, `catalog`,\n `source_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateSourceRequest","required":["source"],"additionalProperties":false,"description":"UpdateSourceRequest contains the source fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.UpdateSourceResponse"}}}}}}},"/api/v1/sources/{source_id}":{"get":{"tags":["Sources"],"summary":"Retrieve a source","description":"Scope: `source:read`","operationId":"SourceAPI_GetSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.GetSourceResponse"}}}}}},"delete":{"tags":["Sources"],"summary":"Delete a source","description":"Scope: `source:write`","operationId":"SourceAPI_DeleteSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to delete (UUID).\n Fails if any application components still reference this source.","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to delete (UUID).\n Fails if any application components still reference this source."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.DeleteSourceResponse"}}}}}}},"/api/v1/sources/{source_id}/inputs":{"get":{"tags":["Sources"],"summary":"Retrieve source inputs","description":"For Terraform modules, this parses HCL variable blocks using\n terraform-config-inspect. For Helm charts, this extracts values.yaml and\n optionally values.schema.json. For Kustomize and raw manifests, inputs\n are not discoverable and the response will be empty.\n\n This operation fetches and parses the external artifact in real time and\n may take several seconds.\n\n Scope: `source:read`","operationId":"SourceAPI_GetSourceInputs","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to inspect (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to inspect (UUID)."}},{"name":"version","in":"query","description":"The version to inspect. For registry sources, a semver string. For Git\n sources, a tag, branch, or commit SHA. Required.","schema":{"type":"string","title":"version","minLength":1,"description":"The version to inspect. For registry sources, a semver string. For Git\n sources, a tag, branch, or commit SHA. Required."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.GetSourceInputsResponse"}}}}}}},"/api/v1/sources/{source_id}/outputs":{"get":{"tags":["Sources"],"summary":"Retrieve source outputs","description":"Only meaningful for Terraform modules, which declare formal output blocks.\n Helm charts, Kustomize, and raw manifests do not have formal outputs --\n workload component outputs are user-declared, not discovered.\n\n This operation queries the external system in real time and may take\n several seconds.\n\n Scope: `source:read`","operationId":"SourceAPI_GetSourceOutputs","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to inspect (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to inspect (UUID)."}},{"name":"version","in":"query","description":"The version to inspect. Required.","schema":{"type":"string","title":"version","minLength":1,"description":"The version to inspect. Required."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.GetSourceOutputsResponse"}}}}}}},"/api/v1/sources/{source_id}/sync":{"post":{"tags":["Sources"],"summary":"Sync a source","description":"Use this after updating credentials on the referenced connection, or to\n force a refresh when you know the upstream has changed.\n\n This operation queries the external system in real time and may take\n several seconds.\n\n Scope: `source:write`","operationId":"SourceAPI_SyncSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to sync (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to sync (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to sync (UUID)."}},"title":"SyncSourceRequest","additionalProperties":false,"description":"SyncSourceRequest triggers a metadata refresh for a source."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.SyncSourceResponse"}}}}}}},"/api/v1/sources/{source_id}/versions":{"get":{"tags":["Sources"],"summary":"List source versions","description":"For Terraform registry sources, this calls the Module Registry Protocol's\n version listing endpoint. For Helm repositories, it parses the index.yaml.\n For OCI sources, it lists tags. For Git sources, it lists tags via\n ls-remote.\n\n This operation queries the external system in real time and may take\n several seconds.\n\n Scope: `source:read`","operationId":"SourceAPI_ListSourceVersions","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to query versions for (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to query versions for (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of versions to return. Defaults to 50.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return. Defaults to 50."}},{"name":"page_token","in":"query","description":"Opaque pagination token for fetching additional versions.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token for fetching additional versions."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.ListSourceVersionsResponse"}}}}}}},"/api/v1/states":{"get":{"tags":["State"],"summary":"List states","description":"Scope: `state:read`","operationId":"StateAPI_ListStates","parameters":[{"name":"filter","in":"query","description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `component_id` -- states for a specific component (UUID).\n - `environment_id` -- states for a specific environment (UUID).\n - `application_id` -- states for all components belonging to an\n application (UUID). The server resolves the application's components\n and returns states for all of them. Can be combined with\n `environment_id`.","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `component_id` -- states for a specific component (UUID).\n - `environment_id` -- states for a specific environment (UUID).\n - `application_id` -- states for all components belonging to an\n application (UUID). The server resolves the application's components\n and returns states for all of them. Can be combined with\n `environment_id`."}},{"name":"page_size","in":"query","description":"Maximum number of states to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of states to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.ListStatesResponse"}}}}}}},"/api/v1/states/{state_id}":{"get":{"tags":["State"],"summary":"Retrieve current state","description":"Returns NOT_FOUND if the state record does not exist.\n\n Scope: `state:read`","operationId":"StateAPI_GetCurrentState","parameters":[{"name":"state_id","in":"path","description":"The unique identifier of the state record (UUID).","required":true,"schema":{"type":"string","title":"state_id","format":"uuid","description":"The unique identifier of the state record (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.GetCurrentStateResponse"}}}}}},"delete":{"tags":["State"],"summary":"Delete a state","description":"Returns NOT_FOUND if the state record does not exist.\n Returns FAILED_PRECONDITION if the state is currently locked.\n\n Scope: `state:admin`","operationId":"StateAPI_DeleteState","parameters":[{"name":"state_id","in":"path","description":"The unique identifier of the state record to delete (UUID).\n Fails if the state is currently locked -- force-unlock first.","required":true,"schema":{"type":"string","title":"state_id","format":"uuid","description":"The unique identifier of the state record to delete (UUID).\n Fails if the state is currently locked -- force-unlock first."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.DeleteStateResponse"}}}}}}},"/api/v1/states/{state_id}/force-unlock":{"post":{"tags":["State"],"summary":"Force unlock a state","description":"Returns NOT_FOUND if the state record does not exist.\n Returns FAILED_PRECONDITION if the state has no active lock.\n This action is logged in the audit trail.\n\n Scope: `state:admin`","operationId":"StateAPI_ForceUnlockState","parameters":[{"name":"state_id","in":"path","description":"The state record to force-unlock (UUID).","required":true,"schema":{"type":"string","title":"state_id","format":"uuid","description":"The state record to force-unlock (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The state record to force-unlock (UUID)."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Reason for force-unlocking (audited). Recommended to provide context\n for why the lock is being broken (e.g., \"runner crashed during apply\")."}},"title":"ForceUnlockStateRequest","additionalProperties":false,"description":"ForceUnlockStateRequest identifies a state to force-unlock."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.ForceUnlockStateResponse"}}}}}}},"/api/v1/states/{state_id}/versions":{"get":{"tags":["State"],"summary":"List state versions","description":"Returns NOT_FOUND if the state record does not exist.\n\n Scope: `state:read`","operationId":"StateAPI_ListStateVersions","parameters":[{"name":"state_id","in":"path","description":"The state record to list versions for (UUID).","required":true,"schema":{"type":"string","title":"state_id","format":"uuid","description":"The state record to list versions for (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of versions to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.ListStateVersionsResponse"}}}}}}},"/api/v1/states/{state_id}/versions/{serial}":{"get":{"tags":["State"],"summary":"Retrieve a state version","description":"Returns NOT_FOUND if the state record does not exist or if no version\n with the specified serial exists for that state record.\n\n Scope: `state:read`","operationId":"StateAPI_GetStateVersion","parameters":[{"name":"state_id","in":"path","description":"The state record (UUID).","required":true,"schema":{"type":"string","title":"state_id","format":"uuid","description":"The state record (UUID)."}},{"name":"serial","in":"path","description":"The serial number of the version to retrieve.","required":true,"schema":{"type":["integer","string"],"title":"serial","format":"int64","description":"The serial number of the version to retrieve."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.state.v1.GetStateVersionResponse"}}}}}}},"/api/v1/user/me":{"get":{"tags":["User"],"summary":"Retrieve current user profile","description":"GetMe retrieves the profile of the currently authenticated user.\n The user is identified by the authentication token provided in the request.","operationId":"UserAPI_GetMe","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetMeResponse"}}}}}}},"/api/v1/user/tokens":{"get":{"tags":["Personal Access Tokens"],"summary":"List personal access tokens","description":"Scope: `token:read`","operationId":"UserAPI_ListPersonalAccessTokens","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED, EXPIRED).\n\n Example: `field['status'] = 'ACTIVE'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED, EXPIRED).\n\n Example: `field['status'] = 'ACTIVE'`"}},{"name":"page_size","in":"query","description":"Maximum number of tokens to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.ListPersonalAccessTokensResponse"}}}}}},"post":{"tags":["Personal Access Tokens"],"summary":"Create a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_CreatePersonalAccessToken","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.CreatePersonalAccessTokenRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.CreatePersonalAccessTokenResponse"}}}}}}},"/api/v1/user/tokens/{token_id}":{"get":{"tags":["Personal Access Tokens"],"summary":"Retrieve a personal access token","description":"Scope: `token:read`","operationId":"UserAPI_GetPersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetPersonalAccessTokenResponse"}}}}}},"patch":{"tags":["Personal Access Tokens"],"summary":"Update a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_UpdatePersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token to update (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."},"name":{"type":["string","null"],"title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"New name for the token. Must follow the same naming rules as creation.\n Omit to leave the name unchanged."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"New scopes for the token. Replaces all existing scopes.\n The server enforces that issued scopes are a subset of the caller's own\n scopes -- a token cannot grant more access than the user holds.\n Omit to leave scopes unchanged."}},"title":"UpdatePersonalAccessTokenRequest","additionalProperties":false,"description":"UpdatePersonalAccessTokenRequest contains the fields to update on a PAT.\n Only provided fields are updated; omitted fields remain unchanged."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.UpdatePersonalAccessTokenResponse"}}}}}}},"/api/v1/user/tokens/{token_id}/revoke":{"post":{"tags":["Personal Access Tokens"],"summary":"Revoke a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_RevokePersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token to revoke (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokePersonalAccessTokenRequest","additionalProperties":false,"description":"RevokePersonalAccessTokenRequest identifies a PAT to revoke."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.RevokePersonalAccessTokenResponse"}}}}}}},"/api/v1/users/{user_id}":{"get":{"tags":["User"],"summary":"Retrieve a user by ID","description":"Scope: `user:read`","operationId":"UserAPI_GetUser","parameters":[{"name":"user_id","in":"path","description":"The unique identifier of the user (UUID).","required":true,"schema":{"type":"string","title":"user_id","format":"uuid","description":"The unique identifier of the user (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetUserResponse"}}}}}}},"/api/v1/variables":{"get":{"tags":["Variables"],"summary":"List variables","description":"The returned list is a resolved view based on the provided filters:\n - No application_id or environment_id: global variables only.\n - application_id only: global + app-level variables merged.\n - application_id + environment_id: global + app + environment variables merged.\n\n When variables with the same key exist at multiple levels, all are returned\n so clients can determine precedence.\n\n Scope: `var:read`","operationId":"VariableAPI_ListVariables","parameters":[{"name":"filter","in":"query","description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (triggers merge with\n app-level variables alongside global variables).\n - `environment_id` -- scope to an environment (requires application_id;\n triggers merge with environment-level variables).\n - `sensitive` -- filter by sensitivity.\n - `type` -- filter by variable type.\n - `key` -- filter by variable key (supports prefix matching).","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (triggers merge with\n app-level variables alongside global variables).\n - `environment_id` -- scope to an environment (requires application_id;\n triggers merge with environment-level variables).\n - `sensitive` -- filter by sensitivity.\n - `type` -- filter by variable type.\n - `key` -- filter by variable key (supports prefix matching)."}},{"name":"page_size","in":"query","description":"Maximum number of variables to return per page.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of variables to return per page."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.ListVariablesResponse"}}}}}},"post":{"tags":["Variables"],"summary":"Create a variable","description":"Fails if a variable with the same key already exists at the same level\n (same key + application_id + environment_id combination).\n\n Scope: `var:write`","operationId":"VariableAPI_CreateVariable","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.CreateVariableRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.CreateVariableResponse"}}}}}}},"/api/v1/variables/{variable.id}":{"patch":{"tags":["Variables"],"summary":"Update a variable","description":"Scope: `var:write`","operationId":"VariableAPI_UpdateVariable","parameters":[{"name":"variable.id","in":"path","description":"Unique identifier for the variable (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the variable (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"variable":{"title":"variable","description":"The variable with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.variable.v1.Variable"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `value`, `sensitive`, `type`, `description`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateVariableRequest","required":["variable"],"additionalProperties":false,"description":"UpdateVariableRequest contains the variable fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.UpdateVariableResponse"}}}}}}},"/api/v1/variables/{variable_id}":{"get":{"tags":["Variables"],"summary":"Retrieve a variable","description":"Sensitive variable values are masked in the response.\n\n Scope: `var:read`","operationId":"VariableAPI_GetVariable","parameters":[{"name":"variable_id","in":"path","description":"The unique identifier of the variable (UUID).","required":true,"schema":{"type":"string","title":"variable_id","format":"uuid","description":"The unique identifier of the variable (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.GetVariableResponse"}}}}}},"delete":{"tags":["Variables"],"summary":"Delete a variable","description":"Scope: `var:write`","operationId":"VariableAPI_DeleteVariable","parameters":[{"name":"variable_id","in":"path","description":"The unique identifier of the variable to delete (UUID).","required":true,"schema":{"type":"string","title":"variable_id","format":"uuid","description":"The unique identifier of the variable to delete (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.variable.v1.DeleteVariableResponse"}}}}}}}},"components":{"schemas":{"admiral.application.v1.Application":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the application (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"inventory-api\"). Unique within\n the tenant. Lowercase alphanumeric and hyphens only, must start with a\n letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the application's purpose\n (e.g., \"Core inventory service tracking warehouse stock and fulfillment\")."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering applications\n (e.g., `{\"team\": \"logistics\", \"tier\": \"critical\"}`)."},"created_by":{"title":"created_by","description":"The user or agent who created this application (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this application (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the application was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the application was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Application","additionalProperties":false,"description":"Application represents a deployable unit within a tenant. An application\n groups manifests, dependencies, and environment configuration into a single\n entity that Admiral orchestrates across environments.","example":{"id":"a1b2c3d4-5678-9abc-def0-1234567890ab","name":"inventory-api","description":"Core inventory management service for tracking warehouse stock levels and fulfillment.","labels":{"team":"logistics","tier":"critical"},"created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-09-15T10:30:00Z","updated_at":"2025-11-02T14:22:00Z"}},"admiral.application.v1.Application.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.application.v1.CreateApplicationRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"inventory-api\"). Must be unique\n within the tenant. Lowercase alphanumeric and hyphens only."},"description":{"type":["string","null"],"title":"description","maxLength":1024,"description":"Optional longer-form description of the application's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering applications."}},"title":"CreateApplicationRequest","additionalProperties":false,"description":"CreateApplicationRequest contains the parameters for creating a new application."},"admiral.application.v1.CreateApplicationRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.application.v1.CreateApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The created application.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"CreateApplicationResponse","additionalProperties":false,"description":"CreateApplicationResponse contains the newly created application."},"admiral.application.v1.DeleteApplicationRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application to delete (UUID)."}},"title":"DeleteApplicationRequest","additionalProperties":false,"description":"DeleteApplicationRequest identifies an application to delete."},"admiral.application.v1.DeleteApplicationResponse":{"type":"object","title":"DeleteApplicationResponse","additionalProperties":false,"description":"DeleteApplicationResponse is empty on success."},"admiral.application.v1.GetApplicationRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application (UUID)."}},"title":"GetApplicationRequest","additionalProperties":false,"description":"GetApplicationRequest identifies an application to retrieve."},"admiral.application.v1.GetApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The application record.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"GetApplicationResponse","additionalProperties":false,"description":"GetApplicationResponse contains the application record."},"admiral.application.v1.ListApplicationsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by application name.\n - `labels.key` -- filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of applications to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListApplicationsRequest","additionalProperties":false,"description":"ListApplicationsRequest contains pagination and filter parameters."},"admiral.application.v1.ListApplicationsResponse":{"type":"object","properties":{"applications":{"type":"array","items":{"$ref":"#/components/schemas/admiral.application.v1.Application"},"title":"applications","description":"The list of applications."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListApplicationsResponse","additionalProperties":false,"description":"ListApplicationsResponse contains a page of applications."},"admiral.application.v1.UpdateApplicationRequest":{"type":"object","properties":{"application":{"title":"application","description":"The application with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.application.v1.Application"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateApplicationRequest","required":["application"],"additionalProperties":false,"description":"UpdateApplicationRequest contains the application fields to update."},"admiral.application.v1.UpdateApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The updated application.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"UpdateApplicationResponse","additionalProperties":false,"description":"UpdateApplicationResponse contains the updated application."},"admiral.cluster.v1.Cluster":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the cluster (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-us-east-1\"). Unique\n within the tenant. Lowercase alphanumeric and hyphens only, must start\n with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the cluster's purpose\n (e.g., \"Primary production cluster serving US East traffic\")."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering clusters\n (e.g., `{\"region\": \"us-east-1\", \"cloud\": \"aws\"}`)."},"cluster_uid":{"type":"string","title":"cluster_uid","description":"The Kubernetes kube-system namespace UID, bound at agent registration\n using a first-write-wins strategy. Used to detect when a token is\n accidentally deployed to a different physical cluster."},"health_status":{"title":"health_status","description":"Derived health status based on agent connectivity and workload state.","$ref":"#/components/schemas/admiral.cluster.v1.ClusterHealthStatus"},"created_by":{"title":"created_by","description":"The user or agent who created this cluster (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this cluster (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the cluster record was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the cluster record was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Cluster","additionalProperties":false,"description":"Cluster represents a registered Kubernetes cluster within a tenant.","example":{"id":"c3d4e5f6-7890-1abc-def0-abcdef012345","name":"prod-us-east-1","description":"Primary production cluster serving US East traffic.","labels":{"region":"us-east-1","cloud":"aws","tier":"production"},"cluster_uid":"kube-system-uid-9f8e7d6c","health_status":"CLUSTER_HEALTH_STATUS_HEALTHY","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-06-10T08:00:00Z","updated_at":"2025-11-20T16:45:00Z"}},"admiral.cluster.v1.Cluster.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.cluster.v1.ClusterHealthStatus":{"type":"string","title":"ClusterHealthStatus","enum":["CLUSTER_HEALTH_STATUS_UNSPECIFIED","CLUSTER_HEALTH_STATUS_PENDING","CLUSTER_HEALTH_STATUS_HEALTHY","CLUSTER_HEALTH_STATUS_DEGRADED","CLUSTER_HEALTH_STATUS_ERROR","CLUSTER_HEALTH_STATUS_UNREACHABLE"],"description":"ClusterHealthStatus represents the derived health state of a cluster.\n The status is computed from agent connectivity, node readiness, and workload health."},"admiral.cluster.v1.ClusterStatus":{"type":"object","properties":{"k8s_version":{"type":"string","title":"k8s_version","description":"Kubernetes version reported by the agent (e.g., \"1.29.2\")."},"node_count":{"type":"integer","title":"node_count","format":"int32","description":"Total number of nodes in the cluster."},"nodes_ready":{"type":"integer","title":"nodes_ready","format":"int32","description":"Number of nodes in Ready condition."