69:["$","$L73",null,{"full":true,"children":[["$","$L74",null,{"children":"Delete a source"}],["$","$L75",null,{"children":["$","$L76",null,{"payload":{"bundled":{"openapi":"3.2.0","info":{"title":"Admiral API","description":"The Admiral REST API for managing applications, infrastructure, and runs. See https://admiral.io/docs for complete documentation.","version":"v1"},"paths":{"/api/v1/agents":{"get":{"tags":["Agents"],"summary":"List agents","description":"Scope: `agent:read`","operationId":"AgentAPI_ListAgents","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `kind`: filter by agent kind (TERRAFORM, KUBERNETES).\n - `name`: filter by agent name.\n - `health_status`: filter by health status.\n - `labels.key`: filter by label key.\n\n Example: `field['kind'] = 'KUBERNETES' AND field['health_status'] = 'HEALTHY'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `kind`: filter by agent kind (TERRAFORM, KUBERNETES).\n - `name`: filter by agent name.\n - `health_status`: filter by health status.\n - `labels.key`: filter by label key.\n\n Example: `field['kind'] = 'KUBERNETES' AND field['health_status'] = 'HEALTHY'`"}},{"name":"page_size","in":"query","description":"Maximum number of agents to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of agents to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ListAgentsResponse"}}}}}},"post":{"tags":["Agents"],"summary":"Create an agent","description":"The request's `kind` selects the agent's execution plane (TERRAFORM or KUBERNETES)\n and determines the SAT's auto-assigned scopes. The kind is immutable.\n\n The response includes a `plain_text_token`: the raw SAT secret shown\n exactly once. Deploy this token to the agent binary for authentication.\n\n Scope: `agent:write`","operationId":"AgentAPI_CreateAgent","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.CreateAgentRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.CreateAgentResponse"}}}}}}},"/api/v1/agents/tokens/{token_id}":{"get":{"tags":["Agent Tokens"],"summary":"Retrieve an agent token","description":"Scope: `agent:read`","operationId":"AgentAPI_GetAgentToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.GetAgentTokenResponse"}}}}}}},"/api/v1/agents/tokens/{token_id}/revoke":{"post":{"tags":["Agent Tokens"],"summary":"Revoke an agent token","description":"Scope: `agent:write`","operationId":"AgentAPI_RevokeAgentToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token to revoke (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeAgentTokenRequest","required":["token_id"],"additionalProperties":false,"description":"RevokeAgentTokenRequest identifies an agent SAT to revoke. Token IDs are\n globally unique; the server resolves the parent agent from the token ID."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.RevokeAgentTokenResponse"}}}}}}},"/api/v1/agents/{agent.id}":{"patch":{"tags":["Agents"],"summary":"Update an agent","description":"Scope: `agent:write`","operationId":"AgentAPI_UpdateAgent","parameters":[{"name":"agent.id","in":"path","description":"Unique identifier for the agent (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the agent (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"agent":{"title":"agent","description":"The agent with updated fields. The `id` field is required. Only fields named\n in `update_mask` are updated. `kind` is immutable and cannot be updated.","$ref":"#/components/schemas/admiral.agent.v1.Agent"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateAgentRequest","required":["agent"],"additionalProperties":false,"description":"UpdateAgentRequest contains the agent fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.UpdateAgentResponse"}}}}}}},"/api/v1/agents/{agent_id}":{"get":{"tags":["Agents"],"summary":"Retrieve an agent","description":"Returns the Agent record with its server-derived health_status. For detailed\n telemetry (capacity, node/workload counts), use GetAgentStatus instead.\n\n Scope: `agent:read`","operationId":"AgentAPI_GetAgent","parameters":[{"name":"agent_id","in":"path","description":"The unique identifier of the agent (UUID).","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.GetAgentResponse"}}}}}},"delete":{"tags":["Agents"],"summary":"Delete an agent","description":"Scope: `agent:write`","operationId":"AgentAPI_DeleteAgent","parameters":[{"name":"agent_id","in":"path","description":"The unique identifier of the agent to delete (UUID). All associated service\n access tokens will be revoked.","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent to delete (UUID). All associated service\n access tokens will be revoked."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.DeleteAgentResponse"}}}}}}},"/api/v1/agents/{agent_id}/clear-identity-binding":{"post":{"tags":["Agents"],"summary":"Clear an agent's identity binding","description":"Only valid for KUBERNETES agents; TERRAFORM agents have no identity binding.\n\n Scope: `agent:write`","operationId":"AgentAPI_ClearAgentIdentityBinding","parameters":[{"name":"agent_id","in":"path","description":"The Admiral agent record ID (UUID), not the kube-system UID.","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The Admiral agent record ID (UUID), not the kube-system UID."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The Admiral agent record ID (UUID), not the kube-system UID."},"reason":{"type":"string","title":"reason","minLength":1,"description":"Free-text audit reason for the rebind (e.g. \"DR rebuild 2026-05-30\")."},"grace_window":{"title":"grace_window","description":"How long the grace window stays open. Defaults to 1h server-side if unset.","$ref":"#/components/schemas/google.protobuf.Duration"}},"title":"ClearAgentIdentityBindingRequest","required":["agent_id"],"additionalProperties":false,"description":"ClearAgentIdentityBindingRequest opens a rebind grace window for a KUBERNETES\n agent."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ClearAgentIdentityBindingResponse"}}}}}}},"/api/v1/agents/{agent_id}/events":{"get":{"tags":["Agents"],"summary":"List workload events","description":"Scope: `agent:read`","operationId":"AgentAPI_ListWorkloadEvents","parameters":[{"name":"agent_id","in":"path","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) whose events to list (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `type`: filter by event type (Normal, Warning).\n - `reason`: filter by event reason.\n - `component`: filter by reporting component.\n - `host`: filter by node.","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `type`: filter by event type (Normal, Warning).\n - `reason`: filter by event reason.\n - `component`: filter by reporting component.\n - `host`: filter by node."}},{"name":"page_size","in":"query","description":"Maximum number of events to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of events to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ListWorkloadEventsResponse"}}}}}}},"/api/v1/agents/{agent_id}/jobs":{"get":{"tags":["Agents"],"summary":"List agent jobs","description":"Scope: `agent:read`","operationId":"AgentAPI_ListAgentJobs","parameters":[{"name":"agent_id","in":"path","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent whose jobs to list (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `status`: filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type`: filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `run_id`: jobs for a specific run (UUID).","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `status`: filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type`: filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `run_id`: jobs for a specific run (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of jobs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of jobs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ListAgentJobsResponse"}}}}}}},"/api/v1/agents/{agent_id}/status":{"get":{"tags":["Agents"],"summary":"Retrieve agent status","description":"Returns NOT_FOUND if the agent does not exist. If the agent exists but has\n not reported yet, health_status will be PENDING and status will be absent.\n\n Scope: `agent:read`","operationId":"AgentAPI_GetAgentStatus","parameters":[{"name":"agent_id","in":"path","description":"The unique identifier of the agent (UUID).","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.GetAgentStatusResponse"}}}}}}},"/api/v1/agents/{agent_id}/tokens":{"get":{"tags":["Agent Tokens"],"summary":"List agent tokens","description":"Scope: `agent:read`","operationId":"AgentAPI_ListAgentTokens","parameters":[{"name":"agent_id","in":"path","description":"The agent to list tokens for (UUID).","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent to list tokens for (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED).","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED)."}},{"name":"page_size","in":"query","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ListAgentTokensResponse"}}}}}},"post":{"tags":["Agent Tokens"],"summary":"Create an agent token","description":"Use this to create additional SATs for an existing agent (e.g., for\n zero-downtime token rotation). The initial SAT is created automatically by\n CreateAgent.