},"pod_capacity":{"type":"integer","title":"pod_capacity","format":"int32","description":"Maximum number of pods the cluster can schedule."},"pod_count":{"type":"integer","title":"pod_count","format":"int32","description":"Total number of pods across all namespaces."},"pods_running":{"type":"integer","title":"pods_running","format":"int32","description":"Number of pods in Running phase."},"pods_pending":{"type":"integer","title":"pods_pending","format":"int32","description":"Number of pods in Pending phase."},"pods_failed":{"type":"integer","title":"pods_failed","format":"int32","description":"Number of pods in Failed phase."},"cpu_capacity_millicores":{"type":["integer","string"],"title":"cpu_capacity_millicores","format":"int64","description":"Total CPU capacity across all nodes, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all nodes, in millicores."},"memory_capacity_bytes":{"type":["integer","string"],"title":"memory_capacity_bytes","format":"int64","description":"Total memory capacity across all nodes, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all nodes, in bytes."},"workloads_total":{"type":"integer","title":"workloads_total","format":"int32","description":"Total number of tracked workloads."},"workloads_healthy":{"type":"integer","title":"workloads_healthy","format":"int32","description":"Number of workloads in healthy state."},"workloads_degraded":{"type":"integer","title":"workloads_degraded","format":"int32","description":"Number of workloads in degraded state."},"workloads_error":{"type":"integer","title":"workloads_error","format":"int32","description":"Number of workloads in error state."}},"title":"ClusterStatus","additionalProperties":false,"description":"ClusterStatus contains the raw telemetry metrics for a cluster, as reported\n by the K8s agent. This message is used in both the push payload\n (ReportClusterStatusRequest) and the read response (GetClusterStatusResponse).\n\n Server-derived fields (health_status, agent connectivity) are NOT included\n here -- they live on the Cluster and Agent records respectively, and are\n returned alongside this message in GetClusterStatusResponse."},"admiral.cluster.v1.ContainerStatus":{"type":"object","properties":{"name":{"type":"string","title":"name","description":"Container name within the pod spec."},"image":{"type":"string","title":"image","description":"Container image reference (e.g., \"registry.example.com/api:v2.1.4\")."},"restart_count":{"type":"integer","title":"restart_count","format":"int32","description":"Cumulative number of container restarts."},"state":{"type":"string","title":"state","description":"Current container state (e.g., \"running\", \"waiting\", \"terminated\")."},"ready":{"type":"boolean","title":"ready","description":"Whether the container's readiness probe is passing."}},"title":"ContainerStatus","additionalProperties":false,"description":"ContainerStatus describes the current state of a single container."},"admiral.cluster.v1.CreateClusterRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-us-east-1\"). Must be\n unique within the tenant. Lowercase alphanumeric and hyphens only."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the cluster's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering clusters\n (e.g., `{\"region\": \"us-east-1\", \"cloud\": \"aws\"}`)."}},"title":"CreateClusterRequest","additionalProperties":false,"description":"CreateClusterRequest contains the parameters for creating a new cluster."},"admiral.cluster.v1.CreateClusterRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.cluster.v1.CreateClusterResponse":{"type":"object","properties":{"cluster":{"title":"cluster","description":"The created cluster. Health status will be PENDING until an agent connects\n and calls AgentAPI.RegisterAgent.","$ref":"#/components/schemas/admiral.cluster.v1.Cluster"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw Agent Token secret (e.g., \"adms_pL2mN5oQ8rS1...\"). This value\n is shown exactly once and cannot be retrieved again. Deploy this token to\n the K8s agent for authentication.\n\n To create additional tokens (e.g., for rotation), use\n CreateClusterToken (POST /v1/clusters/{cluster_id}/tokens)."}},"title":"CreateClusterResponse","additionalProperties":false,"description":"CreateClusterResponse contains the newly created cluster and its initial\n Service Access Token (SAT)."},"admiral.cluster.v1.CreateClusterTokenRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-agent-key\").\n Must be unique within the cluster's tokens. Lowercase alphanumeric and\n hyphens only."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateClusterTokenRequest","additionalProperties":false,"description":"CreateClusterTokenRequest contains the parameters for creating a new SAT\n bound to a cluster."},"admiral.cluster.v1.CreateClusterTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The created token metadata. Scopes are auto-assigned for cluster SATs.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw token secret (e.g., \"adms_pL2mN5oQ8rS1...\"). This value is\n shown exactly once and cannot be retrieved again. Store it securely."}},"title":"CreateClusterTokenResponse","additionalProperties":false,"description":"CreateClusterTokenResponse contains the newly created SAT."},"admiral.cluster.v1.DeleteClusterRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster to delete (UUID).\n All associated service access tokens will be revoked."}},"title":"DeleteClusterRequest","additionalProperties":false,"description":"DeleteClusterRequest identifies a cluster to delete."},"admiral.cluster.v1.DeleteClusterResponse":{"type":"object","title":"DeleteClusterResponse","additionalProperties":false,"description":"DeleteClusterResponse is empty on success."},"admiral.cluster.v1.GetClusterRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster (UUID)."}},"title":"GetClusterRequest","additionalProperties":false,"description":"GetClusterRequest identifies a cluster to retrieve."},"admiral.cluster.v1.GetClusterResponse":{"type":"object","properties":{"cluster":{"title":"cluster","description":"The cluster record, including server-derived health_status.","$ref":"#/components/schemas/admiral.cluster.v1.Cluster"}},"title":"GetClusterResponse","additionalProperties":false,"description":"GetClusterResponse contains the cluster record."},"admiral.cluster.v1.GetClusterStatusRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The unique identifier of the cluster (UUID)."}},"title":"GetClusterStatusRequest","additionalProperties":false,"description":"GetClusterStatusRequest identifies a cluster whose telemetry status to retrieve."},"admiral.cluster.v1.GetClusterStatusResponse":{"type":"object","properties":{"health_status":{"title":"health_status","description":"Server-derived health status based on agent connectivity, node readiness,\n and workload health.","$ref":"#/components/schemas/admiral.cluster.v1.ClusterHealthStatus"},"status":{"title":"status","description":"Latest telemetry snapshot from the agent. Absent if no telemetry has\n been reported yet.","$ref":"#/components/schemas/admiral.cluster.v1.ClusterStatus"},"reported_at":{"title":"reported_at","description":"When the latest telemetry was reported by the agent.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"GetClusterStatusResponse","additionalProperties":false,"description":"GetClusterStatusResponse contains the server-derived health status and the\n latest telemetry snapshot. If no agent has reported telemetry yet, the\n health_status will be PENDING and status will be absent."},"admiral.cluster.v1.GetClusterTokenRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}},"title":"GetClusterTokenRequest","additionalProperties":false,"description":"GetClusterTokenRequest identifies a cluster SAT to retrieve."},"admiral.cluster.v1.GetClusterTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata. The token secret is never included.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"GetClusterTokenResponse","additionalProperties":false,"description":"GetClusterTokenResponse contains the requested cluster SAT metadata."},"admiral.cluster.v1.GetRevisionBundleRequest":{"type":"object","properties":{"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to fetch the bundle for (UUID)."}},"title":"GetRevisionBundleRequest","additionalProperties":false,"description":"GetRevisionBundleRequest identifies a revision whose artifact bundle to fetch."},"admiral.cluster.v1.GetRevisionBundleResponse":{"type":"object","properties":{"bundle":{"title":"bundle","description":"The artifact bundle with everything needed to apply the workload.","$ref":"#/components/schemas/admiral.cluster.v1.RevisionBundle"}},"title":"GetRevisionBundleResponse","additionalProperties":false,"description":"GetRevisionBundleResponse contains the rendered manifests for the revision."},"admiral.cluster.v1.ListClusterTokensRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster to list tokens for (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListClusterTokensRequest","additionalProperties":false,"description":"ListClusterTokensRequest contains pagination and filter parameters."},"admiral.cluster.v1.ListClusterTokensResponse":{"type":"object","properties":{"access_tokens":{"type":"array","items":{"$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"title":"access_tokens","description":"The list of tokens. Token secrets are never included."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListClusterTokensResponse","additionalProperties":false,"description":"ListClusterTokensResponse contains a page of cluster SAT metadata."},"admiral.cluster.v1.ListClustersRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by cluster name.\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['health_status'] = 'HEALTHY' AND field['labels.region'] = 'us-east-1'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of clusters to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListClustersRequest","additionalProperties":false,"description":"ListClustersRequest contains pagination and filter parameters."},"admiral.cluster.v1.ListClustersResponse":{"type":"object","properties":{"clusters":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.Cluster"},"title":"clusters","description":"The list of clusters."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListClustersResponse","additionalProperties":false,"description":"ListClustersResponse contains a page of clusters."},"admiral.cluster.v1.ListWorkloadsRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster whose workloads to list (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `namespace` -- filter by Kubernetes namespace.\n - `kind` -- filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name` -- filter by workload name.\n - `health_status` -- filter by workload health status.\n\n Example: `field['namespace'] = 'production' AND field['health_status'] = 'DEGRADED'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of workloads to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListWorkloadsRequest","additionalProperties":false,"description":"ListWorkloadsRequest contains pagination and filter parameters for listing\n workloads in a specific cluster."},"admiral.cluster.v1.ListWorkloadsResponse":{"type":"object","properties":{"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.Workload"},"title":"workloads","description":"The list of workloads."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListWorkloadsResponse","additionalProperties":false,"description":"ListWorkloadsResponse contains a page of workloads."},"admiral.cluster.v1.ObjectReference":{"type":"object","properties":{"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Pod\", \"ReplicaSet\")."},"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Object name."}},"title":"ObjectReference","additionalProperties":false,"description":"ObjectReference is a lightweight reference to a Kubernetes object."},"admiral.cluster.v1.ReportClusterStatusRequest":{"type":"object","properties":{"status":{"title":"status","description":"Cluster-level telemetry snapshot.","$ref":"#/components/schemas/admiral.cluster.v1.ClusterStatus"},"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.WorkloadStatus"},"title":"workloads","description":"Per-workload status snapshots."},"events":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.WorkloadEvent"},"title":"events","description":"Kubernetes events observed since the last push."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ReportClusterStatusRequest","required":["status"],"additionalProperties":false,"description":"ReportClusterStatusRequest contains a combined telemetry payload from a K8s agent.\n Admiral splits this into three storage tiers: current snapshot, time-series\n metrics, and events.\n\n The cluster is identified by the service access token's binding -- no cluster_id is\n required. The server resolves the cluster from the SAT."},"admiral.cluster.v1.ReportClusterStatusResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the report was accepted."},"next_push_seconds":{"type":"integer","title":"next_push_seconds","format":"int32","description":"Server-controlled interval (in seconds) before the agent should send\n its next status push. Allows the server to adjust push frequency dynamically."}},"title":"ReportClusterStatusResponse","additionalProperties":false,"description":"ReportClusterStatusResponse acknowledges a telemetry push."},"admiral.cluster.v1.ReportRevisionResultRequest":{"type":"object","properties":{"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision being reported on (UUID)."},"result":{"title":"result","description":"The result of applying the revision.","$ref":"#/components/schemas/admiral.cluster.v1.RevisionResult"}},"title":"ReportRevisionResultRequest","required":["result"],"additionalProperties":false,"description":"ReportRevisionResultRequest contains the outcome of applying a workload\n revision to the cluster."},"admiral.cluster.v1.ReportRevisionResultResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the result was accepted."}},"title":"ReportRevisionResultResponse","additionalProperties":false,"description":"ReportRevisionResultResponse acknowledges the result."},"admiral.cluster.v1.ReportWorkloadStatusRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster these workloads belong to (UUID)."},"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.WorkloadStatus"},"title":"workloads","description":"Per-workload status snapshots."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ReportWorkloadStatusRequest","additionalProperties":false,"description":"ReportWorkloadStatusRequest contains incremental workload telemetry from a K8s agent."},"admiral.cluster.v1.ReportWorkloadStatusResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the report was accepted."}},"title":"ReportWorkloadStatusResponse","additionalProperties":false,"description":"ReportWorkloadStatusResponse acknowledges a workload telemetry push."},"admiral.cluster.v1.RevisionBundle":{"type":"object","properties":{"artifact_url":{"type":"string","title":"artifact_url","description":"Signed URL to download the rendered manifest bundle (tar.gz containing\n ordered Kubernetes YAML manifests). Time-limited."},"artifact_checksum":{"type":"string","title":"artifact_checksum","description":"SHA-256 checksum of the artifact bundle for integrity verification."},"namespace":{"type":"string","title":"namespace","description":"The Kubernetes namespace to apply manifests into. Resolved from the\n environment's KubernetesConfig.namespace (or defaults to the environment\n name)."},"component_name":{"type":"string","title":"component_name","description":"Component name for logging and status tracking."},"version":{"type":"string","title":"version","description":"The source version being deployed (e.g., chart version, git ref)."}},"title":"RevisionBundle","additionalProperties":false,"description":"RevisionBundle contains pre-rendered Kubernetes manifests for a workload\n revision, ready for server-side apply by the K8s agent."},"admiral.cluster.v1.RevisionResult":{"type":"object","properties":{"success":{"type":"boolean","title":"success","description":"Whether the revision was applied successfully."},"error_message":{"type":"string","title":"error_message","description":"Error message if the revision failed. Empty on success."},"resources_applied":{"type":"integer","title":"resources_applied","format":"int32","description":"Number of Kubernetes resources applied."},"resources_failed":{"type":"integer","title":"resources_failed","format":"int32","description":"Number of Kubernetes resources that failed to apply."}},"title":"RevisionResult","additionalProperties":false,"description":"RevisionResult contains the outcome of applying a workload revision,\n reported by the K8s agent."},"admiral.cluster.v1.RevokeClusterTokenRequest":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The cluster the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeClusterTokenRequest","additionalProperties":false,"description":"RevokeClusterTokenRequest identifies a cluster SAT to revoke."},"admiral.cluster.v1.RevokeClusterTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata with updated status.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"RevokeClusterTokenResponse","additionalProperties":false,"description":"RevokeClusterTokenResponse contains the revoked cluster SAT metadata."},"admiral.cluster.v1.UpdateClusterRequest":{"type":"object","properties":{"cluster":{"title":"cluster","description":"The cluster with updated fields. The `id` field is required.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.cluster.v1.Cluster"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateClusterRequest","required":["cluster"],"additionalProperties":false,"description":"UpdateClusterRequest contains the cluster fields to update."},"admiral.cluster.v1.UpdateClusterResponse":{"type":"object","properties":{"cluster":{"title":"cluster","description":"The updated cluster.","$ref":"#/components/schemas/admiral.cluster.v1.Cluster"}},"title":"UpdateClusterResponse","additionalProperties":false,"description":"UpdateClusterResponse contains the updated cluster."},"admiral.cluster.v1.Workload":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"Unique identifier for the workload within Admiral (UUID)."},"cluster_id":{"type":"string","title":"cluster_id","description":"The cluster this workload belongs to (UUID)."},"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Workload name."},"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Deployment\", \"StatefulSet\", \"DaemonSet\")."},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"Kubernetes labels on the workload."},"health_status":{"title":"health_status","description":"Derived health status.","$ref":"#/components/schemas/admiral.cluster.v1.WorkloadHealthStatus"},"status_reason":{"type":"string","title":"status_reason","description":"Human-readable reason for the current status (e.g., \"MinimumReplicasUnavailable\")."},"replicas_desired":{"type":"integer","title":"replicas_desired","format":"int32","description":"Number of desired replicas."},"replicas_ready":{"type":"integer","title":"replicas_ready","format":"int32","description":"Number of ready replicas."},"replicas_available":{"type":"integer","title":"replicas_available","format":"int32","description":"Number of available replicas."},"cpu_requests_millicores":{"type":["integer","string"],"title":"cpu_requests_millicores","format":"int64","description":"CPU requests across all containers, in millicores."},"cpu_limits_millicores":{"type":["integer","string"],"title":"cpu_limits_millicores","format":"int64","description":"CPU limits across all containers, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all containers, in millicores."},"memory_requests_bytes":{"type":["integer","string"],"title":"memory_requests_bytes","format":"int64","description":"Memory requests across all containers, in bytes."},"memory_limits_bytes":{"type":["integer","string"],"title":"memory_limits_bytes","format":"int64","description":"Memory limits across all containers, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all containers, in bytes."},"containers":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.ContainerStatus"},"title":"containers","description":"Status of individual containers in this workload."},"last_updated_at":{"title":"last_updated_at","description":"When this workload's status was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Workload","additionalProperties":false,"description":"Workload represents a Kubernetes workload (Deployment, StatefulSet,\n DaemonSet, etc.) as observed by the agent."},"admiral.cluster.v1.Workload.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.cluster.v1.WorkloadEvent":{"type":"object","properties":{"uid":{"type":"string","title":"uid","description":"Kubernetes event UID, used for deduplication."},"type":{"type":"string","title":"type","description":"Event type: \"Normal\" or \"Warning\"."},"reason":{"type":"string","title":"reason","description":"Short machine-readable reason (e.g., \"BackOff\", \"FailedScheduling\")."},"regarding":{"title":"regarding","description":"The Kubernetes object this event is about.","$ref":"#/components/schemas/admiral.cluster.v1.ObjectReference"},"message":{"type":"string","title":"message","description":"Human-readable event message."},"first_seen":{"title":"first_seen","description":"When this event was first observed.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_seen":{"title":"last_seen","description":"When this event was most recently observed.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"count":{"type":"integer","title":"count","format":"int32","description":"Number of times this event has occurred."}},"title":"WorkloadEvent","additionalProperties":false,"description":"WorkloadEvent represents a Kubernetes event related to a workload or its\n child objects (pods, replicasets). Events are deduplicated by their K8s UID."},"admiral.cluster.v1.WorkloadHealthStatus":{"type":"string","title":"WorkloadHealthStatus","enum":["WORKLOAD_HEALTH_STATUS_UNSPECIFIED","WORKLOAD_HEALTH_STATUS_HEALTHY","WORKLOAD_HEALTH_STATUS_DEGRADED","WORKLOAD_HEALTH_STATUS_ERROR"],"description":"WorkloadHealthStatus represents the derived health state of a single workload."},"admiral.cluster.v1.WorkloadStatus":{"type":"object","properties":{"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Workload name."},"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Deployment\", \"StatefulSet\")."},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"Kubernetes labels on the workload."},"replicas_desired":{"type":"integer","title":"replicas_desired","format":"int32","description":"Number of desired replicas."},"replicas_ready":{"type":"integer","title":"replicas_ready","format":"int32","description":"Number of ready replicas."},"replicas_available":{"type":"integer","title":"replicas_available","format":"int32","description":"Number of available replicas."},"cpu_requests_millicores":{"type":["integer","string"],"title":"cpu_requests_millicores","format":"int64","description":"CPU requests across all containers, in millicores."},"cpu_limits_millicores":{"type":["integer","string"],"title":"cpu_limits_millicores","format":"int64","description":"CPU limits across all containers, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all containers, in millicores."},"memory_requests_bytes":{"type":["integer","string"],"title":"memory_requests_bytes","format":"int64","description":"Memory requests across all containers, in bytes."},"memory_limits_bytes":{"type":["integer","string"],"title":"memory_limits_bytes","format":"int64","description":"Memory limits across all containers, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all containers, in bytes."},"health_status":{"title":"health_status","description":"Derived health status.","$ref":"#/components/schemas/admiral.cluster.v1.WorkloadHealthStatus"},"containers":{"type":"array","items":{"$ref":"#/components/schemas/admiral.cluster.v1.ContainerStatus"},"title":"containers","description":"Status of individual containers."}},"title":"WorkloadStatus","additionalProperties":false,"description":"WorkloadStatus is the agent-reported status for a single workload within\n a telemetry push payload."},"admiral.cluster.v1.WorkloadStatus.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.common.v1.AccessToken":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the token (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"ci-deploy-key\").\n Unique within the parent resource. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"token_type":{"title":"token_type","description":"The category of this token.","$ref":"#/components/schemas/admiral.common.v1.TokenType"},"scopes":{"type":"array","items":{"type":"string"},"title":"scopes","description":"The scopes granted to this token. For PATs, these are user-selected.\n For SATs, these are auto-assigned based on the resource type."},"status":{"title":"status","description":"Current lifecycle status of the token.","$ref":"#/components/schemas/admiral.common.v1.AccessTokenStatus"},"binding_type":{"title":"binding_type","description":"The kind of resource this token is bound to.","$ref":"#/components/schemas/admiral.common.v1.BindingType"},"binding_id":{"type":"string","title":"binding_id","description":"The ID of the resource this token is bound to (UUID)."},"created_by":{"title":"created_by","description":"The user who created this token. For PATs, this is the token owner.