\n\n Scope: `agent:write`","operationId":"AgentAPI_CreateAgentToken","parameters":[{"name":"agent_id","in":"path","description":"The agent to bind this token to (UUID).","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent to bind this token to (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-agent-key\").\n Unique within the agent's tokens. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateAgentTokenRequest","required":["agent_id","name"],"additionalProperties":false,"description":"CreateAgentTokenRequest contains the parameters for creating a new SAT bound to\n an agent."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.CreateAgentTokenResponse"}}}}}}},"/api/v1/agents/{agent_id}/workloads":{"get":{"tags":["Agents"],"summary":"List workloads","description":"Scope: `agent:read`","operationId":"AgentAPI_ListWorkloads","parameters":[{"name":"agent_id","in":"path","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) whose workloads to list (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `namespace`: filter by Kubernetes namespace.\n - `kind`: filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name`: filter by workload name.\n - `health_status`: filter by workload health status.","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `namespace`: filter by Kubernetes namespace.\n - `kind`: filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name`: filter by workload name.\n - `health_status`: filter by workload health status."}},{"name":"page_size","in":"query","description":"Maximum number of workloads to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of workloads to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.ListWorkloadsResponse"}}}}}}},"/api/v1/agents/{agent_id}/workloads/{workload_id}":{"get":{"tags":["Agents"],"summary":"Retrieve a workload","description":"Scope: `agent:read`","operationId":"AgentAPI_GetWorkload","parameters":[{"name":"agent_id","in":"path","required":true,"schema":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) the workload belongs to (UUID)."}},{"name":"workload_id","in":"path","required":true,"schema":{"type":"string","title":"workload_id","format":"uuid","description":"The workload to retrieve (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.agent.v1.GetWorkloadResponse"}}}}}}},"/api/v1/applications":{"get":{"tags":["Applications"],"summary":"List applications","description":"Scope: `app:read`","operationId":"ApplicationAPI_ListApplications","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by application name.\n - `labels.key`: filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by application name.\n - `labels.key`: filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`"}},{"name":"page_size","in":"query","description":"Maximum number of applications to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of applications to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.ListApplicationsResponse"}}}}}},"post":{"tags":["Applications"],"summary":"Create an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_CreateApplication","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.CreateApplicationRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.CreateApplicationResponse"}}}}}}},"/api/v1/applications/{application.id}":{"patch":{"tags":["Applications"],"summary":"Update an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_UpdateApplication","parameters":[{"name":"application.id","in":"path","description":"Unique identifier for the application (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the application (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"application":{"title":"application","description":"The application with updated fields. Its `id` identifies the application;\n only fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.application.v1.Application"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateApplicationRequest","required":["application"],"additionalProperties":false,"description":"UpdateApplicationRequest contains the application fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.UpdateApplicationResponse"}}}}}}},"/api/v1/applications/{application_id}":{"get":{"tags":["Applications"],"summary":"Retrieve an application","description":"Scope: `app:read`","operationId":"ApplicationAPI_GetApplication","parameters":[{"name":"application_id","in":"path","description":"The unique identifier of the application (UUID).","required":true,"schema":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.GetApplicationResponse"}}}}}},"delete":{"tags":["Applications"],"summary":"Delete an application","description":"Scope: `app:write`","operationId":"ApplicationAPI_DeleteApplication","parameters":[{"name":"application_id","in":"path","description":"The unique identifier of the application to delete (UUID).","required":true,"schema":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application to delete (UUID)."}},{"name":"force","in":"query","description":"When true, bypass the children-exist check and cascade-delete all\n environments and their runs (metadata records only).","schema":{"type":"boolean","title":"force","description":"When true, bypass the children-exist check and cascade-delete all\n environments and their runs (metadata records only)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.application.v1.DeleteApplicationResponse"}}}}}}},"/api/v1/catalog-items":{"get":{"tags":["Catalog"],"summary":"List catalog items","description":"Scope: `catalog:read`","operationId":"CatalogAPI_ListCatalogItems","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by catalog item name.\n - `type`: filter by item type (TERRAFORM, HELM, KUSTOMIZE, MANIFEST).\n - `source_id`: filter by source reference.\n\n Example: `field['type'] = 'TERRAFORM'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by catalog item name.\n - `type`: filter by item type (TERRAFORM, HELM, KUSTOMIZE, MANIFEST).\n - `source_id`: filter by source reference.\n\n Example: `field['type'] = 'TERRAFORM'`"}},{"name":"page_size","in":"query","description":"Maximum number of catalog items to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of catalog items to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.ListCatalogItemsResponse"}}}}}},"post":{"tags":["Catalog"],"summary":"Create a catalog item","description":"The referenced source must exist. The item's ref, root, and path are\n optional and default to empty (meaning: the source's default ref, the\n repository root, and the root itself as working directory).\n\n Scope: `catalog:write`","operationId":"CatalogAPI_CreateCatalogItem","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.CreateCatalogItemRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.CreateCatalogItemResponse"}}}}}}},"/api/v1/catalog-items/{catalog_item.id}":{"patch":{"tags":["Catalog"],"summary":"Update a catalog item","description":"Scope: `catalog:write`","operationId":"CatalogAPI_UpdateCatalogItem","parameters":[{"name":"catalog_item.id","in":"path","description":"Unique identifier for the catalog item (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the catalog item (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"catalog_item":{"title":"catalog_item","description":"The catalog item with updated fields. Its `id` identifies the item; only\n fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `source_id`, `ref`, `root`, `path`, `labels`. `type` is\n immutable and cannot be updated.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateCatalogItemRequest","required":["catalog_item"],"additionalProperties":false,"description":"UpdateCatalogItemRequest contains the catalog item fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.UpdateCatalogItemResponse"}}}}}}},"/api/v1/catalog-items/{catalog_item_id}":{"get":{"tags":["Catalog"],"summary":"Retrieve a catalog item","description":"Scope: `catalog:read`","operationId":"CatalogAPI_GetCatalogItem","parameters":[{"name":"catalog_item_id","in":"path","description":"Unique identifier of the catalog item (UUID).","required":true,"schema":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.GetCatalogItemResponse"}}}}}},"delete":{"tags":["Catalog"],"summary":"Delete a catalog item","description":"Scope: `catalog:write`","operationId":"CatalogAPI_DeleteCatalogItem","parameters":[{"name":"catalog_item_id","in":"path","description":"Unique identifier of the catalog item to delete (UUID).","required":true,"schema":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item to delete (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.DeleteCatalogItemResponse"}}}}}}},"/api/v1/catalog-items/{catalog_item_id}/resolve":{"post":{"tags":["Catalog"],"summary":"Resolve a catalog item","description":"This operation fetches from the external system in real time and may take\n several seconds depending on the source type and size.