\n For SATs, this is the administrator who issued the token.","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"expires_at":{"title":"expires_at","description":"When the token expires. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_used_at":{"title":"last_used_at","description":"When the token was last used to authenticate an API request.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_at":{"title":"created_at","description":"When the token was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"revoked_at":{"title":"revoked_at","description":"When the token was revoked. Only set when status is REVOKED.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"AccessToken","additionalProperties":false,"description":"AccessToken contains token metadata common to all token types (PAT, SAT).\n The raw token secret is never included in this message — it is only returned\n once at creation time via the `plain_text_token` field in Create responses.\n\n Token CRUD is managed by each parent resource's API:\n - PATs: UserAPI (/v1/user/tokens)\n - Cluster SATs: ClusterAPI (/v1/clusters/{id}/tokens)\n - Runner SATs: RunnerAPI (/v1/runners/{id}/tokens)","example":{"id":"9f8e7d6c-5b4a-3210-fedc-ba0987654321","name":"ci-deploy-key","token_type":"TOKEN_TYPE_PAT","scopes":["deploy:write","app:read","env:read"],"status":"ACCESS_TOKEN_STATUS_ACTIVE","binding_type":"BINDING_TYPE_USER","binding_id":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","expires_at":"2026-06-01T00:00:00Z","last_used_at":"2025-11-20T14:30:00Z","created_at":"2025-09-01T10:00:00Z"}},"admiral.common.v1.AccessTokenStatus":{"type":"string","title":"AccessTokenStatus","enum":["ACCESS_TOKEN_STATUS_UNSPECIFIED","ACCESS_TOKEN_STATUS_ACTIVE","ACCESS_TOKEN_STATUS_REVOKED","ACCESS_TOKEN_STATUS_ROTATING"],"description":"AccessTokenStatus represents the lifecycle state of an access token."},"admiral.common.v1.ActorRef":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"UUID of the user or service access token."},"display_name":{"type":"string","title":"display_name","description":"Human-readable name (e.g., \"John Smith\", \"cluster-prod-agent\")."},"email":{"type":"string","title":"email","description":"Email address (empty for non-human actors)."}},"title":"ActorRef","additionalProperties":false,"description":"ActorRef is a lightweight reference to the user or agent that performed an action.\n Server-populated on all resource responses. Clients should never send this;\n use the plain string `created_by` UUID on request messages instead."},"admiral.common.v1.AuthRule":{"type":"object","properties":{"scope":{"type":"string","title":"scope","description":"The scope required to call this RPC (e.g., \"cluster:read\").\n Empty string means any valid token is sufficient — no specific scope required."},"allowed_token_types":{"type":"array","items":{"type":"string"},"title":"allowed_token_types","description":"Restrict to specific token types (\"pat\", \"sat\", \"session\").\n Empty means all token types are allowed."}},"title":"AuthRule","additionalProperties":false,"description":"AuthRule defines the authorization requirements for an RPC method.\n Applied as a custom method option and enforced at runtime by a Connect interceptor.\n\n The presence of the option means the RPC requires authentication.\n An empty scope means any authenticated request is sufficient."},"admiral.common.v1.BindingType":{"type":"string","title":"BindingType","enum":["BINDING_TYPE_UNSPECIFIED","BINDING_TYPE_USER","BINDING_TYPE_CLUSTER","BINDING_TYPE_RUNNER"],"description":"BindingType identifies the kind of resource an access token is bound to."},"admiral.common.v1.TokenType":{"type":"string","title":"TokenType","enum":["TOKEN_TYPE_UNSPECIFIED","TOKEN_TYPE_PAT","TOKEN_TYPE_SAT"],"description":"TokenType identifies the category of an access token issued by Admiral's token system.\n IDP-issued JWTs (OAuth2/OIDC sessions) are NOT represented here — they are\n resolved by separate middleware and can be referenced as \"session\" in\n AuthRule.allowed_token_types when needed."},"admiral.component.v1.Component":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the component (UUID)."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this component belongs to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Human-readable name for this component within the application\n (e.g., \"vpc\", \"redis\", \"api-server\"). Unique within the application.\n Lowercase alphanumeric and hyphens only (1-63 chars). This name is used\n in template expressions: `{{ .component.. }}`."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the component's purpose\n (e.g., \"Primary VPC for all environments\" or \"Redis cache layer\")."},"category":{"title":"category","description":"Whether this is an infrastructure or workload component. Derived from\n the source type when the component is created, but stored explicitly\n for filtering and to determine execution behavior.","$ref":"#/components/schemas/admiral.component.v1.ComponentCategory"},"source_id":{"type":"string","title":"source_id","format":"uuid","description":"The source artifact this component deploys (UUID). References a Source\n defined via the SourceAPI."},"version":{"type":"string","title":"version","minLength":1,"description":"Pinned version of the source artifact. For registry sources, a semver\n string (e.g., \"1.2.3\"). For Git sources, a tag, branch, or commit SHA.\n Required -- components always pin a version. Use UpdateComponent to\n change the version (rolling update)."},"values_template":{"type":"string","title":"values_template","maxLength":65536,"description":"Values template that maps configuration into the source's expected inputs.\n This is a JSON-encoded object where keys are the source input names and\n values are either literal values or template expressions.\n\n Template expressions can reference:\n - Variables: `{{ .var.DATABASE_URL }}`\n - Component outputs: `{{ .component.vpc.vpc_id }}`\n - Environment metadata: `{{ .env.name }}`\n\n Example for a Terraform RDS module:\n {\n \"vpc_id\": \"{{ .component.vpc.vpc_id }}\",\n \"subnet_ids\": \"{{ .component.vpc.private_subnet_ids }}\",\n \"instance_class\": \"{{ .var.RDS_INSTANCE_CLASS }}\",\n \"engine_version\": \"15.4\"\n }\n\n Example for a Helm chart:\n {\n \"replicaCount\": \"{{ .var.REPLICA_COUNT }}\",\n \"image.repository\": \"myorg/api-server\",\n \"image.tag\": \"{{ .var.IMAGE_TAG }}\"\n }\n\n The rendering engine resolves all expressions at deployment time using\n the environment's variables and the outputs of upstream components."},"depends_on":{"type":"array","items":{"type":"string","format":"uuid"},"title":"depends_on","description":"Component IDs that must complete successfully before this component can\n be deployed (UUIDs). Must reference components within the same\n application. The deployment engine uses these, combined with implicit\n dependencies from template expressions, to build the execution DAG.\n\n Explicit depends_on is useful when there is a deployment-order dependency\n that is not captured by output references (e.g., cert-manager must be\n installed before any workload that uses TLS certificates)."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Declared outputs for this component. For infrastructure components\n (Terraform), outputs are auto-discovered from the module and this field\n is ignored. For workload components, outputs must be declared here to\n be available for template expressions in other components.\n\n See ComponentOutput for examples."},"disabled":{"type":"boolean","title":"disabled","description":"Whether this component is disabled in the resolved environment context.\n Always false on the application-level component. Set to true when\n ListComponents is called with an environment_id and the component has\n a disabled override for that environment."},"has_override":{"type":"boolean","title":"has_override","description":"Whether any field on this component has been overridden in the resolved\n environment context. Always false when ListComponents is called without\n an environment_id."},"created_by":{"title":"created_by","description":"The user or agent who created this component (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this component (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the component was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the component was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Component","additionalProperties":false,"description":"Component represents a named, deployable unit within an application. It\n binds a source artifact to an application with configuration (values\n template) that maps variables and other component outputs into the source's\n expected inputs.\n\n Components are the nodes in Admiral's dependency graph. Infrastructure\n components produce auto-discovered outputs (Terraform outputs). Workload\n components declare outputs explicitly. Other components consume these via\n template expressions. The deployment engine resolves this DAG to determine\n execution order.","example":{"id":"d4e5f6a7-8901-2bcd-ef34-567890123456","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","name":"api-server","description":"Main API server deployed via Helm chart.","category":"COMPONENT_CATEGORY_WORKLOAD","source_id":"f6a7b8c9-0123-4def-5678-901234567890","version":"2.4.1","values_template":"{\"replicaCount\": \"{{ .var.REPLICA_COUNT }}\", \"image.tag\": \"{{ .var.IMAGE_TAG }}\"}","labels":{"component-type":"service"},"depends_on":["vpc","redis"],"created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-09-16T09:00:00Z","updated_at":"2025-10-28T11:30:00Z"}},"admiral.component.v1.ComponentCategory":{"type":"string","title":"ComponentCategory","enum":["COMPONENT_CATEGORY_UNSPECIFIED","COMPONENT_CATEGORY_INFRASTRUCTURE","COMPONENT_CATEGORY_WORKLOAD"],"description":"ComponentCategory indicates whether the component provisions infrastructure\n or deploys workloads. This is derived from the source type but stored\n explicitly for filtering and to determine rendering and execution behavior."},"admiral.component.v1.ComponentOutput":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z][a-z0-9_]{0,62}$","description":"Output name used in template references. Must be a valid identifier\n (lowercase alphanumeric and underscores, e.g., \"service_host\",\n \"connection_string\"). Other components reference this as\n `{{ .component.. }}`."},"value_template":{"type":"string","title":"value_template","maxLength":4096,"minLength":1,"description":"Template expression that resolves to the output value after deployment.\n Can reference environment metadata and the component's own release info.\n\n Examples:\n \"{{ .release.name }}-redis-master.{{ .env.namespace }}.svc.cluster.local\"\n \"{{ .release.name }}-redis:6379\"\n \"http://{{ .release.name }}-grafana.{{ .env.namespace }}:3000\""},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the output's purpose."}},"title":"ComponentOutput","additionalProperties":false,"description":"ComponentOutput declares a named output value produced by a component.\n\n For infrastructure components (Terraform), outputs are auto-discovered from\n the module's output blocks and this field is ignored -- do not declare\n outputs manually for Terraform components.\n\n For workload components (Helm, Kustomize, manifests), outputs must be\n declared explicitly here to make them available for template expressions\n in other components (e.g., `{{ .component.cache.service_host }}`).\n\n Output values are template expressions resolved after the component is\n deployed. They typically reference well-known patterns from the deployed\n resources (e.g., Kubernetes service DNS names, ConfigMap keys)."},"admiral.component.v1.ComponentOverride":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component this override applies to (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this override applies to (UUID)."},"disabled":{"type":"boolean","title":"disabled","description":"When true, the component is not deployed in this environment.\n All other override fields are ignored when disabled."},"source_id":{"type":["string","null"],"title":"source_id","format":"uuid","description":"Override source for this environment (UUID). When set, this source is\n used instead of the component's default source. This may also change the\n component's effective category (e.g., switching from a Helm source to a\n Terraform source changes the component from workload to infrastructure\n in this environment)."},"version":{"type":["string","null"],"title":"version","description":"Override version for this environment. When set, this version is used\n instead of the component's default version."},"values_template":{"type":["string","null"],"title":"values_template","description":"Override values template for this environment. When set, this template\n completely replaces the component's default values template -- there is\n no merge."},"depends_on":{"type":"array","items":{"type":"string","format":"uuid"},"title":"depends_on","description":"Override depends_on for this environment (component UUIDs). When set,\n replaces the component's default depends_on list for this environment."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Override outputs for this environment. When set, replaces the component's\n declared outputs. Useful when an override changes the source type\n (e.g., Helm → Terraform) and the output templates need to change."},"created_by":{"title":"created_by","description":"The user or agent who created this override (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this override (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the override was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the override was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ComponentOverride","additionalProperties":false,"description":"ComponentOverride provides environment-level customization for a component.\n When an override exists for a component + environment combination, the\n override fields take precedence over the application-level component\n defaults during deployment.\n\n This enables patterns like:\n - Different sources per environment (Helm Redis in dev, Terraform\n ElastiCache in prod)\n - Different versions per environment (canary version in staging)\n - Different values per environment (smaller instance in dev)\n - Disabling a component in certain environments"},"admiral.component.v1.CreateComponentRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application to add this component to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Human-readable name for this component. Must be unique within the\n application. This name is used in template expressions."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the component's purpose."},"source_id":{"type":"string","title":"source_id","format":"uuid","description":"The source artifact for this component (UUID)."},"version":{"type":"string","title":"version","minLength":1,"description":"Pinned version of the source artifact."},"values_template":{"type":"string","title":"values_template","maxLength":65536,"description":"Values template mapping configuration into the source's inputs.\n See Component.values_template for template expression syntax."},"depends_on":{"type":"array","items":{"type":"string","format":"uuid"},"title":"depends_on","description":"Explicit deployment-order dependencies (component UUIDs)."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Declared outputs for workload components.\n Ignored for infrastructure components (Terraform outputs are\n auto-discovered)."}},"title":"CreateComponentRequest","additionalProperties":false,"description":"CreateComponentRequest contains the parameters for adding a component to\n an application."},"admiral.component.v1.CreateComponentResponse":{"type":"object","properties":{"component":{"title":"component","description":"The created component.","$ref":"#/components/schemas/admiral.component.v1.Component"}},"title":"CreateComponentResponse","additionalProperties":false,"description":"CreateComponentResponse contains the newly created component."},"admiral.component.v1.DeleteComponentOverrideRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment (UUID)."}},"title":"DeleteComponentOverrideRequest","additionalProperties":false,"description":"DeleteComponentOverrideRequest removes an environment-level override."},"admiral.component.v1.DeleteComponentOverrideResponse":{"type":"object","title":"DeleteComponentOverrideResponse","additionalProperties":false,"description":"DeleteComponentOverrideResponse is empty on success."},"admiral.component.v1.DeleteComponentRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component to delete (UUID).\n Fails if other components depend on this component (via depends_on\n or output references in values_template)."}},"title":"DeleteComponentRequest","additionalProperties":false,"description":"DeleteComponentRequest identifies a component to delete."},"admiral.component.v1.DeleteComponentResponse":{"type":"object","title":"DeleteComponentResponse","additionalProperties":false,"description":"DeleteComponentResponse is empty on success."},"admiral.component.v1.GetComponentOverrideRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment (UUID)."}},"title":"GetComponentOverrideRequest","additionalProperties":false,"description":"GetComponentOverrideRequest identifies a specific component + environment\n override."},"admiral.component.v1.GetComponentOverrideResponse":{"type":"object","properties":{"override":{"title":"override","description":"The override record. Empty/not-found if no override exists.","$ref":"#/components/schemas/admiral.component.v1.ComponentOverride"}},"title":"GetComponentOverrideResponse","additionalProperties":false,"description":"GetComponentOverrideResponse contains the override record."},"admiral.component.v1.GetComponentRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component (UUID)."}},"title":"GetComponentRequest","additionalProperties":false,"description":"GetComponentRequest identifies a component to retrieve."},"admiral.component.v1.GetComponentResponse":{"type":"object","properties":{"component":{"title":"component","description":"The component record (application-level defaults).","$ref":"#/components/schemas/admiral.component.v1.Component"}},"title":"GetComponentResponse","additionalProperties":false,"description":"GetComponentResponse contains the component record."},"admiral.component.v1.ListComponentOverridesRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"Unique identifier of the component to list overrides for (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of overrides to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListComponentOverridesRequest","additionalProperties":false,"description":"ListComponentOverridesRequest lists all overrides for a component."},"admiral.component.v1.ListComponentOverridesResponse":{"type":"object","properties":{"overrides":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOverride"},"title":"overrides","description":"The list of environment-level overrides for the component."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListComponentOverridesResponse","additionalProperties":false,"description":"ListComponentOverridesResponse contains all overrides for a component."},"admiral.component.v1.ListComponentsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (required for meaningful\n results since components always belong to an application).\n - `environment_id` -- when present, triggers the resolved view with\n environment overrides applied to each component.\n - `category` -- filter by component category (INFRASTRUCTURE, WORKLOAD).\n - `name` -- filter by component name."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of components to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListComponentsRequest","additionalProperties":false,"description":"ListComponentsRequest contains pagination and filter parameters.\n\n The filter controls both scoping and response behavior:\n - `application_id` in filter: returns application-level component\n definitions (defaults).\n - `application_id` + `environment_id` in filter: returns the resolved\n view with environment overrides applied. Each component reflects its\n effective source, version, values_template, depends_on, and outputs.\n Disabled components are included with `disabled=true`. Components with\n any overridden field have `has_override=true`."},"admiral.component.v1.ListComponentsResponse":{"type":"object","properties":{"components":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.Component"},"title":"components","description":"The list of components. When `environment_id` is present in the filter,\n each component reflects the resolved view with overrides applied."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListComponentsResponse","additionalProperties":false,"description":"ListComponentsResponse contains a page of components."},"admiral.component.v1.SetComponentOverrideRequest":{"type":"object","properties":{"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component to override (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this override applies to (UUID)."},"disabled":{"type":"boolean","title":"disabled","description":"When true, the component is not deployed in this environment."},"source_id":{"type":["string","null"],"title":"source_id","format":"uuid","description":"Override source (UUID). When set, replaces the component's default source."},"version":{"type":["string","null"],"title":"version","description":"Override version. When set, replaces the component's default version."},"values_template":{"type":["string","null"],"title":"values_template","maxLength":65536,"description":"Override values template. When set, completely replaces the component's\n default values template (no merge)."},"depends_on":{"type":"array","items":{"type":"string","format":"uuid"},"title":"depends_on","description":"Override depends_on (component UUIDs). When set, replaces the component's\n default depends_on."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Override outputs. When set, replaces the component's declared outputs."}},"title":"SetComponentOverrideRequest","additionalProperties":false,"description":"SetComponentOverrideRequest creates or replaces an environment-level override."},"admiral.component.v1.SetComponentOverrideResponse":{"type":"object","properties":{"override":{"title":"override","description":"The created or updated override.","$ref":"#/components/schemas/admiral.component.v1.ComponentOverride"}},"title":"SetComponentOverrideResponse","additionalProperties":false,"description":"SetComponentOverrideResponse contains the override record."},"admiral.component.v1.UpdateComponentRequest":{"type":"object","properties":{"component":{"title":"component","description":"The component with updated fields. Only fields specified in\n `update_mask` are updated.","$ref":"#/components/schemas/admiral.component.v1.Component"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `source_id`, `version`,\n `values_template`, `depends_on`, `outputs`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateComponentRequest","required":["component"],"additionalProperties":false,"description":"UpdateComponentRequest contains the component fields to update."},"admiral.component.v1.UpdateComponentResponse":{"type":"object","properties":{"component":{"title":"component","description":"The updated component.","$ref":"#/components/schemas/admiral.component.v1.Component"}},"title":"UpdateComponentResponse","additionalProperties":false,"description":"UpdateComponentResponse contains the updated component."},"admiral.connection.v1.AWSFederationConfig":{"type":"object","properties":{"role_arn":{"type":"string","title":"role_arn","minLength":1,"description":"The ARN of the IAM Role to assume (e.g., \"arn:aws:iam::123456789012:role/admiral-ecr\")."},"external_id":{"type":"string","title":"external_id","description":"Optional external ID for additional assume-role protection."},"region":{"type":"string","title":"region","description":"AWS region for regional service endpoints (e.g., \"us-east-1\")."}},"title":"AWSFederationConfig","additionalProperties":false,"description":"AWSFederationConfig holds the IAM role configuration for OIDC-based\n authentication to AWS services (ECR, S3, Terraform provider).\n\n Setup: Create an IAM Role with a trust policy that accepts Admiral's OIDC\n issuer (https://oidc.admiral.io) and conditions on the `tenant_id` claim\n matching your Admiral tenant."},"admiral.connection.v1.AWSStaticAuth":{"type":"object","properties":{"access_key_id":{"type":"string","title":"access_key_id","minLength":1,"description":"AWS access key ID."},"secret_access_key":{"type":"string","title":"secret_access_key","description":"AWS secret access key.\n Write-only: masked in responses."},"region":{"type":"string","title":"region","description":"AWS region for regional service endpoints."}},"title":"AWSStaticAuth","additionalProperties":false,"description":"AWSStaticAuth holds static AWS credentials. Prefer AWSFederationConfig\n (OIDC) instead. Static credentials require manual rotation and present a\n security risk if compromised."},"admiral.connection.v1.AzureFederationConfig":{"type":"object","properties":{"azure_tenant_id":{"type":"string","title":"azure_tenant_id","minLength":1,"description":"Azure AD tenant ID (directory ID)."},"client_id":{"type":"string","title":"client_id","minLength":1,"description":"Application (client) ID of the Azure AD app registration."