\n\n Scope: `catalog:read`","operationId":"CatalogAPI_ResolveCatalogItem","parameters":[{"name":"catalog_item_id","in":"path","description":"Unique identifier of the catalog item to resolve (UUID).","required":true,"schema":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item to resolve (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"catalog_item_id":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item to resolve (UUID)."},"ref_override":{"type":"string","title":"ref_override","maxLength":256,"description":"Optional ref override. When set, this ref is used instead of the item's\n default ref. Useful for previewing a different version without modifying\n the catalog item definition."}},"title":"ResolveCatalogItemRequest","required":["catalog_item_id"],"additionalProperties":false,"description":"ResolveCatalogItemRequest identifies a catalog item to resolve."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.catalog.v1.ResolveCatalogItemResponse"}}}}}}},"/api/v1/changesets":{"get":{"tags":["ChangeSets"],"summary":"List change sets","description":"Common filter fields: `application_id`, `environment_id`, `status`. The\n returned `ChangeSet` records do not include entries or variable entries;\n call GetChangeSet for the full record.\n\n Scope: `app:read`","operationId":"ChangeSetAPI_ListChangeSets","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: change sets for a specific application (UUID).\n - `environment_id`: change sets for a specific environment (UUID).\n - `status`: filter by status (OPEN, DEPLOYED, DISCARDED).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'OPEN'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: change sets for a specific application (UUID).\n - `environment_id`: change sets for a specific environment (UUID).\n - `status`: filter by status (OPEN, DEPLOYED, DISCARDED).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'OPEN'`"}},{"name":"page_size","in":"query","description":"Maximum number of change sets to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of change sets to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.ListChangeSetsResponse"}}}}}},"post":{"tags":["ChangeSets"],"summary":"Create a change set","description":"Multiple change sets can be open against the same target simultaneously.\n Conflicts are detected at deploy time, not at create time.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_CreateChangeSet","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.CreateChangeSetRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.CreateChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set.id}":{"patch":{"tags":["ChangeSets"],"summary":"Update a change set","description":"Rejected when the change set is not OPEN.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_UpdateChangeSet","parameters":[{"name":"change_set.id","in":"path","description":"Unique identifier for the change set (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the change set (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The change set with updated fields. Its `id` identifies the change set;\n only fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `title`,\n `description`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateChangeSetRequest","required":["change_set"],"additionalProperties":false,"description":"UpdateChangeSetRequest updates a change set's mutable metadata."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.UpdateChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set_id}":{"get":{"tags":["ChangeSets"],"summary":"Retrieve a change set","description":"Scope: `app:read`","operationId":"ChangeSetAPI_GetChangeSet","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.GetChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set_id}/copy":{"post":{"tags":["ChangeSets"],"summary":"Copy a change set to another environment","description":"The target application is the source's application; only the environment\n can be retargeted. After copying, the resulting change set can be\n modified (entries added, removed, or rewritten) before being deployed.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_CopyChangeSet","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the source change set to copy. Accepts either the short\n ID (`cs-`) or the canonical UUID. Can be in any status.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the source change set to copy. Accepts either the short\n ID (`cs-`) or the canonical UUID. Can be in any status."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the source change set to copy. Accepts either the short\n ID (`cs-`) or the canonical UUID. Can be in any status."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment for the new change set (UUID). Must belong to\n the source change set's application."},"title":{"type":"string","title":"title","maxLength":256,"description":"Optional title override. Defaults to the source's title when empty."},"description":{"type":"string","title":"description","maxLength":4096,"description":"Optional description override. Defaults to the source's description\n when empty."}},"title":"CopyChangeSetRequest","required":["change_set_id","environment_id"],"additionalProperties":false,"description":"CopyChangeSetRequest creates a new OPEN change set by copying an existing\n one to a target environment."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.CopyChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set_id}/diff":{"get":{"tags":["ChangeSets"],"summary":"Compute a change set diff","description":"Sensitive values are never returned. Changed-but-masked entries set\n `sensitive=true` and omit `old`/`new` so the reviewer knows a change is\n present without seeing the value.\n\n Available for change sets in any status; for non-OPEN change sets the\n result reflects the diff against the env's CURRENT HEAD, not the env's\n state at the time the change set was deployed.\n\n Scope: `app:read`","operationId":"ChangeSetAPI_DiffChangeSet","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.DiffChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set_id}/discard":{"post":{"tags":["ChangeSets"],"summary":"Discard a change set","description":"Scope: `app:write`","operationId":"ChangeSetAPI_DiscardChangeSet","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set to discard. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set to discard. Accepts either the short ID\n (`cs-`) or the canonical UUID."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set to discard. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},"title":"DiscardChangeSetRequest","required":["change_set_id"],"additionalProperties":false,"description":"DiscardChangeSetRequest abandons an OPEN change set."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.DiscardChangeSetResponse"}}}}}}},"/api/v1/changesets/{change_set_id}/entries/{component_name}":{"put":{"tags":["ChangeSets"],"summary":"Add or update an entry","description":"The `change_type` field selects the operation:\n - CREATE: add a new component. Requires `catalog_item_id`. Rejects if a\n component with the same name already exists in the application.\n - UPDATE: change an existing component. The name must match an\n existing component in the application. Only non-empty optional\n fields are recorded as changes.\n - DESTROY: schedule the component for terraform destroy at deploy.\n - ORPHAN: detach from management without destroying infrastructure.\n\n Rejected when the change set is not OPEN.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_SetEntry","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},{"name":"component_name","in":"path","description":"Component name (stable identifier set at creation). Required.","required":true,"schema":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name (stable identifier set at creation). Required."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"component_name":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name (stable identifier set at creation). Required."},"change_type":{"not":{"enum":["CHANGE_SET_ENTRY_TYPE_UNSPECIFIED"]},"title":"change_type","description":"The change type.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntryType"},"catalog_item_id":{"type":["string","null"],"title":"catalog_item_id","format":"uuid","description":"The catalog item to deploy (UUID). Required for CREATE; optional for UPDATE.\n Not allowed for DESTROY/ORPHAN."},"ref":{"type":["string","null"],"title":"ref","maxLength":256,"description":"The git ref / version selector to deploy."},"values_template":{"type":["string","null"],"title":"values_template","maxLength":65536,"description":"Values template for catalog item inputs."},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Explicit dependencies (component names). Empty list clears."},"description":{"type":["string","null"],"title":"description","maxLength":1024,"description":"Optional description of the proposed change."},"target":{"title":"target","description":"Resolved placement for the component, by kind. Required for CREATE (the\n component needs a placement); for UPDATE, absent means \"no change to\n placement.