}},"title":"AzureFederationConfig","additionalProperties":false,"description":"AzureFederationConfig holds the federated credential configuration for\n OIDC-based authentication to Azure services (ACR, Terraform).\n\n Setup: Create a Federated Identity Credential on your Azure AD app\n registration that trusts Admiral's OIDC issuer with your tenant_id claim."},"admiral.connection.v1.AzureStaticAuth":{"type":"object","properties":{"azure_tenant_id":{"type":"string","title":"azure_tenant_id","minLength":1,"description":"Azure AD tenant ID (directory ID)."},"client_id":{"type":"string","title":"client_id","minLength":1,"description":"Application (client) ID."},"client_secret":{"type":"string","title":"client_secret","description":"Client secret.\n Write-only: masked in responses."}},"title":"AzureStaticAuth","additionalProperties":false,"description":"AzureStaticAuth holds static Azure service principal credentials. Prefer\n AzureFederationConfig (Federated Credential) instead."},"admiral.connection.v1.BasicAuth":{"type":"object","properties":{"username":{"type":"string","title":"username","minLength":1,"description":"Username for authentication."},"password":{"type":"string","title":"password","description":"Password or token for authentication.\n Write-only: masked in responses."}},"title":"BasicAuth","additionalProperties":false,"description":"BasicAuth holds username/password credentials for OCI registries and other\n systems that use basic authentication."},"admiral.connection.v1.BearerTokenAuth":{"type":"object","properties":{"token":{"type":"string","title":"token","description":"Bearer token value.\n Write-only: masked in responses."}},"title":"BearerTokenAuth","additionalProperties":false,"description":"BearerTokenAuth holds a bearer token for systems that use token-based\n authentication (e.g., private Terraform registries)."},"admiral.connection.v1.Connection":{"type":"object","allOf":[{"properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the connection (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"github-org\", \"ecr-prod\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of what this connection is for\n (e.g., \"Read-only access to the platform team's GitHub org\")."},"type":{"title":"type","description":"The type of external system and authentication mechanism.","$ref":"#/components/schemas/admiral.connection.v1.ConnectionType"},"status":{"title":"status","description":"Current health status of the connection's credentials.","$ref":"#/components/schemas/admiral.connection.v1.ConnectionStatus"},"status_message":{"type":"string","title":"status_message","description":"Human-readable message when status is ERROR (e.g., \"401 Unauthorized:\n token expired\"). Empty when status is ACTIVE or UNTESTED."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering connections\n (e.g., `{\"team\": \"platform\", \"environment\": \"prod\"}`)."},"created_by":{"title":"created_by","description":"The user or agent who created this connection (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this connection (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the connection was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the connection was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_tested_at":{"title":"last_tested_at","description":"When the connection was last tested (via TestConnection or auto-validation).\n Absent if never tested.","$ref":"#/components/schemas/google.protobuf.Timestamp"}}},{"oneOf":[{"type":"object","properties":{"aws_federation":{"title":"aws_federation","description":"AWS OIDC federation (for CONNECTION_TYPE_CLOUD_AWS).","$ref":"#/components/schemas/admiral.connection.v1.AWSFederationConfig"}},"title":"aws_federation","required":["aws_federation"]},{"type":"object","properties":{"aws_static":{"title":"aws_static","description":"AWS static credentials (for CONNECTION_TYPE_CLOUD_AWS_STATIC, deprecated).","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.AWSStaticAuth"}},"title":"aws_static","required":["aws_static"]},{"type":"object","properties":{"azure_federation":{"title":"azure_federation","description":"Azure Federated Credential (for CONNECTION_TYPE_CLOUD_AZURE).","$ref":"#/components/schemas/admiral.connection.v1.AzureFederationConfig"}},"title":"azure_federation","required":["azure_federation"]},{"type":"object","properties":{"azure_static":{"title":"azure_static","description":"Azure static credentials (for CONNECTION_TYPE_CLOUD_AZURE_STATIC, deprecated).","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.AzureStaticAuth"}},"title":"azure_static","required":["azure_static"]},{"type":"object","properties":{"bearer_token":{"title":"bearer_token","description":"Bearer token (for CONNECTION_TYPE_TERRAFORM_REGISTRY).","$ref":"#/components/schemas/admiral.connection.v1.BearerTokenAuth"}},"title":"bearer_token","required":["bearer_token"]},{"type":"object","properties":{"gcp_federation":{"title":"gcp_federation","description":"GCP Workload Identity (for CONNECTION_TYPE_CLOUD_GCP).","$ref":"#/components/schemas/admiral.connection.v1.GCPFederationConfig"}},"title":"gcp_federation","required":["gcp_federation"]},{"type":"object","properties":{"gcp_static":{"title":"gcp_static","description":"GCP static credentials (for CONNECTION_TYPE_CLOUD_GCP_STATIC, deprecated).","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.GCPStaticAuth"}},"title":"gcp_static","required":["gcp_static"]},{"type":"object","properties":{"git_github_app":{"title":"git_github_app","description":"GitHub App credentials (for CONNECTION_TYPE_GIT_GITHUB_APP).","$ref":"#/components/schemas/admiral.connection.v1.GitHubAppAuth"}},"title":"git_github_app","required":["git_github_app"]},{"type":"object","properties":{"git_ssh":{"title":"git_ssh","description":"Git SSH key (for CONNECTION_TYPE_GIT_SSH).","$ref":"#/components/schemas/admiral.connection.v1.GitSSHAuth"}},"title":"git_ssh","required":["git_ssh"]},{"type":"object","properties":{"git_token":{"title":"git_token","description":"Git HTTPS token (for CONNECTION_TYPE_GIT_TOKEN).","$ref":"#/components/schemas/admiral.connection.v1.GitTokenAuth"}},"title":"git_token","required":["git_token"]},{"type":"object","properties":{"helm_http":{"title":"helm_http","description":"Helm HTTP basic auth (for CONNECTION_TYPE_HELM_HTTP).","$ref":"#/components/schemas/admiral.connection.v1.HelmHTTPAuth"}},"title":"helm_http","required":["helm_http"]},{"type":"object","properties":{"oci_basic":{"title":"oci_basic","description":"OCI registry basic auth (for CONNECTION_TYPE_OCI_BASIC).","$ref":"#/components/schemas/admiral.connection.v1.BasicAuth"}},"title":"oci_basic","required":["oci_basic"]}]}],"title":"Connection","additionalProperties":false,"description":"Connection represents stored credentials for accessing an external system.\n Connections are tenant-scoped and referenced by sources when fetching artifacts.\n\n Sensitive fields within auth_config are write-only -- they are accepted on\n create and update but never returned in API responses.","example":{"id":"b8c9d0e1-2345-6fab-cdef-0123456789ab","name":"ecr-prod","description":"Read-only access to production ECR registry for container image pulls.","type":"CONNECTION_TYPE_DOCKER_REGISTRY","status":"CONNECTION_STATUS_ACTIVE","labels":{"cloud":"aws","team":"platform"},"created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-07-20T14:00:00Z","updated_at":"2025-10-15T10:30:00Z","last_tested_at":"2025-11-01T08:00:00Z"}},"admiral.connection.v1.Connection.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.connection.v1.ConnectionStatus":{"type":"string","title":"ConnectionStatus","enum":["CONNECTION_STATUS_UNSPECIFIED","CONNECTION_STATUS_ACTIVE","CONNECTION_STATUS_ERROR","CONNECTION_STATUS_UNTESTED"],"description":"ConnectionStatus represents the health state of a connection's credentials."},"admiral.connection.v1.ConnectionType":{"type":"string","title":"ConnectionType","enum":["CONNECTION_TYPE_UNSPECIFIED","CONNECTION_TYPE_GIT_TOKEN","CONNECTION_TYPE_GIT_SSH","CONNECTION_TYPE_GIT_GITHUB_APP","CONNECTION_TYPE_HELM_HTTP","CONNECTION_TYPE_OCI_BASIC","CONNECTION_TYPE_CLOUD_AWS","CONNECTION_TYPE_CLOUD_GCP","CONNECTION_TYPE_CLOUD_AZURE","CONNECTION_TYPE_CLOUD_AWS_STATIC","CONNECTION_TYPE_CLOUD_GCP_STATIC","CONNECTION_TYPE_CLOUD_AZURE_STATIC","CONNECTION_TYPE_TERRAFORM_REGISTRY","CONNECTION_TYPE_S3","CONNECTION_TYPE_GCS"],"description":"ConnectionType identifies the kind of external system and authentication\n mechanism a connection uses."},"admiral.connection.v1.CreateConnectionRequest":{"type":"object","allOf":[{"properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"github-org\", \"ecr-prod\").\n Must be unique within the tenant."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the connection's purpose."},"type":{"not":{"enum":["CONNECTION_TYPE_UNSPECIFIED"]},"title":"type","description":"The type of external system and authentication mechanism.","$ref":"#/components/schemas/admiral.connection.v1.ConnectionType"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering connections."}}},{"oneOf":[{"type":"object","properties":{"aws_federation":{"title":"aws_federation","$ref":"#/components/schemas/admiral.connection.v1.AWSFederationConfig"}},"title":"aws_federation","required":["aws_federation"]},{"type":"object","properties":{"aws_static":{"title":"aws_static","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.AWSStaticAuth"}},"title":"aws_static","required":["aws_static"]},{"type":"object","properties":{"azure_federation":{"title":"azure_federation","$ref":"#/components/schemas/admiral.connection.v1.AzureFederationConfig"}},"title":"azure_federation","required":["azure_federation"]},{"type":"object","properties":{"azure_static":{"title":"azure_static","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.AzureStaticAuth"}},"title":"azure_static","required":["azure_static"]},{"type":"object","properties":{"bearer_token":{"title":"bearer_token","$ref":"#/components/schemas/admiral.connection.v1.BearerTokenAuth"}},"title":"bearer_token","required":["bearer_token"]},{"type":"object","properties":{"gcp_federation":{"title":"gcp_federation","$ref":"#/components/schemas/admiral.connection.v1.GCPFederationConfig"}},"title":"gcp_federation","required":["gcp_federation"]},{"type":"object","properties":{"gcp_static":{"title":"gcp_static","deprecated":true,"$ref":"#/components/schemas/admiral.connection.v1.GCPStaticAuth"}},"title":"gcp_static","required":["gcp_static"]},{"type":"object","properties":{"git_github_app":{"title":"git_github_app","$ref":"#/components/schemas/admiral.connection.v1.GitHubAppAuth"}},"title":"git_github_app","required":["git_github_app"]},{"type":"object","properties":{"git_ssh":{"title":"git_ssh","$ref":"#/components/schemas/admiral.connection.v1.GitSSHAuth"}},"title":"git_ssh","required":["git_ssh"]},{"type":"object","properties":{"git_token":{"title":"git_token","$ref":"#/components/schemas/admiral.connection.v1.GitTokenAuth"}},"title":"git_token","required":["git_token"]},{"type":"object","properties":{"helm_http":{"title":"helm_http","$ref":"#/components/schemas/admiral.connection.v1.HelmHTTPAuth"}},"title":"helm_http","required":["helm_http"]},{"type":"object","properties":{"oci_basic":{"title":"oci_basic","$ref":"#/components/schemas/admiral.connection.v1.BasicAuth"}},"title":"oci_basic","required":["oci_basic"]}]}],"title":"CreateConnectionRequest","additionalProperties":false,"description":"CreateConnectionRequest contains the parameters for creating a new connection."},"admiral.connection.v1.CreateConnectionRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.connection.v1.CreateConnectionResponse":{"type":"object","properties":{"connection":{"title":"connection","description":"The created connection. Auth config sensitive fields are masked.","$ref":"#/components/schemas/admiral.connection.v1.Connection"}},"title":"CreateConnectionResponse","additionalProperties":false,"description":"CreateConnectionResponse contains the newly created connection."},"admiral.connection.v1.DeleteConnectionRequest":{"type":"object","properties":{"connection_id":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection to delete (UUID).\n Fails if any sources still reference this connection."}},"title":"DeleteConnectionRequest","additionalProperties":false,"description":"DeleteConnectionRequest identifies a connection to delete."},"admiral.connection.v1.DeleteConnectionResponse":{"type":"object","title":"DeleteConnectionResponse","additionalProperties":false,"description":"DeleteConnectionResponse is empty on success."},"admiral.connection.v1.GCPFederationConfig":{"type":"object","properties":{"project_number":{"type":"string","title":"project_number","minLength":1,"description":"GCP project number (numeric, not project ID)."},"pool_id":{"type":"string","title":"pool_id","minLength":1,"description":"Workload Identity Pool ID."},"provider_id":{"type":"string","title":"provider_id","minLength":1,"description":"Workload Identity Provider ID within the pool."},"service_account_email":{"type":"string","title":"service_account_email","minLength":1,"description":"Email of the GCP service account to impersonate."}},"title":"GCPFederationConfig","additionalProperties":false,"description":"GCPFederationConfig holds the Workload Identity Federation configuration for\n OIDC-based authentication to GCP services (Artifact Registry, GCS, Terraform).\n\n Setup: Create a Workload Identity Pool and Provider that trusts Admiral's\n OIDC issuer, then grant the service account access to the required resources."},"admiral.connection.v1.GCPStaticAuth":{"type":"object","properties":{"service_account_json":{"type":"string","title":"service_account_json","description":"JSON-encoded service account key.\n Write-only: masked in responses."}},"title":"GCPStaticAuth","additionalProperties":false,"description":"GCPStaticAuth holds a static GCP service account key. Prefer\n GCPFederationConfig (Workload Identity) instead."},"admiral.connection.v1.GetConnectionRequest":{"type":"object","properties":{"connection_id":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection (UUID)."}},"title":"GetConnectionRequest","additionalProperties":false,"description":"GetConnectionRequest identifies a connection to retrieve."},"admiral.connection.v1.GetConnectionResponse":{"type":"object","properties":{"connection":{"title":"connection","description":"The connection record. Sensitive credential fields are masked.","$ref":"#/components/schemas/admiral.connection.v1.Connection"}},"title":"GetConnectionResponse","additionalProperties":false,"description":"GetConnectionResponse contains the connection record."},"admiral.connection.v1.GitHubAppAuth":{"type":"object","properties":{"app_id":{"type":"string","title":"app_id","minLength":1,"description":"The GitHub App's numeric ID."},"installation_id":{"type":"string","title":"installation_id","minLength":1,"description":"The installation ID for the target organization or repository."},"private_key":{"type":"string","title":"private_key","description":"PEM-encoded private key for the GitHub App.\n Write-only: masked in responses."}},"title":"GitHubAppAuth","additionalProperties":false,"description":"GitHubAppAuth holds GitHub App credentials for Git operations.\n Preferred over personal tokens for organizations -- provides granular\n repository permissions and a better audit trail."},"admiral.connection.v1.GitSSHAuth":{"type":"object","properties":{"private_key":{"type":"string","title":"private_key","description":"PEM-encoded SSH private key.\n Write-only: masked in responses."},"passphrase":{"type":"string","title":"passphrase","description":"Optional passphrase for the private key.\n Write-only: masked in responses."}},"title":"GitSSHAuth","additionalProperties":false,"description":"GitSSHAuth holds SSH key credentials for Git operations."},"admiral.connection.v1.GitTokenAuth":{"type":"object","properties":{"token":{"type":"string","title":"token","description":"Personal access token, OAuth token, or bot token.\n Write-only: masked in responses."}},"title":"GitTokenAuth","additionalProperties":false,"description":"GitTokenAuth holds HTTPS token credentials for Git operations."},"admiral.connection.v1.HelmHTTPAuth":{"type":"object","properties":{"username":{"type":"string","title":"username","minLength":1,"description":"Username for basic authentication."},"password":{"type":"string","title":"password","description":"Password for basic authentication.\n Write-only: masked in responses."}},"title":"HelmHTTPAuth","additionalProperties":false,"description":"HelmHTTPAuth holds basic auth credentials for classic Helm HTTP repositories."},"admiral.connection.v1.ListConnectionsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by connection name.\n - `type` -- filter by connection type (GIT_TOKEN, HELM_HTTP, etc.).\n - `status` -- filter by connection status (ACTIVE, ERROR, UNTESTED).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'GIT_TOKEN' AND field['status'] = 'ACTIVE'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of connections to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListConnectionsRequest","additionalProperties":false,"description":"ListConnectionsRequest contains pagination and filter parameters."},"admiral.connection.v1.ListConnectionsResponse":{"type":"object","properties":{"connections":{"type":"array","items":{"$ref":"#/components/schemas/admiral.connection.v1.Connection"},"title":"connections","description":"The list of connections. Sensitive credential fields are masked."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListConnectionsResponse","additionalProperties":false,"description":"ListConnectionsResponse contains a page of connections."},"admiral.connection.v1.TestConnectionRequest":{"type":"object","properties":{"connection_id":{"type":"string","title":"connection_id","format":"uuid","description":"The unique identifier of the connection to test (UUID)."}},"title":"TestConnectionRequest","additionalProperties":false,"description":"TestConnectionRequest identifies a connection to validate."},"admiral.connection.v1.TestConnectionResponse":{"type":"object","properties":{"connection":{"title":"connection","description":"The updated connection with refreshed status and last_tested_at.","$ref":"#/components/schemas/admiral.connection.v1.Connection"},"success":{"type":"boolean","title":"success","description":"Whether the test succeeded."},"message":{"type":"string","title":"message","description":"Human-readable message describing the test result. On failure, includes\n the error details (e.g., \"401 Unauthorized: token expired\")."}},"title":"TestConnectionResponse","additionalProperties":false,"description":"TestConnectionResponse contains the result of the connectivity test."},"admiral.connection.v1.UpdateConnectionRequest":{"type":"object","properties":{"connection":{"title":"connection","description":"The connection with updated fields.\n Only fields specified in `update_mask` are updated.\n\n When updating auth_config, the entire auth config is replaced.\n Omitting auth_config from the update_mask leaves credentials unchanged.","$ref":"#/components/schemas/admiral.connection.v1.Connection"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `auth_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateConnectionRequest","required":["connection"],"additionalProperties":false,"description":"UpdateConnectionRequest contains the connection fields to update."},"admiral.connection.v1.UpdateConnectionResponse":{"type":"object","properties":{"connection":{"title":"connection","description":"The updated connection. Sensitive credential fields are masked.","$ref":"#/components/schemas/admiral.connection.v1.Connection"}},"title":"UpdateConnectionResponse","additionalProperties":false,"description":"UpdateConnectionResponse contains the updated connection."},"admiral.deployment.v1.CancelDeploymentRequest":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment to cancel (UUID)."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Optional reason for cancellation."}},"title":"CancelDeploymentRequest","additionalProperties":false,"description":"CancelDeploymentRequest cancels an in-progress deployment."},"admiral.deployment.v1.CancelDeploymentResponse":{"type":"object","properties":{"deployment":{"title":"deployment","description":"The cancelled deployment.","$ref":"#/components/schemas/admiral.deployment.v1.Deployment"}},"title":"CancelDeploymentResponse","additionalProperties":false,"description":"CancelDeploymentResponse contains the updated deployment."},"admiral.deployment.v1.CreateDeploymentRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application to deploy (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment (UUID)."},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing this deployment."},"destroy":{"type":"boolean","title":"destroy","description":"Destroy all resources in the environment. Runs Terraform destroy for\n infra components and deletes workload resources from the cluster, in\n reverse dependency order. Required before deleting an environment that\n has active resources."}},"title":"CreateDeploymentRequest","additionalProperties":false,"description":"CreateDeploymentRequest triggers a new deployment."},"admiral.deployment.v1.CreateDeploymentResponse":{"type":"object","properties":{"deployment":{"title":"deployment","description":"The created deployment. Status will be PENDING initially.","$ref":"#/components/schemas/admiral.deployment.v1.Deployment"}},"title":"CreateDeploymentResponse","additionalProperties":false,"description":"CreateDeploymentResponse contains the newly created deployment."},"admiral.deployment.v1.Deployment":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the deployment (UUID)."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application being deployed (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment (UUID)."},"status":{"title":"status","description":"Composite status derived from all component revisions.","$ref":"#/components/schemas/admiral.deployment.v1.DeploymentStatus"},"trigger_type":{"title":"trigger_type","description":"What triggered this deployment.","$ref":"#/components/schemas/admiral.deployment.v1.DeploymentTriggerType"},"triggered_by":{"type":"string","title":"triggered_by","format":"uuid","description":"UUID of the user that triggered the deployment."},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing the deployment (e.g., \"Deploying v2.1.0\n with new caching layer\" or \"Rolling back to stable after API errors\")."},"destroy":{"type":"boolean","title":"destroy","description":"Whether this is a destroy deployment. Destroy deployments tear down all\n resources in the environment: Terraform destroy for infra components,\n resource deletion for workload components. Executed in reverse dependency\n order. Required before an environment with active resources can be deleted."},"revision_summary":{"title":"revision_summary","description":"Summary counts for quick status display.","$ref":"#/components/schemas/admiral.deployment.v1.RevisionSummary"},"created_at":{"title":"created_at","description":"When the deployment was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"completed_at":{"title":"completed_at","description":"When the deployment finished (all revisions completed, failed, or\n cancelled). Absent while the deployment is in progress.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Deployment","additionalProperties":false,"description":"Deployment represents a single deployment of an application to an\n environment. Each deployment produces one Revision per component. The\n deployment tracks the composite status across all revisions and provides\n the audit trail for what was deployed, when, and by whom.","example":{"id":"7e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","environment_id":"e5f6a7b8-9012-3cde-f456-789012345678","status":"DEPLOYMENT_STATUS_SUCCEEDED","version":"42","description":"Deploy v2.4.1 with updated ingress rules","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-11-20T14:00:00Z","updated_at":"2025-11-20T14:12:00Z","completed_at":"2025-11-20T14:12:00Z"}},"admiral.deployment.v1.DeploymentStatus":{"type":"string","title":"DeploymentStatus","enum":["DEPLOYMENT_STATUS_UNSPECIFIED","DEPLOYMENT_STATUS_PENDING","DEPLOYMENT_STATUS_QUEUED","DEPLOYMENT_STATUS_RUNNING","DEPLOYMENT_STATUS_SUCCEEDED","DEPLOYMENT_STATUS_PARTIALLY_FAILED","DEPLOYMENT_STATUS_FAILED","DEPLOYMENT_STATUS_CANCELLED"],"description":"DeploymentStatus represents the composite status of a deployment, derived\n from the statuses of all its component revisions."},"admiral.deployment.v1.DeploymentTriggerType":{"type":"string","title":"DeploymentTriggerType","enum":["DEPLOYMENT_TRIGGER_TYPE_UNSPECIFIED","DEPLOYMENT_TRIGGER_TYPE_MANUAL","DEPLOYMENT_TRIGGER_TYPE_CI","DEPLOYMENT_TRIGGER_TYPE_DESTROY"],"description":"DeploymentTriggerType indicates what initiated the deployment."},"admiral.deployment.v1.GetDeploymentRequest":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment (UUID)."}},"title":"GetDeploymentRequest","additionalProperties":false,"description":"GetDeploymentRequest identifies a deployment to retrieve."},"admiral.deployment.v1.GetDeploymentResponse":{"type":"object","properties":{"deployment":{"title":"deployment","description":"The deployment record with current status.","$ref":"#/components/schemas/admiral.deployment.v1.Deployment"}},"title":"GetDeploymentResponse","additionalProperties":false,"description":"GetDeploymentResponse contains the deployment record."},"admiral.deployment.v1.GetRevisionRequest":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment (UUID)."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision (UUID)."}},"title":"GetRevisionRequest","additionalProperties":false,"description":"GetRevisionRequest identifies a revision within a deployment."},"admiral.deployment.v1.GetRevisionResponse":{"type":"object","properties":{"revision":{"title":"revision","description":"The revision record with current status and artifacts.","$ref":"#/components/schemas/admiral.deployment.v1.Revision"}},"title":"GetRevisionResponse","additionalProperties":false,"description":"GetRevisionResponse contains the revision record."},"admiral.deployment.v1.ListDeploymentsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- deployments for a specific application.\n - `environment_id` -- deployments to a specific environment.\n - `status` -- filter by deployment status.\n - `trigger_type` -- filter by trigger type (MANUAL, CI, DESTROY)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of deployments to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListDeploymentsRequest","additionalProperties":false,"description":"ListDeploymentsRequest contains pagination and filter parameters."},"admiral.deployment.v1.ListDeploymentsResponse":{"type":"object","properties":{"deployments":{"type":"array","items":{"$ref":"#/components/schemas/admiral.deployment.v1.Deployment"},"title":"deployments","description":"The list of deployments, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListDeploymentsResponse","additionalProperties":false,"description":"ListDeploymentsResponse contains a page of deployments."},"admiral.deployment.v1.ListRevisionsRequest":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"Unique identifier of the deployment to list revisions for (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of revisions to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRevisionsRequest","additionalProperties":false,"description":"ListRevisionsRequest lists all revisions for a deployment."},"admiral.deployment.v1.ListRevisionsResponse":{"type":"object","properties":{"revisions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.deployment.v1.Revision"},"title":"revisions","description":"The list of revisions, ordered by dependency graph (upstream first)."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRevisionsResponse","additionalProperties":false,"description":"ListRevisionsResponse contains all revisions for a deployment."},"admiral.deployment.v1.RetryRevisionRequest":{"type":"object","properties":{"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment (UUID)."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}},"title":"RetryRevisionRequest","additionalProperties":false,"description":"RetryRevisionRequest retries a failed revision."},"admiral.deployment.v1.RetryRevisionResponse":{"type":"object","properties":{"revision":{"title":"revision","description":"The retried revision. Status resets and retry_count is incremented.\n Downstream revisions that were BLOCKED will automatically unblock\n if this revision succeeds.","$ref":"#/components/schemas/admiral.deployment.v1.Revision"}},"title":"RetryRevisionResponse","additionalProperties":false,"description":"RetryRevisionResponse contains the updated revision."},"admiral.deployment.v1.Revision":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the revision (UUID)."},"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment this revision belongs to (UUID)."},"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component this revision is for (UUID)."},"component_name":{"type":"string","title":"component_name","description":"Component name at the time of deployment (denormalized for display)."},"category":{"title":"category","description":"Component category at the time of deployment (after override resolution).","$ref":"#/components/schemas/admiral.deployment.v1.RevisionCategory"},"status":{"title":"status","description":"Lifecycle status of this revision.","$ref":"#/components/schemas/admiral.deployment.v1.RevisionStatus"},"source_id":{"type":"string","title":"source_id","description":"The source used for this revision (UUID, after override resolution)."},"version":{"type":"string","title":"version","description":"The version deployed (after override resolution)."},"resolved_values":{"type":"string","title":"resolved_values","description":"The resolved values template snapshot -- the values_template with all\n variable references and component output references fully resolved.\n Stored for audit: shows exactly what inputs were used. Sensitive\n variable values are masked in API responses."},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Component IDs that this revision depends on. Populated from the resolved\n depends_on list plus implicit dependencies from template expressions."},"blocked_by":{"type":"array","items":{"type":"string"},"title":"blocked_by","description":"Component IDs that are blocking this revision. Only populated when\n status is BLOCKED -- indicates which upstream components failed."},"artifact_checksum":{"type":"string","title":"artifact_checksum","description":"SHA-256 checksum of the rendered artifact bundle (tar.gz)."},"artifact_url":{"type":"string","title":"artifact_url","description":"Storage location of the rendered artifact bundle. Internal reference\n used by agents/runners to fetch the bundle."},"plan_output":{"type":"string","title":"plan_output","description":"(Infrastructure only) The Terraform plan output in human-readable format.\n Populated after planning completes. Used for visibility and audit."},"plan_summary":{"title":"plan_summary","description":"(Infrastructure only) The number of resources Terraform plans to add,\n change, and destroy. Populated after planning completes.","$ref":"#/components/schemas/admiral.deployment.v1.TerraformPlanSummary"},"error_message":{"type":"string","title":"error_message","description":"Error message if the revision failed. Empty on success."},"retry_count":{"type":"integer","title":"retry_count","format":"int32","description":"Number of retry attempts. Starts at 0 for the initial attempt."},"created_at":{"title":"created_at","description":"When the revision was created (same as deployment created_at).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"started_at":{"title":"started_at","description":"When the revision started execution (transitioned from PENDING/QUEUED).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"completed_at":{"title":"completed_at","description":"When the revision finished (succeeded, failed, or cancelled).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Revision","additionalProperties":false,"description":"Revision represents an immutable, rendered artifact for a single component\n within a deployment. Each revision tracks the full lifecycle from rendering\n through execution, and stores references to the produced artifacts\n (rendered manifests, Terraform plan files, etc.).\n\n For infrastructure components (Terraform):\n - Rendering produces .tf files and .tfvars with resolved variable values.\n - `terraform plan` and `terraform apply` are executed by the assigned runner.\n - The plan output is stored for visibility.\n - Each component has its own Terraform state.\n\n For workload components (Helm, Kustomize, manifests):\n - Rendering produces Kubernetes manifests (via helm template, kustomize\n build, or raw file collection).\n - Manifests are ordered (CRDs before resources, namespaces first).\n - The rendered bundle is sent to the K8s agent for application."},"admiral.deployment.v1.RevisionCategory":{"type":"string","title":"RevisionCategory","enum":["REVISION_CATEGORY_UNSPECIFIED","REVISION_CATEGORY_INFRASTRUCTURE","REVISION_CATEGORY_WORKLOAD"],"description":"RevisionCategory mirrors ComponentCategory but is stored on the revision\n to capture the effective category at deployment time (may differ from\n the component default if an environment override changed the source type)."},"admiral.deployment.v1.RevisionStatus":{"type":"string","title":"RevisionStatus","enum":["REVISION_STATUS_UNSPECIFIED","REVISION_STATUS_PENDING","REVISION_STATUS_QUEUED","REVISION_STATUS_PLANNING","REVISION_STATUS_APPLYING","REVISION_STATUS_SUCCEEDED","REVISION_STATUS_FAILED","REVISION_STATUS_BLOCKED","REVISION_STATUS_CANCELLED"],"description":"RevisionStatus represents the lifecycle status of a single component\n revision within a deployment."},"admiral.deployment.v1.RevisionSummary":{"type":"object","properties":{"total":{"type":"integer","title":"total","format":"int32","description":"Total number of component revisions in this deployment."},"succeeded":{"type":"integer","title":"succeeded","format":"int32","description":"Number of revisions that completed successfully."},"failed":{"type":"integer","title":"failed","format":"int32","description":"Number of revisions that failed."},"blocked":{"type":"integer","title":"blocked","format":"int32","description":"Number of revisions that are blocked by upstream failures."},"running":{"type":"integer","title":"running","format":"int32","description":"Number of revisions currently running (planning or applying)."},"cancelled":{"type":"integer","title":"cancelled","format":"int32","description":"Number of revisions that were cancelled."},"pending":{"type":"integer","title":"pending","format":"int32","description":"Number of revisions that have not started yet."}},"title":"RevisionSummary","additionalProperties":false,"description":"RevisionSummary provides aggregate counts of revision statuses within a\n deployment, enabling quick status display without loading all revisions."},"admiral.deployment.v1.TerraformPlanSummary":{"type":"object","properties":{"additions":{"type":"integer","title":"additions","format":"int32","description":"Number of resources to be created."},"changes":{"type":"integer","title":"changes","format":"int32","description":"Number of resources to be updated in place."},"destructions":{"type":"integer","title":"destructions","format":"int32","description":"Number of resources to be destroyed."}},"title":"TerraformPlanSummary","additionalProperties":false,"description":"TerraformPlanSummary provides resource change counts from a Terraform plan."},"admiral.environment.v1.CreateEnvironmentRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application to create this environment for (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod\", \"staging-us-east\").\n Must be unique within the application. Lowercase alphanumeric and hyphens only."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the environment's purpose."},"workload_targets":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.WorkloadTarget"},"title":"workload_targets","description":"Workload runtime targets. Optional -- can be added later via\n UpdateEnvironment. At most one target per WorkloadType."},"infrastructure_targets":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.InfrastructureTarget"},"title":"infrastructure_targets","description":"Infrastructure runtime targets. Optional -- can be added later via\n UpdateEnvironment. At most one target per InfrastructureType."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering environments."}},"title":"CreateEnvironmentRequest","additionalProperties":false,"description":"CreateEnvironmentRequest contains the parameters for creating a new environment."},"admiral.environment.v1.CreateEnvironmentRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.environment.v1.CreateEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The created environment.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"CreateEnvironmentResponse","additionalProperties":false,"description":"CreateEnvironmentResponse contains the newly created environment."},"admiral.environment.v1.DeleteEnvironmentRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment to delete (UUID)."}},"title":"DeleteEnvironmentRequest","additionalProperties":false,"description":"DeleteEnvironmentRequest identifies an environment to delete."},"admiral.environment.v1.DeleteEnvironmentResponse":{"type":"object","title":"DeleteEnvironmentResponse","additionalProperties":false,"description":"DeleteEnvironmentResponse is empty on success."},"admiral.environment.v1.Environment":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the environment (UUID)."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this environment belongs to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod\", \"staging-us-east\").\n Unique within the application. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the environment's purpose\n (e.g., \"US East production serving live traffic\" or\n \"Shared staging for QA validation before prod promotion\")."},"workload_targets":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.WorkloadTarget"},"title":"workload_targets","description":"Workload runtime targets. Each entry binds this environment to a workload\n runtime (e.g., Kubernetes cluster). At most one target per WorkloadType\n is allowed -- the server rejects duplicates.\n\n Components with workload sources (Helm, Kustomize, manifests) are routed\n to the matching target at deployment time. If no matching target exists,\n the deployment fails with a clear error."},"infrastructure_targets":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.InfrastructureTarget"},"title":"infrastructure_targets","description":"Infrastructure runtime targets. Each entry binds this environment to an\n infrastructure provisioning tool (e.g., Terraform runner). At most one\n target per InfrastructureType is allowed -- the server rejects duplicates.\n\n Components with infrastructure sources (Terraform modules) are routed to\n the matching target at deployment time. If no matching target exists,\n the deployment fails with a clear error."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering environments\n (e.g., `{\"region\": \"us-east-1\", \"tier\": \"production\"}`)."},"has_pending_changes":{"type":"boolean","title":"has_pending_changes","description":"Whether the environment has configuration changes that have not yet been\n deployed. Server-derived by comparing current resolved config (variables,\n component settings, overrides, source versions) against the last\n successful deployment's snapshot. False if no successful deployment\n exists yet (a fresh environment with no deployments returns false --\n use `last_deployed_at` to distinguish \"clean\" from \"never deployed\")."},"last_deployed_at":{"title":"last_deployed_at","description":"When the last successful deployment to this environment completed.\n Absent if no successful deployment has occurred yet.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_by":{"title":"created_by","description":"The user or agent who created this environment (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this environment (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the environment was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the environment was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Environment","additionalProperties":false,"description":"Environment represents a named deployment target for an application. Each\n environment binds an application to its workload and infrastructure runtimes.\n\n An environment carries two independent sets of runtime bindings:\n - **Workload targets**: where application workloads are deployed\n (e.g., a Kubernetes cluster and namespace).\n - **Infrastructure targets**: how infrastructure is provisioned\n (e.g., Terraform executed by a runner).\n\n Either or both can be configured depending on the application's components.\n An application with only Helm charts needs a workload target; one with only\n Terraform modules needs an infrastructure target; most applications need both.\n\n At most one target per type is allowed per environment. The deployment engine\n routes each component to the matching target based on its source type.","example":{"id":"e5f6a7b8-9012-3cde-f456-789012345678","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","name":"staging","description":"Shared staging environment for QA validation before production promotion.","runtime_type":"RUNTIME_TYPE_KUBERNETES","labels":{"region":"us-east-1","tier":"staging"},"infrastructure":{"runner_id":"b2c3d4e5-6789-0abc-def1-234567890abc"},"kubernetes":{"cluster_id":"c3d4e5f6-7890-1abc-def0-abcdef012345","namespace":"inventory-staging"},"has_pending_changes":true,"last_deployed_at":"2025-11-01T09:15:00Z","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-09-15T11:00:00Z","updated_at":"2025-11-02T14:30:00Z"}},"admiral.environment.v1.Environment.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.environment.v1.GetEnvironmentRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment (UUID)."}},"title":"GetEnvironmentRequest","additionalProperties":false,"description":"GetEnvironmentRequest identifies an environment to retrieve."},"admiral.environment.v1.GetEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The environment record.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"GetEnvironmentResponse","additionalProperties":false,"description":"GetEnvironmentResponse contains the environment record."},"admiral.environment.v1.InfrastructureTarget":{"type":"object","oneOf":[{"type":"object","properties":{"terraform":{"title":"terraform","description":"Terraform/OpenTofu runner assignment (references a Runner entity).","$ref":"#/components/schemas/admiral.environment.v1.TerraformConfig"}},"title":"terraform","required":["terraform"]}],"title":"InfrastructureTarget","additionalProperties":false,"description":"InfrastructureTarget binds an environment to an infrastructure provisioning\n runtime. Each target carries type-specific configuration that references a\n managed entity (e.g., a Runner for Terraform, a Connection for CloudFormation).\n\n At most one target per InfrastructureType is allowed per environment."},"admiral.environment.v1.InfrastructureType":{"type":"string","title":"InfrastructureType","enum":["INFRASTRUCTURE_TYPE_UNSPECIFIED","INFRASTRUCTURE_TYPE_TERRAFORM"],"description":"InfrastructureType identifies the kind of infrastructure provisioning tool\n a target uses."},"admiral.environment.v1.KubernetesConfig":{"type":"object","properties":{"cluster_id":{"type":"string","title":"cluster_id","format":"uuid","description":"The registered cluster this environment deploys to (UUID)."},"namespace":{"type":["string","null"],"title":"namespace","description":"The Kubernetes namespace for this environment's workloads.\n Defaults to the environment name if not specified at deploy time."}},"title":"KubernetesConfig","additionalProperties":false,"description":"KubernetesConfig contains Kubernetes-specific settings for an environment.\n References a Cluster entity (agent-based) managed via ClusterAPI."},"admiral.environment.v1.ListEnvironmentsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `application_id` -- filter by parent application (UUID).\n - `name` -- filter by environment name.\n - `workload_type` -- filter by workload target type (KUBERNETES).\n - `infrastructure_type` -- filter by infrastructure target type (TERRAFORM).\n - `labels.key` -- filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of environments to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListEnvironmentsRequest","additionalProperties":false,"description":"ListEnvironmentsRequest contains pagination and filter parameters."},"admiral.environment.v1.ListEnvironmentsResponse":{"type":"object","properties":{"environments":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.Environment"},"title":"environments","description":"The list of environments."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListEnvironmentsResponse","additionalProperties":false,"description":"ListEnvironmentsResponse contains a page of environments."},"admiral.environment.v1.TerraformConfig":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner that executes Terraform operations for this environment (UUID)."}},"title":"TerraformConfig","additionalProperties":false,"description":"TerraformConfig contains settings for Terraform/OpenTofu infrastructure\n operations within this environment. References a Runner entity (agent-based)\n managed via RunnerAPI."},"admiral.environment.v1.UpdateEnvironmentRequest":{"type":"object","properties":{"environment":{"title":"environment","description":"The environment with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.environment.v1.Environment"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `workload_targets`,\n `infrastructure_targets`, `labels`.\n\n When updating target lists, the entire list is replaced -- there is no\n partial merge of individual targets within the list.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateEnvironmentRequest","required":["environment"],"additionalProperties":false,"description":"UpdateEnvironmentRequest contains the environment fields to update."},"admiral.environment.v1.UpdateEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The updated environment.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"UpdateEnvironmentResponse","additionalProperties":false,"description":"UpdateEnvironmentResponse contains the updated environment."},"admiral.environment.v1.WorkloadTarget":{"type":"object","oneOf":[{"type":"object","properties":{"kubernetes":{"title":"kubernetes","description":"Kubernetes cluster and namespace (references a Cluster entity).","$ref":"#/components/schemas/admiral.environment.v1.KubernetesConfig"}},"title":"kubernetes","required":["kubernetes"]}],"title":"WorkloadTarget","additionalProperties":false,"description":"WorkloadTarget binds an environment to a workload runtime. Each target\n carries type-specific configuration that references a managed entity\n (e.g., a Cluster for Kubernetes, a Connection for Cloud Run).\n\n At most one target per WorkloadType is allowed per environment."},"admiral.environment.v1.WorkloadType":{"type":"string","title":"WorkloadType","enum":["WORKLOAD_TYPE_UNSPECIFIED","WORKLOAD_TYPE_KUBERNETES"],"description":"WorkloadType identifies the kind of workload runtime a target uses."},"admiral.healthcheck.v1.HealthcheckResponse":{"type":"object","title":"HealthcheckResponse","additionalProperties":false,"description":"Empty response indicating the service is healthy."},"admiral.runner.v1.ActiveJobInfo":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job being executed (UUID)."},"phase":{"title":"phase","description":"Current execution phase reported by the worker thread.","$ref":"#/components/schemas/admiral.runner.v1.JobPhase"},"started_at":{"title":"started_at","description":"When execution of this job started (when the runner claimed it).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ActiveJobInfo","additionalProperties":false,"description":"ActiveJobInfo summarizes a job currently being executed by a runner instance.\n Included in RunnerStatus to provide real-time job progress via heartbeat."},"admiral.runner.v1.ClaimJobRequest":{"type":"object","title":"ClaimJobRequest","additionalProperties":false,"description":"ClaimJobRequest is sent by the runner to poll for available work.\n The runner is identified by the SAT's binding -- no runner_id is required."},"admiral.runner.v1.ClaimJobResponse":{"type":"object","properties":{"job":{"title":"job","description":"The job to execute. Absent if no work is available -- the runner should\n wait and poll again after its configured interval.","$ref":"#/components/schemas/admiral.runner.v1.Job"}},"title":"ClaimJobResponse","additionalProperties":false,"description":"ClaimJobResponse contains the next job to execute, if any."},"admiral.runner.v1.CreateRunnerRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-terraform-runner\").\n Must be unique within the tenant. Lowercase alphanumeric and hyphens only."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the runner's purpose."},"kind":{"title":"kind","description":"The type of operations this runner executes.","$ref":"#/components/schemas/admiral.runner.v1.RunnerKind"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering runners."}},"title":"CreateRunnerRequest","additionalProperties":false,"description":"CreateRunnerRequest contains the parameters for creating a new runner."},"admiral.runner.v1.CreateRunnerRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.runner.v1.CreateRunnerResponse":{"type":"object","properties":{"runner":{"title":"runner","description":"The created runner. Health status will be PENDING until the runner\n begins heartbeating.","$ref":"#/components/schemas/admiral.runner.v1.Runner"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw Agent Token secret (e.g., \"adms_pL2mN5oQ8rS1...\"). This value\n is shown exactly once and cannot be retrieved again. Deploy this token to\n the runner binary for authentication.\n\n To create additional tokens (e.g., for rotation), use\n CreateRunnerToken (POST /v1/runners/{runner_id}/tokens)."}},"title":"CreateRunnerResponse","additionalProperties":false,"description":"CreateRunnerResponse contains the newly created runner and its initial\n Service Access Token (SAT)."},"admiral.runner.v1.CreateRunnerTokenRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-runner-key\").\n Must be unique within the runner's tokens. Lowercase alphanumeric and\n hyphens only."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateRunnerTokenRequest","additionalProperties":false,"description":"CreateRunnerTokenRequest contains the parameters for creating a new SAT\n bound to a runner."