\" Replaces the former per-environment target defaults.","$ref":"#/components/schemas/admiral.component.v1.ComponentTarget"}},"title":"SetEntryRequest","required":["change_set_id","component_name","change_type"],"additionalProperties":false,"description":"SetEntryRequest creates or replaces a component entry within a change set."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.SetEntryResponse"}}}}}},"delete":{"tags":["ChangeSets"],"summary":"Remove an entry","description":"Rejected when the change set is not OPEN.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_RemoveEntry","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},{"name":"component_name","in":"path","description":"Component name of the entry to remove.","required":true,"schema":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name of the entry to remove."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.RemoveEntryResponse"}}}}}}},"/api/v1/changesets/{change_set_id}/variables/{key}":{"put":{"tags":["ChangeSets"],"summary":"Set a variable","description":"To delete a variable on apply, use RemoveVariable; it writes a\n tombstone entry on the change set so the apply phase removes the key.\n\n Rejected when the change set is not OPEN.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_SetVariable","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},{"name":"key","in":"path","description":"The variable key.","required":true,"schema":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable key."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"value":{"type":"string","title":"value","minLength":1,"description":"The value to set on apply. For COMPLEX type, must be valid JSON."},"type":{"title":"type","description":"How the value should be interpreted. Defaults to STRING when unspecified.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"sensitive":{"type":"boolean","title":"sensitive","description":"When true, the value is encrypted at rest and masked in API responses."}},"title":"SetVariableRequest","required":["change_set_id","value"],"additionalProperties":false,"description":"SetVariableRequest creates or replaces a variable entry within a change set."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.SetVariableResponse"}}}}}},"delete":{"tags":["ChangeSets"],"summary":"Remove a variable on apply","description":"To withdraw the deletion intent before deploy, call SetVariable for the\n same key with the desired value (which overwrites the tombstone).\n\n Rejected when the change set is not OPEN.\n\n Scope: `app:write`","operationId":"ChangeSetAPI_RemoveVariable","parameters":[{"name":"change_set_id","in":"path","description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID.","required":true,"schema":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},{"name":"key","in":"path","description":"The variable key to remove on apply.","required":true,"schema":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable key to remove on apply."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.changeset.v1.RemoveVariableResponse"}}}}}}},"/api/v1/credentials":{"get":{"tags":["Credentials"],"summary":"List credentials","description":"Scope: `credential:read`","operationId":"CredentialAPI_ListCredentials","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by credential name.\n - `type`: filter by credential type (SSH_KEY, BASIC_AUTH, BEARER_TOKEN).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'BEARER_TOKEN'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by credential name.\n - `type`: filter by credential type (SSH_KEY, BASIC_AUTH, BEARER_TOKEN).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'BEARER_TOKEN'`"}},{"name":"page_size","in":"query","description":"Maximum number of credentials to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of credentials to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.ListCredentialsResponse"}}}}}},"post":{"tags":["Credentials"],"summary":"Create a credential","description":"The credential type and auth config must match. For example, a GIT_TOKEN\n credential requires a matching auth_config (e.g. BEARER_TOKEN → bearer_token).\n\n Scope: `credential:write`","operationId":"CredentialAPI_CreateCredential","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.CreateCredentialRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.CreateCredentialResponse"}}}}}}},"/api/v1/credentials/{credential.id}":{"patch":{"tags":["Credentials"],"summary":"Update a credential","description":"When updating auth_config, the entire auth config is replaced. Partial\n updates within the auth config oneof are not supported. Omitting auth_config\n from the update_mask leaves credentials unchanged.\n\n Scope: `credential:write`","operationId":"CredentialAPI_UpdateCredential","parameters":[{"name":"credential.id","in":"path","description":"Unique identifier for the credential (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the credential (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"credential":{"title":"credential","description":"The credential with updated fields.\n Only fields specified in `update_mask` are updated.\n\n When updating auth_config, the entire auth config is replaced.\n Omitting auth_config from the update_mask leaves credentials unchanged.","$ref":"#/components/schemas/admiral.credential.v1.Credential"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `auth_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateCredentialRequest","required":["credential"],"additionalProperties":false,"description":"UpdateCredentialRequest contains the credential fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.UpdateCredentialResponse"}}}}}}},"/api/v1/credentials/{credential_id}":{"get":{"tags":["Credentials"],"summary":"Retrieve a credential","description":"Returns credential metadata only. Sensitive fields are never included\n in the response.\n\n Scope: `credential:read`","operationId":"CredentialAPI_GetCredential","parameters":[{"name":"credential_id","in":"path","description":"The unique identifier of the credential (UUID).","required":true,"schema":{"type":"string","title":"credential_id","format":"uuid","description":"The unique identifier of the credential (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.GetCredentialResponse"}}}}}},"delete":{"tags":["Credentials"],"summary":"Delete a credential","description":"Scope: `credential:write`","operationId":"CredentialAPI_DeleteCredential","parameters":[{"name":"credential_id","in":"path","description":"The unique identifier of the credential to delete (UUID).\n Fails if any sources still reference this credential.","required":true,"schema":{"type":"string","title":"credential_id","format":"uuid","description":"The unique identifier of the credential to delete (UUID).\n Fails if any sources still reference this credential."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.credential.v1.DeleteCredentialResponse"}}}}}}},"/api/v1/environments":{"get":{"tags":["Environments"],"summary":"List environments","description":"Scope: `env:read`","operationId":"EnvironmentAPI_ListEnvironments","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: filter by parent application (UUID).\n - `name`: filter by environment name.\n - `labels.key`: filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: filter by parent application (UUID).\n - `name`: filter by environment name.\n - `labels.key`: filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`"}},{"name":"page_size","in":"query","description":"Maximum number of environments to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of environments to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.ListEnvironmentsResponse"}}}}}},"post":{"tags":["Environments"],"summary":"Create an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_CreateEnvironment","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.CreateEnvironmentRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.CreateEnvironmentResponse"}}}}}}},"/api/v1/environments/{environment.id}":{"patch":{"tags":["Environments"],"summary":"Update an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_UpdateEnvironment","parameters":[{"name":"environment.id","in":"path","description":"Unique identifier for the environment (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the environment (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"environment":{"title":"environment","description":"The environment with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.environment.v1.Environment"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateEnvironmentRequest","required":["environment"],"additionalProperties":false,"description":"UpdateEnvironmentRequest contains the environment fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.UpdateEnvironmentResponse"}}}}}}},"/api/v1/environments/{environment_id}":{"get":{"tags":["Environments"],"summary":"Retrieve an environment","description":"Scope: `env:read`","operationId":"EnvironmentAPI_GetEnvironment","parameters":[{"name":"environment_id","in":"path","description":"The unique identifier of the environment (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.GetEnvironmentResponse"}}}}}},"delete":{"tags":["Environments"],"summary":"Delete an environment","description":"Scope: `env:write`","operationId":"EnvironmentAPI_DeleteEnvironment","parameters":[{"name":"environment_id","in":"path","description":"The unique identifier of the environment to delete (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment to delete (UUID)."