},"admiral.runner.v1.CreateRunnerTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The created token metadata. Scopes are auto-assigned for runner SATs.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw token secret (e.g., \"adms_pL2mN5oQ8rS1...\"). This value is\n shown exactly once and cannot be retrieved again. Store it securely."}},"title":"CreateRunnerTokenResponse","additionalProperties":false,"description":"CreateRunnerTokenResponse contains the newly created SAT."},"admiral.runner.v1.DeleteRunnerRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner to delete (UUID).\n All associated service access tokens will be revoked."}},"title":"DeleteRunnerRequest","additionalProperties":false,"description":"DeleteRunnerRequest identifies a runner to delete."},"admiral.runner.v1.DeleteRunnerResponse":{"type":"object","title":"DeleteRunnerResponse","additionalProperties":false,"description":"DeleteRunnerResponse is empty on success."},"admiral.runner.v1.GetJobBundleRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job to fetch the bundle for (UUID)."}},"title":"GetJobBundleRequest","additionalProperties":false,"description":"GetJobBundleRequest identifies a job whose artifact bundle to fetch."},"admiral.runner.v1.GetJobBundleResponse":{"type":"object","properties":{"bundle":{"title":"bundle","description":"The artifact bundle with everything needed to execute the TF operation.","$ref":"#/components/schemas/admiral.runner.v1.JobBundle"}},"title":"GetJobBundleResponse","additionalProperties":false,"description":"GetJobBundleResponse contains the rendered artifacts for execution."},"admiral.runner.v1.GetRunnerRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner (UUID)."}},"title":"GetRunnerRequest","additionalProperties":false,"description":"GetRunnerRequest identifies a runner to retrieve."},"admiral.runner.v1.GetRunnerResponse":{"type":"object","properties":{"runner":{"title":"runner","description":"The runner record, including server-derived health_status.","$ref":"#/components/schemas/admiral.runner.v1.Runner"}},"title":"GetRunnerResponse","additionalProperties":false,"description":"GetRunnerResponse contains the runner record."},"admiral.runner.v1.GetRunnerStatusRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The unique identifier of the runner (UUID)."}},"title":"GetRunnerStatusRequest","additionalProperties":false,"description":"GetRunnerStatusRequest identifies a runner whose status to retrieve."},"admiral.runner.v1.GetRunnerStatusResponse":{"type":"object","properties":{"health_status":{"title":"health_status","description":"Server-derived health status based on heartbeat recency and capacity.","$ref":"#/components/schemas/admiral.runner.v1.RunnerHealthStatus"},"status":{"title":"status","description":"Latest capacity snapshot from the runner. Absent if no heartbeat has\n been received yet.","$ref":"#/components/schemas/admiral.runner.v1.RunnerStatus"},"reported_at":{"title":"reported_at","description":"When the latest heartbeat was received.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"GetRunnerStatusResponse","additionalProperties":false,"description":"GetRunnerStatusResponse contains the server-derived health status and the\n latest capacity snapshot. If no heartbeat has been received yet, the\n health_status will be PENDING and status will be absent."},"admiral.runner.v1.GetRunnerTokenRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}},"title":"GetRunnerTokenRequest","additionalProperties":false,"description":"GetRunnerTokenRequest identifies a runner SAT to retrieve."},"admiral.runner.v1.GetRunnerTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata. The token secret is never included.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"GetRunnerTokenResponse","additionalProperties":false,"description":"GetRunnerTokenResponse contains the requested runner SAT metadata."},"admiral.runner.v1.HeartbeatRequest":{"type":"object","properties":{"status":{"title":"status","description":"Current capacity and telemetry metrics.","$ref":"#/components/schemas/admiral.runner.v1.RunnerStatus"},"instance_id":{"type":"string","title":"instance_id","format":"uuid","description":"Random UUID generated at process startup to distinguish multiple runner\n instances sharing the same SAT. The server uses this to track heartbeats\n per instance and aggregate capacity metrics across all instances of the\n same runner. A new instance_id is generated each time the runner process\n starts -- it is not persisted across restarts."}},"title":"HeartbeatRequest","required":["status"],"additionalProperties":false,"description":"HeartbeatRequest contains the runner's alive signal and current capacity.\n The runner is identified by the SAT's binding -- no runner_id is required."},"admiral.runner.v1.HeartbeatResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the heartbeat was accepted."},"next_heartbeat_seconds":{"type":"integer","title":"next_heartbeat_seconds","format":"int32","description":"Server-controlled interval (in seconds) before the runner should send\n its next heartbeat. Allows the server to adjust frequency dynamically."}},"title":"HeartbeatResponse","additionalProperties":false,"description":"HeartbeatResponse acknowledges the heartbeat."},"admiral.runner.v1.Job":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the job (UUID)."},"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner this job is assigned to (UUID)."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision this job belongs to (UUID)."},"deployment_id":{"type":"string","title":"deployment_id","format":"uuid","description":"The deployment this job belongs to (UUID). Denormalized for convenience."},"job_type":{"title":"job_type","description":"The type of Terraform operation to execute.","$ref":"#/components/schemas/admiral.runner.v1.JobType"},"status":{"title":"status","description":"Current lifecycle status of the job.","$ref":"#/components/schemas/admiral.runner.v1.JobStatus"},"created_at":{"title":"created_at","description":"When the job was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"started_at":{"title":"started_at","description":"When the runner started executing the job.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"completed_at":{"title":"completed_at","description":"When the job finished (succeeded, failed, or cancelled).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Job","additionalProperties":false,"description":"Job represents an infrastructure execution job assigned to a runner.\n Jobs bridge the Deployment/Revision system and the Runner execution plane."},"admiral.runner.v1.JobBundle":{"type":"object","properties":{"artifact_url":{"type":"string","title":"artifact_url","description":"Signed URL to download the rendered artifact bundle (tar.gz containing\n .tf files, .tfvars, etc.). Time-limited."},"artifact_checksum":{"type":"string","title":"artifact_checksum","description":"SHA-256 checksum of the artifact bundle for integrity verification."},"variables":{"type":"object","title":"variables","additionalProperties":{"type":"string","title":"value"},"description":"Resolved variable values to inject as TF_VAR_* environment variables.\n Sensitive values are included (runner is a trusted execution context)."},"provider_configs":{"type":"object","title":"provider_configs","additionalProperties":{"type":"string","title":"value"},"description":"Provider configuration blocks (JSON-encoded). Keys are provider names\n (e.g., \"aws\", \"google\"), values are JSON objects with provider config."},"backend_config":{"type":"string","title":"backend_config","description":"Terraform backend configuration (JSON-encoded). Contains the backend\n type and its configuration for state storage."},"terraform_version":{"type":"string","title":"terraform_version","description":"The Terraform version to use for this operation (e.g., \"1.7.5\")."}},"title":"JobBundle","additionalProperties":false,"description":"JobBundle contains everything a runner needs to execute a Terraform operation.\n Fetched separately from ClaimJob to keep the claim response lightweight."},"admiral.runner.v1.JobBundle.ProviderConfigsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"ProviderConfigsEntry","additionalProperties":false},"admiral.runner.v1.JobBundle.VariablesEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"VariablesEntry","additionalProperties":false},"admiral.runner.v1.JobPhase":{"type":"string","title":"JobPhase","enum":["JOB_PHASE_UNSPECIFIED","JOB_PHASE_INITIALIZING","JOB_PHASE_PLANNING","JOB_PHASE_APPLYING","JOB_PHASE_FINALIZING"],"description":"JobPhase represents the current execution phase of a job as reported by the\n runner's worker thread. Used in heartbeat payloads to give the server\n visibility into job progress between ClaimJob and ReportJobResult."},"admiral.runner.v1.JobResult":{"type":"object","properties":{"status":{"title":"status","description":"The final status of the job (SUCCEEDED or FAILED).","$ref":"#/components/schemas/admiral.runner.v1.JobStatus"},"plan_output":{"type":"string","title":"plan_output","description":"(Plan jobs only) The Terraform plan output in human-readable format."},"plan_summary":{"title":"plan_summary","description":"(Plan jobs only) Summary of resource changes from the plan.","$ref":"#/components/schemas/admiral.deployment.v1.TerraformPlanSummary"},"error_message":{"type":"string","title":"error_message","description":"Error message if the job failed. Empty on success."},"logs_url":{"type":"string","title":"logs_url","description":"URL to the full execution logs in external storage."},"duration":{"title":"duration","description":"How long the Terraform operation took to execute.","$ref":"#/components/schemas/google.protobuf.Duration"}},"title":"JobResult","additionalProperties":false,"description":"JobResult contains the outcome of a completed job, reported by the runner."},"admiral.runner.v1.JobStatus":{"type":"string","title":"JobStatus","enum":["JOB_STATUS_UNSPECIFIED","JOB_STATUS_PENDING","JOB_STATUS_ASSIGNED","JOB_STATUS_RUNNING","JOB_STATUS_SUCCEEDED","JOB_STATUS_FAILED","JOB_STATUS_CANCELED"],"description":"JobStatus represents the lifecycle state of a runner job."},"admiral.runner.v1.JobType":{"type":"string","title":"JobType","enum":["JOB_TYPE_UNSPECIFIED","JOB_TYPE_PLAN","JOB_TYPE_APPLY","JOB_TYPE_DESTROY_PLAN","JOB_TYPE_DESTROY_APPLY"],"description":"JobType identifies the kind of Terraform operation a job executes."},"admiral.runner.v1.ListRunnerJobsRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner whose jobs to list (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `status` -- filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type` -- filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `deployment_id` -- jobs for a specific deployment (UUID).\n\n Example: `field['status'] = 'RUNNING'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of jobs to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRunnerJobsRequest","additionalProperties":false,"description":"ListRunnerJobsRequest contains pagination and filter parameters for listing\n jobs assigned to a specific runner."},"admiral.runner.v1.ListRunnerJobsResponse":{"type":"object","properties":{"jobs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.runner.v1.Job"},"title":"jobs","description":"The list of jobs, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRunnerJobsResponse","additionalProperties":false,"description":"ListRunnerJobsResponse contains a page of jobs."},"admiral.runner.v1.ListRunnerTokensRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner to list tokens for (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRunnerTokensRequest","additionalProperties":false,"description":"ListRunnerTokensRequest contains pagination and filter parameters."},"admiral.runner.v1.ListRunnerTokensResponse":{"type":"object","properties":{"access_tokens":{"type":"array","items":{"$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"title":"access_tokens","description":"The list of tokens. Token secrets are never included."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRunnerTokensResponse","additionalProperties":false,"description":"ListRunnerTokensResponse contains a page of runner SAT metadata."},"admiral.runner.v1.ListRunnersRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by runner name.\n - `kind` -- filter by runner kind (TERRAFORM, WORKFLOW).\n - `health_status` -- filter by health status.\n - `labels.key` -- filter by label key.\n\n Example: `field['kind'] = 'TERRAFORM' AND field['health_status'] = 'HEALTHY'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of runners to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRunnersRequest","additionalProperties":false,"description":"ListRunnersRequest contains pagination and filter parameters."},"admiral.runner.v1.ListRunnersResponse":{"type":"object","properties":{"runners":{"type":"array","items":{"$ref":"#/components/schemas/admiral.runner.v1.Runner"},"title":"runners","description":"The list of runners."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRunnersResponse","additionalProperties":false,"description":"ListRunnersResponse contains a page of runners."},"admiral.runner.v1.ReportJobResultRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job being reported on (UUID)."},"result":{"title":"result","description":"The job result with status, outputs, and error information.","$ref":"#/components/schemas/admiral.runner.v1.JobResult"}},"title":"ReportJobResultRequest","required":["result"],"additionalProperties":false,"description":"ReportJobResultRequest contains the outcome of a completed job."},"admiral.runner.v1.ReportJobResultResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the result was accepted."}},"title":"ReportJobResultResponse","additionalProperties":false,"description":"ReportJobResultResponse acknowledges the result."},"admiral.runner.v1.RevokeRunnerTokenRequest":{"type":"object","properties":{"runner_id":{"type":"string","title":"runner_id","format":"uuid","description":"The runner the token belongs to (UUID)."},"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeRunnerTokenRequest","additionalProperties":false,"description":"RevokeRunnerTokenRequest identifies a runner SAT to revoke."},"admiral.runner.v1.RevokeRunnerTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata with updated status.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"RevokeRunnerTokenResponse","additionalProperties":false,"description":"RevokeRunnerTokenResponse contains the revoked runner SAT metadata."},"admiral.runner.v1.Runner":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the runner (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-terraform-runner\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the runner's purpose\n (e.g., \"Terraform runner for production AWS infrastructure\")."},"kind":{"title":"kind","description":"The type of operations this runner executes.","$ref":"#/components/schemas/admiral.runner.v1.RunnerKind"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering runners\n (e.g., `{\"cloud\": \"aws\", \"team\": \"platform\"}`)."},"health_status":{"title":"health_status","description":"Derived health status based on heartbeat recency and capacity.","$ref":"#/components/schemas/admiral.runner.v1.RunnerHealthStatus"},"created_by":{"title":"created_by","description":"The user or agent who created this runner (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this runner (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the runner record was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the runner record was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Runner","additionalProperties":false,"description":"Runner represents a registered infrastructure execution runner within a\n tenant. Runners claim and execute Terraform operations (plan, apply, destroy)\n dispatched by the deployment engine.","example":{"id":"b2c3d4e5-6789-0abc-def1-234567890abc","name":"prod-terraform-runner","description":"Terraform runner for production AWS infrastructure provisioning.","kind":"RUNNER_KIND_TERRAFORM","labels":{"cloud":"aws","team":"platform"},"health_status":"RUNNER_HEALTH_STATUS_HEALTHY","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-07-15T10:00:00Z","updated_at":"2025-11-18T08:30:00Z"}},"admiral.runner.v1.Runner.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.runner.v1.RunnerHealthStatus":{"type":"string","title":"RunnerHealthStatus","enum":["RUNNER_HEALTH_STATUS_UNSPECIFIED","RUNNER_HEALTH_STATUS_PENDING","RUNNER_HEALTH_STATUS_HEALTHY","RUNNER_HEALTH_STATUS_DEGRADED","RUNNER_HEALTH_STATUS_UNREACHABLE"],"description":"RunnerHealthStatus represents the derived health state of a runner.\n The status is computed from heartbeat recency and capacity metrics."},"admiral.runner.v1.RunnerKind":{"type":"string","title":"RunnerKind","enum":["RUNNER_KIND_UNSPECIFIED","RUNNER_KIND_TERRAFORM","RUNNER_KIND_WORKFLOW"],"description":"RunnerKind identifies the type of operations a runner executes."},"admiral.runner.v1.RunnerStatus":{"type":"object","properties":{"version":{"type":"string","title":"version","description":"The runner binary version (e.g., \"1.2.0\")."},"active_jobs":{"type":"integer","title":"active_jobs","format":"int32","description":"Number of jobs currently being executed by this runner."},"max_concurrent_jobs":{"type":"integer","title":"max_concurrent_jobs","format":"int32","description":"Maximum number of concurrent jobs this runner supports."},"available_providers":{"type":"array","items":{"type":"string"},"title":"available_providers","description":"Terraform providers available on this runner (e.g., [\"aws\", \"google\", \"azurerm\"])."},"tool_versions":{"type":"object","title":"tool_versions","maxProperties":32,"additionalProperties":{"type":"string","title":"value","maxLength":32,"minLength":1},"description":"CLI tool versions installed on this runner, detected at startup and\n reported on every heartbeat. Visible to admins via GetRunnerStatus.\n The server uses tool_versions to match jobs to capable runners (e.g.,\n a job requiring Terraform 1.9.x will only be assigned to a runner\n reporting a compatible version).\n Keys are tool names (e.g., \"terraform\", \"tofu\", \"helm\", \"kustomize\", \"kubectl\").\n Values are semantic versions (e.g., \"1.7.5\", \"1.9.0\")."},"active_job_details":{"type":"array","items":{"$ref":"#/components/schemas/admiral.runner.v1.ActiveJobInfo"},"title":"active_job_details","description":"Details of jobs currently being executed by this runner instance. The\n worker thread updates job phase in shared memory; the heartbeat thread\n reads and includes it on each tick. Gives the server visibility into\n job progress for stuck-job detection and admin dashboards."}},"title":"RunnerStatus","additionalProperties":false,"description":"RunnerStatus contains capacity and telemetry metrics for a runner, as\n reported via Heartbeat. This message is used in both the push payload\n (HeartbeatRequest) and the read response (GetRunnerStatusResponse).\n\n Server-derived fields (health_status) are NOT included here -- they live\n on the Runner record and are returned alongside this message in\n GetRunnerStatusResponse."},"admiral.runner.v1.RunnerStatus.ToolVersionsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"ToolVersionsEntry","additionalProperties":false},"admiral.runner.v1.UpdateRunnerRequest":{"type":"object","properties":{"runner":{"title":"runner","description":"The runner with updated fields. The `id` field is required.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.runner.v1.Runner"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateRunnerRequest","required":["runner"],"additionalProperties":false,"description":"UpdateRunnerRequest contains the runner fields to update."},"admiral.runner.v1.UpdateRunnerResponse":{"type":"object","properties":{"runner":{"title":"runner","description":"The updated runner.","$ref":"#/components/schemas/admiral.runner.v1.Runner"}},"title":"UpdateRunnerResponse","additionalProperties":false,"description":"UpdateRunnerResponse contains the updated runner."},"admiral.source.v1.ArchiveConfig":{"type":"object","properties":{"path":{"type":"string","title":"path","description":"Subdirectory within the extracted archive to use. Empty means archive root."},"checksum":{"type":"string","title":"checksum","description":"Expected checksum for integrity verification (e.g., \"sha256:abc123...\").\n When set, the fetched archive is verified against this checksum before\n extraction."}},"title":"ArchiveConfig","additionalProperties":false,"description":"ArchiveConfig provides additional parameters for archive sources\n (tar.gz, zip) fetched via HTTP, S3, or GCS."},"admiral.source.v1.CreateSourceRequest":{"type":"object","allOf":[{"properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier. Must be unique within the tenant."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the source's purpose."},"type":{"not":{"enum":["SOURCE_TYPE_UNSPECIFIED"]},"title":"type","description":"The kind of artifact and fetch protocol.","$ref":"#/components/schemas/admiral.source.v1.SourceType"},"url":{"type":"string","title":"url","minLength":1,"description":"Base URL for the source (see Source.url for per-type semantics)."},"connection_id":{"type":["string","null"],"title":"connection_id","format":"uuid","description":"Reference to the connection providing credentials (UUID). Optional for\n public sources."},"catalog":{"type":"boolean","title":"catalog","description":"Whether this is a curated catalog entry."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels."}}},{"oneOf":[{"type":"object","properties":{"archive":{"title":"archive","$ref":"#/components/schemas/admiral.source.v1.ArchiveConfig"}},"title":"archive","required":["archive"]},{"type":"object","properties":{"helm_git":{"title":"helm_git","$ref":"#/components/schemas/admiral.source.v1.HelmGitConfig"}},"title":"helm_git","required":["helm_git"]},{"type":"object","properties":{"helm_oci":{"title":"helm_oci","$ref":"#/components/schemas/admiral.source.v1.HelmOCIConfig"}},"title":"helm_oci","required":["helm_oci"]},{"type":"object","properties":{"helm_repository":{"title":"helm_repository","$ref":"#/components/schemas/admiral.source.v1.HelmRepositoryConfig"}},"title":"helm_repository","required":["helm_repository"]},{"type":"object","properties":{"kustomize_git":{"title":"kustomize_git","$ref":"#/components/schemas/admiral.source.v1.KustomizeGitConfig"}},"title":"kustomize_git","required":["kustomize_git"]},{"type":"object","properties":{"manifest_git":{"title":"manifest_git","$ref":"#/components/schemas/admiral.source.v1.ManifestGitConfig"}},"title":"manifest_git","required":["manifest_git"]},{"type":"object","properties":{"terraform_git":{"title":"terraform_git","$ref":"#/components/schemas/admiral.source.v1.TerraformGitConfig"}},"title":"terraform_git","required":["terraform_git"]},{"type":"object","properties":{"terraform_registry":{"title":"terraform_registry","$ref":"#/components/schemas/admiral.source.v1.TerraformRegistryConfig"}},"title":"terraform_registry","required":["terraform_registry"]}]}],"title":"CreateSourceRequest","additionalProperties":false,"description":"CreateSourceRequest contains the parameters for creating a new source."},"admiral.source.v1.CreateSourceRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.source.v1.CreateSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The created source.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"CreateSourceResponse","additionalProperties":false,"description":"CreateSourceResponse contains the newly created source."},"admiral.source.v1.DeleteSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to delete (UUID).\n Fails if any application components still reference this source."}},"title":"DeleteSourceRequest","additionalProperties":false,"description":"DeleteSourceRequest identifies a source to delete."},"admiral.source.v1.DeleteSourceResponse":{"type":"object","title":"DeleteSourceResponse","additionalProperties":false,"description":"DeleteSourceResponse is empty on success."},"admiral.source.v1.GetSourceInputsRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to inspect (UUID)."},"version":{"type":"string","title":"version","minLength":1,"description":"The version to inspect. For registry sources, a semver string. For Git\n sources, a tag, branch, or commit SHA. Required."}},"title":"GetSourceInputsRequest","additionalProperties":false,"description":"GetSourceInputsRequest fetches discoverable inputs for a source at a\n specific version."},"admiral.source.v1.GetSourceInputsResponse":{"type":"object","properties":{"inputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.SourceInput"},"title":"inputs","description":"Discovered input parameters. Empty for source types that do not support\n input discovery (Kustomize, raw manifests)."},"resolved_version":{"type":"string","title":"resolved_version","description":"The version that was actually inspected (resolved from the requested\n version -- e.g., a branch name resolved to a commit SHA)."}},"title":"GetSourceInputsResponse","additionalProperties":false,"description":"GetSourceInputsResponse contains the discovered inputs for the source at\n the requested version."},"admiral.source.v1.GetSourceOutputsRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to inspect (UUID)."},"version":{"type":"string","title":"version","minLength":1,"description":"The version to inspect. Required."}},"title":"GetSourceOutputsRequest","additionalProperties":false,"description":"GetSourceOutputsRequest fetches discoverable outputs for a source at a\n specific version."},"admiral.source.v1.GetSourceOutputsResponse":{"type":"object","properties":{"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.SourceOutput"},"title":"outputs","description":"Discovered output definitions. Only populated for Terraform module sources.\n Workload sources (Helm, Kustomize, manifests) do not have formal outputs --\n workload component outputs are user-declared at the component level."},"resolved_version":{"type":"string","title":"resolved_version","description":"The version that was actually inspected."}},"title":"GetSourceOutputsResponse","additionalProperties":false,"description":"GetSourceOutputsResponse contains the discovered outputs for the source at\n the requested version."},"admiral.source.v1.GetSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source (UUID)."}},"title":"GetSourceRequest","additionalProperties":false,"description":"GetSourceRequest identifies a source to retrieve."},"admiral.source.v1.GetSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The source record.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"GetSourceResponse","additionalProperties":false,"description":"GetSourceResponse contains the source record."},"admiral.source.v1.HelmGitConfig":{"type":"object","properties":{"path":{"type":"string","title":"path","minLength":1,"description":"Path within the repository to the chart directory (must contain Chart.yaml)."},"default_ref":{"type":"string","title":"default_ref","description":"Default Git ref (branch, tag, or commit SHA)."}},"title":"HelmGitConfig","additionalProperties":false,"description":"HelmGitConfig provides additional parameters for Helm charts sourced from\n Git repositories."},"admiral.source.v1.HelmOCIConfig":{"type":"object","properties":{"repository":{"type":"string","title":"repository","minLength":1,"description":"The full OCI repository path (e.g., \"ghcr.io/myorg/charts/my-app\").\n The url field on the Source message holds the registry host, while this\n field holds the full repository path."}},"title":"HelmOCIConfig","additionalProperties":false,"description":"HelmOCIConfig provides additional parameters for Helm charts stored in\n OCI registries."},"admiral.source.v1.HelmRepositoryConfig":{"type":"object","properties":{"chart_name":{"type":"string","title":"chart_name","minLength":1,"description":"The chart name within the repository (e.g., \"nginx-ingress\", \"redis\")."}},"title":"HelmRepositoryConfig","additionalProperties":false,"description":"HelmRepositoryConfig provides additional parameters for Helm charts from\n classic HTTP/S chart repositories."},"admiral.source.v1.KustomizeGitConfig":{"type":"object","properties":{"path":{"type":"string","title":"path","minLength":1,"description":"Path within the repository to the overlay directory (must contain\n kustomization.yaml)."},"default_ref":{"type":"string","title":"default_ref","description":"Default Git ref (branch, tag, or commit SHA)."}},"title":"KustomizeGitConfig","additionalProperties":false,"description":"KustomizeGitConfig provides additional parameters for Kustomize overlays\n sourced from Git repositories."},"admiral.source.v1.ListSourceVersionsRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to query versions for (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return. Defaults to 50."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token for fetching additional versions."}},"title":"ListSourceVersionsRequest","additionalProperties":false,"description":"ListSourceVersionsRequest queries available versions for a source."},"admiral.source.v1.ListSourceVersionsResponse":{"type":"object","properties":{"versions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.SourceVersion"},"title":"versions","description":"Available versions, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListSourceVersionsResponse","additionalProperties":false,"description":"ListSourceVersionsResponse contains available versions from the external system."},"admiral.source.v1.ListSourcesRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Syntax: `field['name'] = 'value'` with AND/OR/NOT, comparison operators\n (=, !=, <, >, <=, >=, ~=), and predicates (IN, BETWEEN, CONTAINS,\n STARTS_WITH, ENDS_WITH, IS NULL, EXISTS).\n\n Filterable fields:\n - `name` -- filter by source name.\n - `type` -- filter by source type (TERRAFORM_REGISTRY, HELM_OCI, etc.).\n - `catalog` -- filter by catalog status (true/false).\n - `labels.key` -- filter by label key.\n\n Example: `field['type'] = 'TERRAFORM_REGISTRY' AND field['catalog'] = 'true'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of sources to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListSourcesRequest","additionalProperties":false,"description":"ListSourcesRequest contains pagination and filter parameters."},"admiral.source.v1.ListSourcesResponse":{"type":"object","properties":{"sources":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.Source"},"title":"sources","description":"The list of sources."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListSourcesResponse","additionalProperties":false,"description":"ListSourcesResponse contains a page of sources."},"admiral.source.v1.ManifestGitConfig":{"type":"object","properties":{"path":{"type":"string","title":"path","minLength":1,"description":"Path within the repository to the directory containing manifest files.\n All .yaml, .yml, and .json files in this directory are collected."},"recursive":{"type":"boolean","title":"recursive","description":"Whether to recursively include files from subdirectories."},"default_ref":{"type":"string","title":"default_ref","description":"Default Git ref (branch, tag, or commit SHA)."}},"title":"ManifestGitConfig","additionalProperties":false,"description":"ManifestGitConfig provides additional parameters for raw Kubernetes manifests\n sourced from Git repositories."},"admiral.source.v1.Source":{"type":"object","allOf":[{"properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the source (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"corporate-rds\", \"nginx-chart\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the source's purpose\n (e.g., \"Corporate-approved RDS module with encryption and backups\")."},"type":{"title":"type","description":"The kind of artifact and fetch protocol.","$ref":"#/components/schemas/admiral.source.v1.SourceType"},"url":{"type":"string","title":"url","minLength":1,"description":"Base URL for the source. The meaning varies by source type:\n - TERRAFORM_REGISTRY: registry hostname (e.g., \"registry.terraform.io\")\n - TERRAFORM_GIT, HELM_GIT, KUSTOMIZE_GIT, MANIFEST_GIT: Git repo URL\n - HELM_REPOSITORY: Helm repo URL (e.g., \"https://charts.bitnami.com/bitnami\")\n - HELM_OCI: OCI registry URL (e.g., \"oci://ghcr.io\")\n - ARCHIVE: HTTP/S3/GCS URL to the archive"},"connection_id":{"type":["string","null"],"title":"connection_id","format":"uuid","description":"Reference to the connection providing credentials for this source (UUID).\n Optional -- null for public sources that require no authentication\n (e.g., public Terraform registry, public Helm repos)."},"catalog":{"type":"boolean","title":"catalog","description":"Whether this source is a curated catalog entry. Catalog sources are managed\n by platform engineers and may be the only sources available to developers\n if the organization enforces catalog-only policy."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering sources\n (e.g., `{\"team\": \"platform\", \"category\": \"database\"}`)."},"created_by":{"title":"created_by","description":"The user or agent who created this source (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this source (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"last_synced_at":{"title":"last_synced_at","description":"When the source metadata was last synced from the external system\n (registry, Git, Helm repo). Updated by SyncSource and by automatic\n background refresh when discovery RPCs encounter stale cached data.\n Absent if no sync has occurred yet.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_at":{"title":"created_at","description":"When the source was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the source was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}}},{"oneOf":[{"type":"object","properties":{"archive":{"title":"archive","description":"Archive config (for SOURCE_TYPE_ARCHIVE).","$ref":"#/components/schemas/admiral.source.v1.ArchiveConfig"}},"title":"archive","required":["archive"]},{"type":"object","properties":{"helm_git":{"title":"helm_git","description":"Helm Git config (for SOURCE_TYPE_HELM_GIT).","$ref":"#/components/schemas/admiral.source.v1.HelmGitConfig"}},"title":"helm_git","required":["helm_git"]},{"type":"object","properties":{"helm_oci":{"title":"helm_oci","description":"Helm OCI config (for SOURCE_TYPE_HELM_OCI).","$ref":"#/components/schemas/admiral.source.v1.HelmOCIConfig"}},"title":"helm_oci","required":["helm_oci"]},{"type":"object","properties":{"helm_repository":{"title":"helm_repository","description":"Helm HTTP repository config (for SOURCE_TYPE_HELM_REPOSITORY).","$ref":"#/components/schemas/admiral.source.v1.HelmRepositoryConfig"}},"title":"helm_repository","required":["helm_repository"]},{"type":"object","properties":{"kustomize_git":{"title":"kustomize_git","description":"Kustomize Git config (for SOURCE_TYPE_KUSTOMIZE_GIT).","$ref":"#/components/schemas/admiral.source.v1.KustomizeGitConfig"}},"title":"kustomize_git","required":["kustomize_git"]},{"type":"object","properties":{"manifest_git":{"title":"manifest_git","description":"Raw manifest Git config (for SOURCE_TYPE_MANIFEST_GIT).","$ref":"#/components/schemas/admiral.source.v1.ManifestGitConfig"}},"title":"manifest_git","required":["manifest_git"]},{"type":"object","properties":{"terraform_git":{"title":"terraform_git","description":"Terraform Git module config (for SOURCE_TYPE_TERRAFORM_GIT).","$ref":"#/components/schemas/admiral.source.v1.TerraformGitConfig"}},"title":"terraform_git","required":["terraform_git"]},{"type":"object","properties":{"terraform_registry":{"title":"terraform_registry","description":"Terraform Registry Protocol config (for SOURCE_TYPE_TERRAFORM_REGISTRY).","$ref":"#/components/schemas/admiral.source.v1.TerraformRegistryConfig"}},"title":"terraform_registry","required":["terraform_registry"]}]}],"title":"Source","additionalProperties":false,"description":"Source represents a fetchable artifact definition -- a pointer to an external\n module, chart, or manifest set that Admiral can fetch, inspect, and render\n into deployment snapshots.\n\n Sources are tenant-scoped and optionally marked as catalog entries (curated,\n pre-approved artifacts managed by platform engineers).","example":{"id":"f6a7b8c9-0123-4def-5678-901234567890","name":"nginx-ingress","description":"NGINX Ingress Controller Helm chart from the official repository.","type":"SOURCE_TYPE_HELM_REPOSITORY","url":"https://kubernetes.github.io/ingress-nginx","catalog":true,"labels":{"category":"networking","team":"platform"},"created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-08-01T12:00:00Z","updated_at":"2025-10-20T09:00:00Z"}},"admiral.source.v1.Source.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.source.v1.SourceInput":{"type":"object","properties":{"name":{"type":"string","title":"name","description":"Parameter name (e.g., \"instance_class\", \"replicaCount\")."},"type":{"type":"string","title":"type","description":"Type constraint as a string. For Terraform: HCL type expression\n (e.g., \"string\", \"number\", \"list(string)\", \"object({name=string})\").\n For Helm: JSON Schema type (e.g., \"string\", \"integer\", \"object\").\n Empty if type cannot be determined."},"description":{"type":"string","title":"description","description":"Human-readable description of the parameter. From Terraform variable\n description or Helm values.schema.json description field."},"default_value":{"type":["string","null"],"title":"default_value","description":"JSON-encoded default value. Null/absent means no default (parameter is\n required). For Terraform, this is the default from the variable block.\n For Helm, this is the value from values.yaml."},"required":{"type":"boolean","title":"required","description":"Whether this parameter is required (no default value provided).\n For Terraform: true when the variable has no default.\n For Helm: true when values.schema.json marks it as required."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether this parameter is sensitive (should be masked in logs and UI).\n For Terraform: from the variable's sensitive attribute.\n For Helm: not typically available."}},"title":"SourceInput","additionalProperties":false,"description":"SourceInput represents a configurable parameter discovered from the source\n artifact. For Terraform modules, these are variable blocks. For Helm charts,\n these are entries from values.yaml (with optional type info from\n values.schema.json)."},"admiral.source.v1.SourceOutput":{"type":"object","properties":{"name":{"type":"string","title":"name","description":"Output name (e.g., \"endpoint\", \"db_arn\", \"connection_string\")."},"type":{"type":"string","title":"type","description":"Type of the output value, if declared (e.g., \"string\", \"list(string)\")."},"description":{"type":"string","title":"description","description":"Human-readable description of the output."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether this output is sensitive (masked in logs and CLI output)."}},"title":"SourceOutput","additionalProperties":false,"description":"SourceOutput represents a value produced by the source after apply. Only\n meaningful for Terraform modules, which declare formal output blocks.\n Workload sources (Helm, Kustomize, manifests) do not have formal outputs --\n workload component outputs are user-declared at the component level, not\n discovered from the source."},"admiral.source.v1.SourceType":{"type":"string","title":"SourceType","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_TERRAFORM_REGISTRY","SOURCE_TYPE_TERRAFORM_GIT","SOURCE_TYPE_HELM_REPOSITORY","SOURCE_TYPE_HELM_OCI","SOURCE_TYPE_HELM_GIT","SOURCE_TYPE_KUSTOMIZE_GIT","SOURCE_TYPE_MANIFEST_GIT","SOURCE_TYPE_ARCHIVE"],"description":"SourceType identifies the kind of artifact and the protocol used to fetch it."},"admiral.source.v1.SourceVersion":{"type":"object","properties":{"version":{"type":"string","title":"version","description":"Version identifier. For registry sources, this is a semver string\n (e.g., \"1.2.3\"). For Git sources, this is a tag name (e.g., \"v1.2.3\").\n For OCI, this is a tag."},"published_at":{"title":"published_at","description":"When this version was published or tagged. May not be available for all\n source types.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"description":{"type":"string","title":"description","description":"Optional description or release notes for this version. Typically only\n available from registry sources."}},"title":"SourceVersion","additionalProperties":false,"description":"SourceVersion represents an available version of a source artifact, as\n reported by the external system (registry, repository, Git tags)."},"admiral.source.v1.SyncSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to sync (UUID)."}},"title":"SyncSourceRequest","additionalProperties":false,"description":"SyncSourceRequest triggers a metadata refresh for a source."},"admiral.source.v1.SyncSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The source with refreshed metadata.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"SyncSourceResponse","additionalProperties":false,"description":"SyncSourceResponse confirms the sync was triggered."},"admiral.source.v1.TerraformGitConfig":{"type":"object","properties":{"path":{"type":"string","title":"path","description":"Subdirectory within the repository containing the module root.\n Uses double-slash convention (e.g., \"modules/vpc\"). Empty means repo root."},"default_ref":{"type":"string","title":"default_ref","description":"Default Git ref (branch, tag, or commit SHA) to use when no version is\n specified. Typically a branch name like \"main\" or a tag like \"v1.0.0\"."}},"title":"TerraformGitConfig","additionalProperties":false,"description":"TerraformGitConfig provides additional parameters for Terraform modules\n sourced from Git repositories."},"admiral.source.v1.TerraformRegistryConfig":{"type":"object","properties":{"namespace":{"type":"string","title":"namespace","minLength":1,"description":"Module namespace in the registry (e.g., \"hashicorp\", \"myorg\")."},"module_name":{"type":"string","title":"module_name","minLength":1,"description":"Module name in the registry (e.g., \"consul\", \"rds\")."},"system":{"type":"string","title":"system","minLength":1,"description":"Target system / provider (e.g., \"aws\", \"azurerm\", \"google\")."}},"title":"TerraformRegistryConfig","additionalProperties":false,"description":"TerraformRegistryConfig provides additional parameters for Terraform module\n registry sources."},"admiral.source.v1.UpdateSourceRequest":{"type":"object","properties":{"source":{"title":"source","description":"The source with updated fields. Only fields specified in `update_mask`\n are updated.","$ref":"#/components/schemas/admiral.source.v1.Source"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `name`, `description`, `url`, `connection_id`, `catalog`,\n `source_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateSourceRequest","required":["source"],"additionalProperties":false,"description":"UpdateSourceRequest contains the source fields to update."},"admiral.source.v1.UpdateSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The updated source.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"UpdateSourceResponse","additionalProperties":false,"description":"UpdateSourceResponse contains the updated source."},"admiral.state.v1.DeleteStateRequest":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The unique identifier of the state record to delete (UUID).\n Fails if the state is currently locked -- force-unlock first."}},"title":"DeleteStateRequest","additionalProperties":false,"description":"DeleteStateRequest identifies a state record to permanently delete."},"admiral.state.v1.DeleteStateResponse":{"type":"object","title":"DeleteStateResponse","additionalProperties":false,"description":"DeleteStateResponse is empty on success."},"admiral.state.v1.ForceUnlockStateRequest":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The state record to force-unlock (UUID)."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Reason for force-unlocking (audited). Recommended to provide context\n for why the lock is being broken (e.g., \"runner crashed during apply\")."}},"title":"ForceUnlockStateRequest","additionalProperties":false,"description":"ForceUnlockStateRequest identifies a state to force-unlock."},"admiral.state.v1.ForceUnlockStateResponse":{"type":"object","title":"ForceUnlockStateResponse","additionalProperties":false,"description":"ForceUnlockStateResponse confirms the lock was forcefully released."},"admiral.state.v1.GetCurrentStateRequest":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The unique identifier of the state record (UUID)."}},"title":"GetCurrentStateRequest","additionalProperties":false,"description":"GetCurrentStateRequest identifies a state record to retrieve."},"admiral.state.v1.GetCurrentStateResponse":{"type":"object","properties":{"state":{"title":"state","description":"The state record including current data and any active lock.","$ref":"#/components/schemas/admiral.state.v1.State"}},"title":"GetCurrentStateResponse","additionalProperties":false,"description":"GetCurrentStateResponse contains the state record with current data and\n lock info."},"admiral.state.v1.GetStateRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job to fetch state for (UUID). The server resolves the component\n and environment from the job's binding."}},"title":"GetStateRequest","additionalProperties":false,"description":"GetStateRequest fetches the current state for a job."},"admiral.state.v1.GetStateResponse":{"type":"object","properties":{"data":{"type":"string","title":"data","format":"byte","description":"The raw Terraform state data (JSON-encoded). Empty if no state exists\n yet (fresh init -- Terraform handles this gracefully)."}},"title":"GetStateResponse","additionalProperties":false,"description":"GetStateResponse contains the current state data."},"admiral.state.v1.GetStateVersionRequest":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The state record (UUID)."},"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"The serial number of the version to retrieve."}},"title":"GetStateVersionRequest","additionalProperties":false,"description":"GetStateVersionRequest identifies a specific historical state version."},"admiral.state.v1.GetStateVersionResponse":{"type":"object","properties":{"version":{"title":"version","description":"The state version metadata.","$ref":"#/components/schemas/admiral.state.v1.StateVersion"},"data":{"type":"string","title":"data","format":"byte","description":"The raw Terraform state data (JSON-encoded) at this serial."}},"title":"GetStateVersionResponse","additionalProperties":false,"description":"GetStateVersionResponse contains the full state data at a historical serial.\n Returns both the version metadata and the raw data separately -- the\n StateVersion message intentionally omits data to keep ListStateVersions\n lightweight."},"admiral.state.v1.ListStateVersionsRequest":{"type":"object","properties":{"state_id":{"type":"string","title":"state_id","format":"uuid","description":"The state record to list versions for (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListStateVersionsRequest","additionalProperties":false,"description":"ListStateVersionsRequest contains pagination parameters for version history."},"admiral.state.v1.ListStateVersionsResponse":{"type":"object","properties":{"versions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.state.v1.StateVersion"},"title":"versions","description":"The list of state versions, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListStateVersionsResponse","additionalProperties":false,"description":"ListStateVersionsResponse contains a page of state version metadata."},"admiral.state.v1.ListStatesRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `component_id` -- states for a specific component (UUID).\n - `environment_id` -- states for a specific environment (UUID).\n - `application_id` -- states for all components belonging to an\n application (UUID). The server resolves the application's components\n and returns states for all of them. Can be combined with\n `environment_id`."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of states to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListStatesRequest","additionalProperties":false,"description":"ListStatesRequest contains pagination and filter parameters."},"admiral.state.v1.ListStatesResponse":{"type":"object","properties":{"states":{"type":"array","items":{"$ref":"#/components/schemas/admiral.state.v1.StateSummary"},"title":"states","description":"The list of state summaries (metadata only, no state data blob).\n Use GetCurrentState to fetch full data for a specific record."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListStatesResponse","additionalProperties":false,"description":"ListStatesResponse contains a page of state metadata."},"admiral.state.v1.LockStateRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job requesting the lock (UUID)."},"lock_id":{"type":"string","title":"lock_id","format":"uuid","description":"Terraform-generated lock ID (UUID)."},"operation":{"type":"string","title":"operation","description":"The Terraform operation requesting the lock."},"who":{"type":"string","title":"who","description":"Identifier of who is requesting the lock."},"version":{"type":"string","title":"version","description":"Terraform/OpenTofu version of the client requesting the lock."}},"title":"LockStateRequest","additionalProperties":false,"description":"LockStateRequest acquires an exclusive lock on the job's state."},"admiral.state.v1.LockStateResponse":{"type":"object","title":"LockStateResponse","additionalProperties":false,"description":"LockStateResponse confirms the lock was acquired."},"admiral.state.v1.PushStateRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job pushing state (UUID)."},"data":{"type":"string","title":"data","maxLength":67108864,"minLength":1,"format":"byte","description":"The raw Terraform state data (JSON-encoded). Maximum 64 MiB."},"md5":{"type":"string","title":"md5","minLength":1,"description":"MD5 hash of the state data."},"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"Terraform state serial number. Must be greater than the current serial."},"lineage":{"type":"string","title":"lineage","minLength":1,"description":"Terraform state lineage. Must match the existing lineage if the state\n record already exists."}},"title":"PushStateRequest","additionalProperties":false,"description":"PushStateRequest stores a new state version."},"admiral.state.v1.PushStateResponse":{"type":"object","title":"PushStateResponse","additionalProperties":false,"description":"PushStateResponse acknowledges the state was stored."},"admiral.state.v1.State":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the state record (UUID, server-generated)."},"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The infrastructure component this state belongs to (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this state is scoped to (UUID)."