}},{"name":"force","in":"query","description":"When true, bypass the children-exist check and cascade-delete all\n run records (metadata only).","schema":{"type":"boolean","title":"force","description":"When true, bypass the children-exist check and cascade-delete all\n run records (metadata only)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.DeleteEnvironmentResponse"}}}}}}},"/api/v1/environments/{environment_id}/components":{"get":{"tags":["Environments"],"summary":"List components deployed to an environment","description":"Components without a SUCCEEDED revision (e.g. CREATE entries that\n failed mid-plan) still appear, with `last_revision_status` and\n `last_deployed_at` empty.\n\n Scope: `env:read`","operationId":"EnvironmentAPI_ListEnvironmentComponents","parameters":[{"name":"environment_id","in":"path","description":"The environment whose components should be listed (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The environment whose components should be listed (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.ListEnvironmentComponentsResponse"}}}}}}},"/api/v1/environments/{environment_id}/variables":{"get":{"tags":["Environments"],"summary":"List variables for an environment","description":"Sensitive variable values are masked in the response.\n\n Scope: `var:read`","operationId":"EnvironmentAPI_ListEnvironmentVariables","parameters":[{"name":"environment_id","in":"path","description":"The environment whose variables should be listed (UUID).","required":true,"schema":{"type":"string","title":"environment_id","format":"uuid","description":"The environment whose variables should be listed (UUID)."}},{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `key`: filter by variable key (supports prefix matching via ~=).\n - `sensitive`: filter by sensitivity flag.\n - `type`: filter by variable type (STRING, NUMBER, BOOLEAN, COMPLEX).\n - `source`: filter by source (USER, INFRASTRUCTURE).\n\n Example: `field['source'] = 'USER' AND field['sensitive'] = false`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `key`: filter by variable key (supports prefix matching via ~=).\n - `sensitive`: filter by sensitivity flag.\n - `type`: filter by variable type (STRING, NUMBER, BOOLEAN, COMPLEX).\n - `source`: filter by source (USER, INFRASTRUCTURE).\n\n Example: `field['source'] = 'USER' AND field['sensitive'] = false`"}},{"name":"page_size","in":"query","description":"Maximum number of variables to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of variables to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.environment.v1.ListEnvironmentVariablesResponse"}}}}}}},"/api/v1/healthcheck":{"get":{"tags":["Health"],"summary":"Check service health","description":"Healthcheck verifies that the service is running and healthy.\n Returns an empty response on success. Use this endpoint for load balancer\n health checks and monitoring systems.","operationId":"HealthcheckAPI_Healthcheck","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.healthcheck.v1.HealthcheckResponse"}}}}}}},"/api/v1/runs":{"get":{"tags":["Runs"],"summary":"List runs","description":"Common filter fields: `application_id`, `environment_id`, `status`.\n Use to view run history for an environment.\n\n Scope: `run:read`","operationId":"RunAPI_ListRuns","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: runs for a specific application (UUID).\n - `environment_id`: runs to a specific environment (UUID).\n - `status`: filter by run status (PENDING, PLANNING, APPLYING, SUCCEEDED, ...).\n - `change_set_id`: runs for a specific change set (UUID).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'SUCCEEDED'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: runs for a specific application (UUID).\n - `environment_id`: runs to a specific environment (UUID).\n - `status`: filter by run status (PENDING, PLANNING, APPLYING, SUCCEEDED, ...).\n - `change_set_id`: runs for a specific change set (UUID).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'SUCCEEDED'`"}},{"name":"page_size","in":"query","description":"Maximum number of runs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of runs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.ListRunsResponse"}}}}}},"post":{"tags":["Runs"],"summary":"Create a run","description":"The server resolves all components (with environment overrides applied),\n builds the dependency DAG, and begins rendering and executing revisions.\n\n Concurrency: only one run can be active per application+environment\n at a time. If a run is already in an active state (PENDING, QUEUED,\n PLANNING, PLANNED, or APPLYING), the new run is queued and will start\n automatically when the current run completes or is canceled.\n\n Scope: `run:write`","operationId":"RunAPI_CreateRun","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.CreateRunRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.CreateRunResponse"}}}}}}},"/api/v1/runs/{run_id}":{"get":{"tags":["Runs"],"summary":"Retrieve a run","description":"Scope: `run:read`","operationId":"RunAPI_GetRun","parameters":[{"name":"run_id","in":"path","description":"Identifier of the run. Either a UUID or a `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run. Either a UUID or a `run-` display ID."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.GetRunResponse"}}}}}}},"/api/v1/runs/{run_id}/apply":{"post":{"tags":["Runs"],"summary":"Apply a planned run","description":"Scope: `run:write`","operationId":"RunAPI_ApplyRun","parameters":[{"name":"run_id","in":"path","description":"Identifier of the run to apply. UUID or `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to apply. UUID or `run-` display ID."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to apply. UUID or `run-` display ID."},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing the apply (e.g., \"Approved by @martin\")."}},"title":"ApplyRunRequest","required":["run_id"],"additionalProperties":false,"description":"ApplyRunRequest transitions a planned run to apply phase."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.ApplyRunResponse"}}}}}}},"/api/v1/runs/{run_id}/cancel":{"post":{"tags":["Runs"],"summary":"Cancel a run","description":"Scope: `run:write`","operationId":"RunAPI_CancelRun","parameters":[{"name":"run_id","in":"path","description":"Identifier of the run to cancel. UUID or `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to cancel. UUID or `run-` display ID."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to cancel. UUID or `run-` display ID."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Optional reason for cancellation."}},"title":"CancelRunRequest","required":["run_id"],"additionalProperties":false,"description":"CancelRunRequest cancels an in-progress run."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.CancelRunResponse"}}}}}}},"/api/v1/runs/{run_id}/revisions":{"get":{"tags":["Run Revisions"],"summary":"List revisions","description":"Scope: `run:read`","operationId":"RunAPI_ListRevisions","parameters":[{"name":"run_id","in":"path","description":"Identifier of the run. UUID or `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run. UUID or `run-` display ID."}},{"name":"page_size","in":"query","description":"Maximum number of revisions to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of revisions to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.ListRevisionsResponse"}}}}}}},"/api/v1/runs/{run_id}/revisions/{revision_id}":{"get":{"tags":["Run Revisions"],"summary":"Retrieve a revision","description":"Scope: `run:read`","operationId":"RunAPI_GetRevision","parameters":[{"name":"run_id","in":"path","description":"The run. UUID or `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"The run. UUID or `run-` display ID."}},{"name":"revision_id","in":"path","description":"The revision (UUID).","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.GetRevisionResponse"}}}}}}},"/api/v1/runs/{run_id}/revisions/{revision_id}/retry":{"post":{"tags":["Run Revisions"],"summary":"Retry a revision","description":"Scope: `run:write`","operationId":"RunAPI_RetryRevision","parameters":[{"name":"run_id","in":"path","description":"The run. UUID or `run-` display ID.","required":true,"schema":{"type":"string","title":"run_id","minLength":1,"description":"The run. UUID or `run-` display ID."}},{"name":"revision_id","in":"path","description":"The revision to retry (UUID). Must be in FAILED status.","required":true,"schema":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"The run. UUID or `run-` display ID."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}},"title":"RetryRevisionRequest","required":["run_id","revision_id"],"additionalProperties":false,"description":"RetryRevisionRequest retries a failed revision."