},"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"Terraform state serial number. Monotonically increasing with each\n successful apply. Used for optimistic concurrency control."},"data":{"type":"string","title":"data","format":"byte","description":"The raw Terraform state data (JSON-encoded). This is the opaque\n `.tfstate` blob managed by Terraform. Can be several megabytes for\n large workspaces."},"md5":{"type":"string","title":"md5","description":"MD5 hash of the state data. Used by Terraform for integrity checks\n and conditional updates."},"lineage":{"type":"string","title":"lineage","description":"Terraform state lineage -- a UUID generated on first init. All\n subsequent writes must match this lineage to prevent cross-state\n contamination."},"lock":{"title":"lock","description":"Active lock on this state, if any. Absent when the state is unlocked.","$ref":"#/components/schemas/admiral.state.v1.StateLock"},"created_at":{"title":"created_at","description":"When the state record was first created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the state data was last updated (last successful PushState).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"State","additionalProperties":false,"description":"State represents the full Terraform state for an infrastructure component\n in a specific environment, including the raw state data blob. Each\n component + environment combination has at most one state record. The\n server creates the record on first PushState.\n\n This message is returned by GetCurrentState. For list operations, see\n StateSummary which omits the data blob."},"admiral.state.v1.StateLock":{"type":"object","properties":{"lock_id":{"type":"string","title":"lock_id","format":"uuid","description":"Unique identifier for the lock (UUID, generated by Terraform/OpenTofu)."},"operation":{"type":"string","title":"operation","description":"The Terraform operation holding the lock. Common values:\n - \"OperationTypePlan\"\n - \"OperationTypeApply\"\n This value is set by the Terraform client and is informational only."},"who":{"type":"string","title":"who","description":"Identifier of who holds the lock. Populated by Terraform -- typically\n the format \"username@hostname\" (e.g., \"deploy@prod-runner-01\").\n This field is informational only; its format is controlled by Terraform."},"version":{"type":"string","title":"version","description":"Terraform/OpenTofu version string of the client holding the lock\n (e.g., \"1.7.5\")."},"acquired_at":{"title":"acquired_at","description":"When the lock was acquired.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"StateLock","additionalProperties":false,"description":"StateLock represents an exclusive lock on a state record. Terraform acquires\n locks before plan/apply to prevent concurrent modifications. The lock_id is\n generated by Terraform (as a UUID) and included in all lock/unlock requests."},"admiral.state.v1.StateSummary":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the state record (UUID)."},"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The infrastructure component this state belongs to (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this state is scoped to (UUID)."},"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"Terraform state serial number."},"md5":{"type":"string","title":"md5","description":"MD5 hash of the current state data."},"lineage":{"type":"string","title":"lineage","description":"Terraform state lineage."},"size_bytes":{"type":["integer","string"],"title":"size_bytes","format":"int64","description":"Size of the current state data in bytes."},"lock":{"title":"lock","description":"Active lock on this state, if any. Absent when the state is unlocked.","$ref":"#/components/schemas/admiral.state.v1.StateLock"},"created_at":{"title":"created_at","description":"When the state record was first created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the state data was last updated (last successful PushState).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"StateSummary","additionalProperties":false,"description":"StateSummary contains state metadata without the raw data blob. Used in\n ListStates to keep list responses lightweight. Use GetCurrentState to\n fetch the full state data for a specific record."},"admiral.state.v1.StateVersion":{"type":"object","properties":{"serial":{"type":["integer","string"],"title":"serial","format":"int64","description":"Terraform state serial number for this version."},"md5":{"type":"string","title":"md5","description":"MD5 hash of the state data at this version."},"lineage":{"type":"string","title":"lineage","description":"Terraform state lineage."},"size_bytes":{"type":["integer","string"],"title":"size_bytes","format":"int64","description":"Size of the state data in bytes."},"job_id":{"type":["string","null"],"title":"job_id","format":"uuid","description":"The job that produced this state version (UUID). Absent for state that\n was written outside the normal job lifecycle -- for example, state\n uploaded directly via an admin migration tool, or state that existed\n before Admiral began managing the component."},"created_at":{"title":"created_at","description":"When this state version was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"StateVersion","additionalProperties":false,"description":"StateVersion contains metadata about a historical state version. Used in\n ListStateVersions to provide version history without the full state data\n blob."},"admiral.state.v1.UnlockStateRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job releasing the lock (UUID)."},"lock_id":{"type":"string","title":"lock_id","format":"uuid","description":"The lock_id to release (UUID). Must match the currently held lock."}},"title":"UnlockStateRequest","additionalProperties":false,"description":"UnlockStateRequest releases the lock on the job's state."},"admiral.state.v1.UnlockStateResponse":{"type":"object","title":"UnlockStateResponse","additionalProperties":false,"description":"UnlockStateResponse confirms the lock was released."},"admiral.user.v1.CreatePersonalAccessTokenRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"postman-testing\").\n Must be unique per user within the tenant. Lowercase alphanumeric and\n hyphens only."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"The scopes to grant this token. Must be valid scopes allowed for PATs.\n The server enforces that issued scopes are a subset of the caller's own\n scopes -- a token cannot grant more access than the user holds."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.\n Tenant policies may enforce a maximum lifetime.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreatePersonalAccessTokenRequest","additionalProperties":false,"description":"CreatePersonalAccessTokenRequest contains the parameters for creating a new PAT."},"admiral.user.v1.CreatePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The created token metadata.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw token secret (e.g., \"adm_pat_7kH3mNqR2xFb...\"). This value is\n shown exactly once and cannot be retrieved again. Store it securely."}},"title":"CreatePersonalAccessTokenResponse","additionalProperties":false,"description":"CreatePersonalAccessTokenResponse contains the newly created PAT."},"admiral.user.v1.GetMeRequest":{"type":"object","title":"GetMeRequest","additionalProperties":false,"description":"GetMeRequest is the request message for GetMe.\n No parameters are required as the user is identified by the auth token."},"admiral.user.v1.GetMeResponse":{"type":"object","properties":{"user":{"title":"user","description":"The user profile.","$ref":"#/components/schemas/admiral.user.v1.User"}},"title":"GetMeResponse","additionalProperties":false,"description":"GetMeResponse contains the authenticated user's profile."},"admiral.user.v1.GetPersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}},"title":"GetPersonalAccessTokenRequest","additionalProperties":false,"description":"GetPersonalAccessTokenRequest identifies a PAT to retrieve."},"admiral.user.v1.GetPersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata. The token secret is never included.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"GetPersonalAccessTokenResponse","additionalProperties":false,"description":"GetPersonalAccessTokenResponse contains the requested PAT metadata."},"admiral.user.v1.GetUserRequest":{"type":"object","properties":{"user_id":{"type":"string","title":"user_id","format":"uuid","description":"The unique identifier of the user (UUID)."}},"title":"GetUserRequest","additionalProperties":false,"description":"GetUserRequest identifies a user to retrieve by ID."},"admiral.user.v1.GetUserResponse":{"type":"object","properties":{"user":{"title":"user","description":"The user profile.","$ref":"#/components/schemas/admiral.user.v1.User"}},"title":"GetUserResponse","additionalProperties":false,"description":"GetUserResponse contains the requested user's profile."},"admiral.user.v1.ListPersonalAccessTokensRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL.\n\n Filterable fields:\n - `name` -- filter by token name.\n - `status` -- filter by token status (ACTIVE, REVOKED, EXPIRED).\n\n Example: `field['status'] = 'ACTIVE'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListPersonalAccessTokensRequest","additionalProperties":false,"description":"ListPersonalAccessTokensRequest contains pagination and filter parameters."},"admiral.user.v1.ListPersonalAccessTokensResponse":{"type":"object","properties":{"access_tokens":{"type":"array","items":{"$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"title":"access_tokens","description":"The list of tokens. Token secrets are never included."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListPersonalAccessTokensResponse","additionalProperties":false,"description":"ListPersonalAccessTokensResponse contains a page of PAT metadata."},"admiral.user.v1.RevokePersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokePersonalAccessTokenRequest","additionalProperties":false,"description":"RevokePersonalAccessTokenRequest identifies a PAT to revoke."},"admiral.user.v1.RevokePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata with updated status.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"RevokePersonalAccessTokenResponse","additionalProperties":false,"description":"RevokePersonalAccessTokenResponse contains the revoked PAT metadata."},"admiral.user.v1.UpdatePersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."},"name":{"type":["string","null"],"title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"New name for the token. Must follow the same naming rules as creation.\n Omit to leave the name unchanged."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"New scopes for the token. Replaces all existing scopes.\n The server enforces that issued scopes are a subset of the caller's own\n scopes -- a token cannot grant more access than the user holds.\n Omit to leave scopes unchanged."}},"title":"UpdatePersonalAccessTokenRequest","additionalProperties":false,"description":"UpdatePersonalAccessTokenRequest contains the fields to update on a PAT.\n Only provided fields are updated; omitted fields remain unchanged."},"admiral.user.v1.UpdatePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The updated token metadata.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"UpdatePersonalAccessTokenResponse","additionalProperties":false,"description":"UpdatePersonalAccessTokenResponse contains the updated PAT metadata."},"admiral.user.v1.User":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the user (UUID)."},"email":{"type":"string","title":"email","description":"User's email address."},"email_verified":{"type":"boolean","title":"email_verified","description":"Whether the email has been verified by the IdP."},"display_name":{"type":["string","null"],"title":"display_name","description":"User's display name for UI purposes."},"given_name":{"type":["string","null"],"title":"given_name","description":"User's given (first) name."},"family_name":{"type":["string","null"],"title":"family_name","description":"User's family (last) name."},"avatar_url":{"type":["string","null"],"title":"avatar_url","description":"URL to the user's avatar image."},"created_at":{"title":"created_at","description":"When the user was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the user was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"User","additionalProperties":false,"description":"User represents a user's profile information.","example":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","email":"alex.chen@example.com","display_name":"Alex Chen","given_name":"Alex","family_name":"Chen","avatar_url":"https://avatars.example.com/alex-chen.jpg","created_at":"2025-06-01T09:00:00Z","updated_at":"2025-11-15T11:00:00Z"}},"admiral.variable.v1.CreateVariableRequest":{"type":"object","properties":{"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable name. Must be a valid environment variable identifier\n (e.g., \"DATABASE_URL\", \"API_KEY\")."},"value":{"type":"string","title":"value","minLength":1,"description":"The variable value. For COMPLEX type, must be valid JSON."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether the variable value should be encrypted at rest and masked in\n API responses."},"type":{"title":"type","description":"How the value should be interpreted. Defaults to STRING if not specified.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the variable's purpose."},"application_id":{"type":["string","null"],"title":"application_id","format":"uuid","description":"The application to scope this variable to (UUID). When set without\n environment_id, the variable applies to all environments in the app."},"environment_id":{"type":["string","null"],"title":"environment_id","format":"uuid","description":"The environment to scope this variable to (UUID). Requires application_id.\n When set, the variable applies only to this specific environment."}},"title":"CreateVariableRequest","additionalProperties":false,"description":"CreateVariableRequest contains the parameters for creating a new variable.\n The variable's scope is derived from the presence of application_id and\n environment_id: neither means global, application_id only means app-scoped,\n both means environment-scoped."},"admiral.variable.v1.CreateVariableResponse":{"type":"object","properties":{"variable":{"title":"variable","description":"The created variable.","$ref":"#/components/schemas/admiral.variable.v1.Variable"}},"title":"CreateVariableResponse","additionalProperties":false,"description":"CreateVariableResponse contains the newly created variable."},"admiral.variable.v1.DeleteVariableRequest":{"type":"object","properties":{"variable_id":{"type":"string","title":"variable_id","format":"uuid","description":"The unique identifier of the variable to delete (UUID)."}},"title":"DeleteVariableRequest","additionalProperties":false,"description":"DeleteVariableRequest identifies a variable to delete."},"admiral.variable.v1.DeleteVariableResponse":{"type":"object","title":"DeleteVariableResponse","additionalProperties":false,"description":"DeleteVariableResponse is empty on success."},"admiral.variable.v1.GetVariableRequest":{"type":"object","properties":{"variable_id":{"type":"string","title":"variable_id","format":"uuid","description":"The unique identifier of the variable (UUID)."}},"title":"GetVariableRequest","additionalProperties":false,"description":"GetVariableRequest identifies a variable to retrieve."},"admiral.variable.v1.GetVariableResponse":{"type":"object","properties":{"variable":{"title":"variable","description":"The variable record. Sensitive variable values are masked.","$ref":"#/components/schemas/admiral.variable.v1.Variable"}},"title":"GetVariableResponse","additionalProperties":false,"description":"GetVariableResponse contains the variable record."},"admiral.variable.v1.ListVariablesRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression using the PEG filter DSL.\n\n Common filter fields:\n - `application_id` -- scope to an application (triggers merge with\n app-level variables alongside global variables).\n - `environment_id` -- scope to an environment (requires application_id;\n triggers merge with environment-level variables).\n - `sensitive` -- filter by sensitivity.\n - `type` -- filter by variable type.\n - `key` -- filter by variable key (supports prefix matching)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of variables to return per page."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListVariablesRequest","additionalProperties":false,"description":"ListVariablesRequest contains filters and pagination parameters.\n\n The filter determines which variables are included in the merged view\n based on the presence of `application_id` and `environment_id` fields:\n - Neither field in filter: global variables only.\n - `application_id` in filter: global + app-level variables merged.\n - `application_id` + `environment_id` in filter: global + app + environment\n variables merged.\n\n When variables with the same key exist at multiple levels, all are returned\n so clients can determine precedence."},"admiral.variable.v1.ListVariablesResponse":{"type":"object","properties":{"variables":{"type":"array","items":{"$ref":"#/components/schemas/admiral.variable.v1.Variable"},"title":"variables","description":"The list of variables from all applicable levels."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListVariablesResponse","additionalProperties":false,"description":"ListVariablesResponse contains a page of variables."},"admiral.variable.v1.UpdateVariableRequest":{"type":"object","properties":{"variable":{"title":"variable","description":"The variable with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.variable.v1.Variable"},"update_mask":{"title":"update_mask","description":"The set of fields to update. If unset, all mutable fields are updated.\n Supported fields: `value`, `sensitive`, `type`, `description`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateVariableRequest","required":["variable"],"additionalProperties":false,"description":"UpdateVariableRequest contains the variable fields to update."},"admiral.variable.v1.UpdateVariableResponse":{"type":"object","properties":{"variable":{"title":"variable","description":"The updated variable.","$ref":"#/components/schemas/admiral.variable.v1.Variable"}},"title":"UpdateVariableResponse","additionalProperties":false,"description":"UpdateVariableResponse contains the updated variable."},"admiral.variable.v1.Variable":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the variable (UUID)."},"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable name. Must be a valid environment variable identifier\n (e.g., \"DATABASE_URL\", \"API_KEY\"). Alphanumeric and underscores\n (uppercase conventional but lowercase accepted), must start with a letter\n or underscore (max 255 chars)."},"value":{"type":"string","title":"value","description":"The variable value. Always stored as a string -- use `type` to indicate\n how to interpret it. Masked or empty for sensitive variables in responses.\n\n For COMPLEX type, this is a JSON-encoded string (e.g., '[\"a\",\"b\"]' or\n '{\"key\":\"value\"}'). The rendering engine converts it to the target format\n (HCL for Terraform, YAML for Helm)."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether the variable value is encrypted at rest and masked in API responses."},"type":{"title":"type","description":"How the value should be interpreted by the rendering engine and displayed\n in the UI. Defaults to STRING if not specified.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the variable's purpose (e.g., \"Maximum replica\n count for production scaling\" or \"RDS instance class per environment\")."},"application_id":{"type":["string","null"],"title":"application_id","format":"uuid","description":"The application this variable is scoped to (UUID). When set, the variable\n is scoped to this application. When both application_id and environment_id\n are set, the variable is scoped to that specific environment.\n Absent means the variable is global (tenant-wide)."},"environment_id":{"type":["string","null"],"title":"environment_id","format":"uuid","description":"The environment this variable is scoped to (UUID). Requires application_id.\n When set alongside application_id, the variable applies only to this\n specific environment within the application."},"created_by":{"title":"created_by","description":"The user or agent who created this variable (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"updated_by":{"title":"updated_by","description":"The user or agent who last updated this variable (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the variable was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the variable was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Variable","additionalProperties":false,"description":"Variable represents a configuration key-value pair scoped to a tenant,\n application, or application+environment. Variables are resolved at deployment\n time into immutable deployment snapshots.\n\n Variables are user-managed configuration values, distinct from component\n outputs which are system-managed values produced by apply (e.g., Terraform\n outputs). Component outputs are resolved at render time and referenced via\n a separate namespace ({{ .component.. }}).","example":{"id":"1a2b3c4d-5e6f-7890-abcd-ef0123456789","key":"DATABASE_URL","value":"postgresql://db.internal:5432/inventory","sensitive":false,"type":"VARIABLE_TYPE_STRING","scope":"VARIABLE_SCOPE_ENVIRONMENT","description":"Primary database connection string for the inventory service.","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","environment_id":"e5f6a7b8-9012-3cde-f456-789012345678","created_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","updated_by":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_at":"2025-09-16T12:00:00Z","updated_at":"2025-10-30T15:00:00Z"}},"admiral.variable.v1.VariableType":{"type":"string","title":"VariableType","enum":["VARIABLE_TYPE_UNSPECIFIED","VARIABLE_TYPE_STRING","VARIABLE_TYPE_NUMBER","VARIABLE_TYPE_BOOLEAN","VARIABLE_TYPE_COMPLEX"],"description":"VariableType indicates how the variable value should be interpreted by the\n rendering engine and displayed in the UI. The value is always stored as a\n string regardless of type."},"google.protobuf.Duration":{"type":"string","format":"duration","description":"$82"},"google.protobuf.FieldMask":{"type":"string","description":"$83"},"google.protobuf.Timestamp":{"type":"string","examples":["2023-01-15T01:30:15.01Z","2024-12-25T12:00:00Z"],"format":"date-time","description":"$84"}},"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"PAT","description":"Personal Access Token (PAT) or Service Access Token (SAT). Pass the token in the Authorization header: `Bearer adm_pat_...`"}}},"security":[{"bearerAuth":[]}],"tags":[{"name":"Applications","description":"Manage application lifecycle and configuration.","kind":"nav"},{"name":"Clusters","description":"Manage Kubernetes clusters, service access tokens, and workload telemetry.","kind":"nav"},{"name":"Cluster Tokens","description":"Manage service access tokens for cluster agents.","kind":"nav"},{"name":"Cluster Workloads","description":"View workloads running on registered clusters.","kind":"nav"},{"name":"Cluster Agent","description":"Agent-facing endpoints for cluster telemetry and revision delivery. Requires a cluster SAT.","kind":"nav"},{"name":"Components","description":"Manage application components and environment overrides.","kind":"nav"},{"name":"Connections","description":"Manage credentials for accessing external systems.","kind":"nav"},{"name":"Deployments","description":"Manage deployments and track component revisions.","kind":"nav"},{"name":"Environments","description":"Manage deployment target environments.","kind":"nav"},{"name":"Runners","description":"Manage infrastructure runners, tokens, and job execution.","kind":"nav"},{"name":"Runner Tokens","description":"Manage service access tokens for runners.","kind":"nav"},{"name":"Runner Jobs","description":"View jobs assigned to runners.","kind":"nav"},{"name":"Runner Execution","description":"Runner-facing endpoints for heartbeat and job execution. Requires a runner SAT.","kind":"nav"},{"name":"Sources","description":"Manage source definitions for external artifacts.","kind":"nav"},{"name":"State","description":"Manage Terraform state records, version history, and locks.","kind":"nav"},{"name":"State Backend","description":"Terraform HTTP state backend used by runners during job execution. Requires a runner SAT.","kind":"nav"},{"name":"User","description":"Retrieve user profiles.","kind":"nav"},{"name":"Personal Access Tokens","description":"Manage personal access tokens for API authentication.","kind":"nav"},{"name":"Variables","description":"Manage configuration variables across scopes.","kind":"nav"}],"servers":[{"url":"{baseUrl}","description":"Admiral API server","variables":{"baseUrl":{"default":"https://admiral.example.com","description":"The base URL of your Admiral instance."}}}]},"proxyUrl":"/api/proxy"},"document":"./openapi.v3.yaml","operations":[{"method":"delete","path":"/api/v1/applications/{application_id}","tags":["Applications"]}],"showDescription":true}]}]]}]

Delete an application

Authorization

Path Parameters

Response Body

200application/json

`application/json`