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.run.v1.RetryRevisionResponse"}}}}}}},"/api/v1/sources":{"get":{"tags":["Sources"],"summary":"List sources","description":"Scope: `source:read`","operationId":"SourceAPI_ListSources","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by source name.\n - `type`: filter by source type (GIT, TERRAFORM, HELM, OCI, HTTP).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'TERRAFORM' AND field['labels.team'] = 'platform'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by source name.\n - `type`: filter by source type (GIT, TERRAFORM, HELM, OCI, HTTP).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'TERRAFORM' AND field['labels.team'] = 'platform'`"}},{"name":"page_size","in":"query","description":"Maximum number of sources to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of sources to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.ListSourcesResponse"}}}}}},"post":{"tags":["Sources"],"summary":"Create a source","description":"The source type and source_config must match. For example, a\n TERRAFORM source requires a TerraformConfig.\n\n Scope: `source:write`","operationId":"SourceAPI_CreateSource","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.CreateSourceRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.CreateSourceResponse"}}}}}}},"/api/v1/sources/{source.id}":{"patch":{"tags":["Sources"],"summary":"Update a source","description":"Scope: `source:write`","operationId":"SourceAPI_UpdateSource","parameters":[{"name":"source.id","in":"path","description":"Unique identifier for the source (UUID).","required":true,"schema":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the source (UUID).","readOnly":true}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"source":{"title":"source","description":"The source with updated fields. Only fields specified in `update_mask`\n are updated.","$ref":"#/components/schemas/admiral.source.v1.Source"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `url`, `credential_id`, `source_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateSourceRequest","required":["source"],"additionalProperties":false,"description":"UpdateSourceRequest contains the source fields to update."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.UpdateSourceResponse"}}}}}}},"/api/v1/sources/{source_id}":{"get":{"tags":["Sources"],"summary":"Retrieve a source","description":"Scope: `source:read`","operationId":"SourceAPI_GetSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.GetSourceResponse"}}}}}},"delete":{"tags":["Sources"],"summary":"Delete a source","description":"Scope: `source:write`","operationId":"SourceAPI_DeleteSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to delete (UUID).\n Fails if any components still reference this source.","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to delete (UUID).\n Fails if any components still reference this source."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.DeleteSourceResponse"}}}}}}},"/api/v1/sources/{source_id}/test":{"post":{"tags":["Sources"],"summary":"Test a source","description":"A credential in isolation cannot be meaningfully tested. A GitHub PAT is\n just a string until a target URL is known. TestSource is where the\n \"attach credential, verify it works\" flow lives.\n\n This operation queries the external system in real time and may take\n several seconds.\n\n Scope: `source:write`","operationId":"SourceAPI_TestSource","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to test (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to test (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to test (UUID)."}},"title":"TestSourceRequest","required":["source_id"],"additionalProperties":false,"description":"TestSourceRequest identifies a source to test."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.TestSourceResponse"}}}}}}},"/api/v1/sources/{source_id}/versions":{"get":{"tags":["Sources"],"summary":"List source versions","description":"For Terraform registry sources, this calls the Module Registry Protocol's\n version listing endpoint. For Helm repositories, it parses the index.yaml.\n For OCI sources, it lists tags. For Git sources, it lists branches and\n tags via ls-remote, each annotated with the commit it currently resolves\n to.\n\n This operation queries the external system in real time and may take\n several seconds.\n\n Scope: `source:read`","operationId":"SourceAPI_ListSourceVersions","parameters":[{"name":"source_id","in":"path","description":"Unique identifier of the source to query versions for (UUID).","required":true,"schema":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to query versions for (UUID)."}},{"name":"page_size","in":"query","description":"Maximum number of versions to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token for fetching additional versions.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token for fetching additional versions."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.source.v1.ListSourceVersionsResponse"}}}}}}},"/api/v1/user/me":{"get":{"tags":["User"],"summary":"Retrieve current user profile","description":"Scope: any authenticated token (no specific scope required).","operationId":"UserAPI_GetMe","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetMeResponse"}}}}}}},"/api/v1/user/tokens":{"get":{"tags":["Personal Access Tokens"],"summary":"List personal access tokens","description":"Scope: `token:read`","operationId":"UserAPI_ListPersonalAccessTokens","parameters":[{"name":"filter","in":"query","description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`","schema":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"}},{"name":"page_size","in":"query","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100.","schema":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."}},{"name":"page_token","in":"query","description":"Opaque pagination token from a previous response.","schema":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.ListPersonalAccessTokensResponse"}}}}}},"post":{"tags":["Personal Access Tokens"],"summary":"Create a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_CreatePersonalAccessToken","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.CreatePersonalAccessTokenRequest"}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.CreatePersonalAccessTokenResponse"}}}}}}},"/api/v1/user/tokens/{token_id}":{"get":{"tags":["Personal Access Tokens"],"summary":"Retrieve a personal access token","description":"Scope: `token:read`","operationId":"UserAPI_GetPersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetPersonalAccessTokenResponse"}}}}}},"patch":{"tags":["Personal Access Tokens"],"summary":"Update a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_UpdatePersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token to update (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."},"name":{"type":["string","null"],"title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"New name for the token. Must follow the same naming rules as creation.\n Omit to leave the name unchanged."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"New scopes for the token. Replaces all existing scopes.\n The server enforces that issued scopes are a subset of the caller's own\n scopes. A token cannot grant more access than the user holds.\n Omit to leave scopes unchanged."}},"title":"UpdatePersonalAccessTokenRequest","required":["token_id"],"additionalProperties":false,"description":"UpdatePersonalAccessTokenRequest contains the fields to update on a PAT.\n Only provided fields are updated; omitted fields remain unchanged."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.UpdatePersonalAccessTokenResponse"}}}}}}},"/api/v1/user/tokens/{token_id}/revoke":{"post":{"tags":["Personal Access Tokens"],"summary":"Revoke a personal access token","description":"Scope: `token:write`","operationId":"UserAPI_RevokePersonalAccessToken","parameters":[{"name":"token_id","in":"path","description":"The unique identifier of the token to revoke (UUID).","required":true,"schema":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokePersonalAccessTokenRequest","required":["token_id"],"additionalProperties":false,"description":"RevokePersonalAccessTokenRequest identifies a PAT to revoke."}}},"required":true},"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.RevokePersonalAccessTokenResponse"}}}}}}},"/api/v1/users/{user_id}":{"get":{"tags":["User"],"summary":"Retrieve a user by ID","description":"Scope: `user:read`","operationId":"UserAPI_GetUser","parameters":[{"name":"user_id","in":"path","description":"The unique identifier of the user (UUID).","required":true,"schema":{"type":"string","title":"user_id","format":"uuid","description":"The unique identifier of the user (UUID)."}}],"responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/admiral.user.v1.GetUserResponse"}}}}}}},"/api/v1/state/{component_id}/env/{environment_id}":{"parameters":[{"name":"component_id","in":"path","required":true,"description":"The infrastructure component (UUID).","schema":{"type":"string","format":"uuid"}},{"name":"environment_id","in":"path","required":true,"description":"The environment the state is scoped to (UUID).","schema":{"type":"string","format":"uuid"}}],"get":{"tags":["State Backend"],"summary":"Fetch current Terraform state","description":"Returns the current `.tfstate` document for the component+environment, or 204 when no state exists yet. Maps to the Terraform HTTP backend GET. Authenticate with a PAT/SAT (HTTP Basic password or Bearer token); requires the `state:read` scope.","responses":{"200":{"description":"The current Terraform state document.","content":{"application/json":{"schema":{"type":"object","additionalProperties":true}}}},"204":{"description":"No state exists yet."},"401":{"description":"Unauthorized."},"404":{"description":"Component or environment not found."}}},"post":{"tags":["State Backend"],"summary":"Push Terraform state","description":"Stores a new state version; the body is the full `.tfstate` document. Maps to the Terraform HTTP backend POST. Authenticate with a PAT/SAT; requires the `state:write` scope.","parameters":[{"name":"ID","in":"query","required":false,"description":"The held lock ID, when the state is locked.","schema":{"type":"string","format":"uuid"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","additionalProperties":true}}}},"responses":{"200":{"description":"State stored."},"400":{"description":"Invalid state document."},"413":{"description":"State document too large."},"423":{"description":"State is locked by a different lock ID.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/StateLockInfo"}}}}}}},"/api/v1/state/{component_id}/env/{environment_id}/lock":{"description":"Locks and unlocks the component+environment state using Terraform's custom `LOCK` and `UNLOCK` HTTP methods (which OpenAPI cannot express as operations) with a `StateLockInfo` body. Returns 200 on success or 423 (with the currently-held `StateLockInfo`) on conflict. Authenticate with a PAT/SAT; requires the `state:write` scope.","parameters":[{"name":"component_id","in":"path","required":true,"schema":{"type":"string","format":"uuid"}},{"name":"environment_id","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}]}},"components":{"schemas":{"admiral.agent.v1.ActiveJobInfo":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job being executed (UUID)."},"phase":{"title":"phase","description":"Current execution phase reported by the worker thread.","$ref":"#/components/schemas/admiral.agent.v1.JobPhase"},"started_at":{"title":"started_at","description":"When execution of this job started (when the agent claimed it).","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ActiveJobInfo","additionalProperties":false,"description":"ActiveJobInfo summarizes a job currently being executed by a TERRAFORM agent\n instance. Included in TerraformAgentStatus to provide real-time job progress."},"admiral.agent.v1.Agent":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the agent (UUID).","readOnly":true},"kind":{"title":"kind","description":"(IMMUTABLE) The execution plane this agent serves. Set at creation and immutable\n (CreateAgentRequest.kind carries the not_in:[0] requirement). Not validated\n here so a partial Agent in UpdateAgentRequest (which omits kind) passes.","$ref":"#/components/schemas/admiral.agent.v1.AgentKind"},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-terraform\" or \"prod-us-east-1\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must start\n with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the agent's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering agents\n (e.g., `{\"cloud\": \"aws\", \"team\": \"platform\"}`)."},"health_status":{"title":"health_status","description":"Derived health status based on reporting recency and kind-specific signals.","readOnly":true,"$ref":"#/components/schemas/admiral.agent.v1.AgentHealthStatus"},"cluster_uid":{"type":"string","title":"cluster_uid","description":"(KUBERNETES only) The Kubernetes kube-system namespace UID, bound at agent\n registration using a first-write-wins strategy. Used to detect when a token\n is accidentally deployed to a different physical cluster. Empty for TERRAFORM\n agents.","readOnly":true},"created_by":{"title":"created_by","description":"The user or agent who created this agent (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the agent record was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the agent record was last updated via UpdateAgent. Reports/heartbeats\n do not bump this field; liveness is exposed separately via GetAgentStatus\n and health_status.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Agent","additionalProperties":false,"description":"Agent represents a registered execution agent within a tenant. The `kind`\n selects its execution plane: TERRAFORM agents claim and execute infrastructure\n jobs; KUBERNETES agents report Kubernetes telemetry and apply manifest revisions."},"admiral.agent.v1.Agent.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.agent.v1.AgentHealthStatus":{"type":"string","title":"AgentHealthStatus","enum":["AGENT_HEALTH_STATUS_UNSPECIFIED","AGENT_HEALTH_STATUS_PENDING","AGENT_HEALTH_STATUS_HEALTHY","AGENT_HEALTH_STATUS_DEGRADED","AGENT_HEALTH_STATUS_ERROR","AGENT_HEALTH_STATUS_UNREACHABLE"],"description":"AgentHealthStatus represents the derived health state of an agent. The status\n is computed from reporting recency and kind-specific signals (capacity for\n TERRAFORM; node readiness and workload health for KUBERNETES). The ERROR state is\n only emitted by KUBERNETES agents."},"admiral.agent.v1.AgentKind":{"type":"string","title":"AgentKind","enum":["AGENT_KIND_UNSPECIFIED","AGENT_KIND_TERRAFORM","AGENT_KIND_KUBERNETES"],"description":"AgentKind names the execution contract an agent serves, by its canonical tool.\n The engine is a sub-axis within a kind (TERRAFORM runs terraform/tofu;\n KUBERNETES runs helm/kustomize/raw), so a new tool is a new value, not a refactor."},"admiral.agent.v1.ApplicationRef":{"type":"object","properties":{"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace of the Application."},"name":{"type":"string","title":"name","description":"Application name."}},"title":"ApplicationRef","additionalProperties":false,"description":"ApplicationRef is a lightweight (namespace, name) reference to an Admiral\n Application, used to tag workload metrics with their owning Application."},"admiral.agent.v1.ClaimJobRequest":{"type":"object","title":"ClaimJobRequest","additionalProperties":false,"description":"ClaimJobRequest is sent by a TERRAFORM agent to poll for available work. The\n agent is identified by the SAT's binding; no agent_id is required."},"admiral.agent.v1.ClaimJobResponse":{"type":"object","properties":{"job":{"title":"job","description":"The job to execute. Absent if no work is available; the agent should wait and\n poll again after its configured interval.","$ref":"#/components/schemas/admiral.agent.v1.Job"}},"title":"ClaimJobResponse","additionalProperties":false,"description":"ClaimJobResponse contains the next job to execute, if any."},"admiral.agent.v1.ClearAgentIdentityBindingRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The Admiral agent record ID (UUID), not the kube-system UID."},"reason":{"type":"string","title":"reason","minLength":1,"description":"Free-text audit reason for the rebind (e.g. \"DR rebuild 2026-05-30\")."},"grace_window":{"title":"grace_window","description":"How long the grace window stays open. Defaults to 1h server-side if unset.","$ref":"#/components/schemas/google.protobuf.Duration"}},"title":"ClearAgentIdentityBindingRequest","required":["agent_id"],"additionalProperties":false,"description":"ClearAgentIdentityBindingRequest opens a rebind grace window for a KUBERNETES\n agent."},"admiral.agent.v1.ClearAgentIdentityBindingResponse":{"type":"object","properties":{"accepted":{"type":"boolean","title":"accepted","description":"Whether the rebind grace window was opened."},"expires_at":{"title":"expires_at","description":"When the grace window expires.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ClearAgentIdentityBindingResponse","additionalProperties":false,"description":"ClearAgentIdentityBindingResponse acknowledges the rebind window."},"admiral.agent.v1.Condition":{"type":"object","properties":{"type":{"type":"string","title":"type","description":"Condition type (e.g., \"Ready\", \"Healthy\")."},"status":{"type":"string","title":"status","description":"Condition status: \"True\", \"False\", or \"Unknown\"."},"observed_generation":{"type":["integer","string"],"title":"observed_generation","format":"int64","description":"The .metadata.generation the condition was set against."},"reason":{"type":"string","title":"reason","description":"Short machine-readable reason for the condition's last transition."},"message":{"type":"string","title":"message","description":"Human-readable detail for the condition's last transition."},"last_transition_time":{"title":"last_transition_time","description":"When the condition last transitioned.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Condition","additionalProperties":false,"description":"Condition mirrors the standard Kubernetes condition shape, carried explicitly\n so the wire shape stays stable across SDK versions."},"admiral.agent.v1.ContainerStatus":{"type":"object","properties":{"name":{"type":"string","title":"name","description":"Container name within the pod spec."},"image":{"type":"string","title":"image","description":"Container image reference (e.g., \"registry.example.com/api:v2.1.4\")."},"restart_count":{"type":"integer","title":"restart_count","format":"int32","description":"Cumulative number of container restarts."},"state":{"type":"string","title":"state","description":"Current container state (e.g., \"running\", \"waiting\", \"terminated\")."},"ready":{"type":"boolean","title":"ready","description":"Whether the container's readiness probe is passing."}},"title":"ContainerStatus","additionalProperties":false,"description":"ContainerStatus describes the current state of a single container."},"admiral.agent.v1.CreateAgentRequest":{"type":"object","properties":{"kind":{"not":{"enum":["AGENT_KIND_UNSPECIFIED"]},"title":"kind","description":"The execution plane this agent serves (TERRAFORM or KUBERNETES). Selects the\n SAT's auto-assigned scopes and is immutable.","$ref":"#/components/schemas/admiral.agent.v1.AgentKind"},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod-terraform\"). Unique within\n the tenant. Lowercase alphanumeric and hyphens only, must start with a\n letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the agent's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering agents."}},"title":"CreateAgentRequest","required":["kind","name"],"additionalProperties":false,"description":"CreateAgentRequest contains the parameters for creating a new agent."},"admiral.agent.v1.CreateAgentRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.agent.v1.CreateAgentResponse":{"type":"object","properties":{"agent":{"title":"agent","description":"The created agent. Health status will be PENDING until it begins reporting.","$ref":"#/components/schemas/admiral.agent.v1.Agent"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw Service Access Token secret (e.g., \"adms_pL2mN5oQ8rS1...\"). Shown\n exactly once and cannot be retrieved again. Deploy this token to the agent\n binary for authentication. For additional tokens, use CreateAgentToken."}},"title":"CreateAgentResponse","additionalProperties":false,"description":"CreateAgentResponse contains the newly created agent and its initial SAT."},"admiral.agent.v1.CreateAgentTokenRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent to bind this token to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"prod-agent-key\").\n Unique within the agent's tokens. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreateAgentTokenRequest","required":["agent_id","name"],"additionalProperties":false,"description":"CreateAgentTokenRequest contains the parameters for creating a new SAT bound to\n an agent."},"admiral.agent.v1.CreateAgentTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The created token metadata. Scopes are auto-assigned from the agent's kind.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw token secret. Shown exactly once and cannot be retrieved again."}},"title":"CreateAgentTokenResponse","additionalProperties":false,"description":"CreateAgentTokenResponse contains the newly created SAT."},"admiral.agent.v1.DeleteAgentRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent to delete (UUID). All associated service\n access tokens will be revoked."}},"title":"DeleteAgentRequest","required":["agent_id"],"additionalProperties":false,"description":"DeleteAgentRequest identifies an agent to delete."},"admiral.agent.v1.DeleteAgentResponse":{"type":"object","title":"DeleteAgentResponse","additionalProperties":false,"description":"DeleteAgentResponse is empty on success."},"admiral.agent.v1.Engine":{"type":"string","title":"Engine","enum":["ENGINE_UNSPECIFIED","ENGINE_TERRAFORM","ENGINE_TOFU"],"description":"Engine identifies which infrastructure-as-code binary executes the job.\n Deliberately narrow: only the terraform-semantic engines Admiral manages as\n first-class citizens. Wrapper tools (e.g., terragrunt) and non-terraform-\n semantic engines (Pulumi, CDK) are intentionally out of scope; users shell\n out to them via hooks if needed."},"admiral.agent.v1.GetAgentRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent (UUID)."}},"title":"GetAgentRequest","required":["agent_id"],"additionalProperties":false,"description":"GetAgentRequest identifies an agent to retrieve."},"admiral.agent.v1.GetAgentResponse":{"type":"object","properties":{"agent":{"title":"agent","description":"The retrieved agent, including its server-derived health_status.","$ref":"#/components/schemas/admiral.agent.v1.Agent"}},"title":"GetAgentResponse","additionalProperties":false,"description":"GetAgentResponse contains the agent record."},"admiral.agent.v1.GetAgentStatusRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The unique identifier of the agent (UUID)."}},"title":"GetAgentStatusRequest","required":["agent_id"],"additionalProperties":false,"description":"GetAgentStatusRequest identifies an agent whose status to retrieve."},"admiral.agent.v1.GetAgentStatusResponse":{"type":"object","allOf":[{"properties":{"health_status":{"title":"health_status","description":"Server-derived health status based on reporting recency and kind signals.","$ref":"#/components/schemas/admiral.agent.v1.AgentHealthStatus"},"reported_at":{"title":"reported_at","description":"When the latest report was received.","$ref":"#/components/schemas/google.protobuf.Timestamp"}}},{"oneOf":[{"type":"object","properties":{"kubernetes":{"title":"kubernetes","description":"Cluster telemetry snapshot for a KUBERNETES agent.","$ref":"#/components/schemas/admiral.agent.v1.KubernetesAgentStatus"}},"title":"kubernetes","required":["kubernetes"]},{"type":"object","properties":{"terraform":{"title":"terraform","description":"Capacity snapshot for a TERRAFORM agent.","$ref":"#/components/schemas/admiral.agent.v1.TerraformAgentStatus"}},"title":"terraform","required":["terraform"]}]}],"title":"GetAgentStatusResponse","additionalProperties":false,"description":"GetAgentStatusResponse contains the server-derived health status and the latest\n kind-specific status snapshot. If the agent has not reported yet, health_status\n will be PENDING and status will be absent."},"admiral.agent.v1.GetAgentTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}},"title":"GetAgentTokenRequest","required":["token_id"],"additionalProperties":false,"description":"GetAgentTokenRequest identifies an agent SAT to retrieve. Token IDs are globally\n unique; the server resolves the parent agent from the token ID."},"admiral.agent.v1.GetAgentTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata. The token secret is never included.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"GetAgentTokenResponse","additionalProperties":false,"description":"GetAgentTokenResponse contains the requested agent SAT metadata."},"admiral.agent.v1.GetJobBundleRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job to fetch the bundle for (UUID)."}},"title":"GetJobBundleRequest","required":["job_id"],"additionalProperties":false,"description":"GetJobBundleRequest identifies a job whose artifact bundle to fetch."},"admiral.agent.v1.GetJobBundleResponse":{"type":"object","properties":{"bundle":{"title":"bundle","description":"The artifact bundle with everything needed to execute the operation.","$ref":"#/components/schemas/admiral.agent.v1.JobBundle"}},"title":"GetJobBundleResponse","additionalProperties":false,"description":"GetJobBundleResponse contains the rendered artifacts for execution."},"admiral.agent.v1.GetRevisionBundleRequest":{"type":"object","properties":{"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to fetch the bundle for (UUID)."}},"title":"GetRevisionBundleRequest","required":["revision_id"],"additionalProperties":false,"description":"GetRevisionBundleRequest identifies a revision whose artifact bundle to fetch."},"admiral.agent.v1.GetRevisionBundleResponse":{"type":"object","properties":{"bundle":{"title":"bundle","description":"The artifact bundle with everything needed to apply the workload.","$ref":"#/components/schemas/admiral.agent.v1.RevisionBundle"}},"title":"GetRevisionBundleResponse","additionalProperties":false,"description":"GetRevisionBundleResponse contains the rendered manifests for the revision."},"admiral.agent.v1.GetWorkloadRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) the workload belongs to (UUID)."},"workload_id":{"type":"string","title":"workload_id","format":"uuid","description":"The workload to retrieve (UUID)."}},"title":"GetWorkloadRequest","required":["agent_id","workload_id"],"additionalProperties":false,"description":"GetWorkloadRequest identifies a workload to retrieve with full detail."},"admiral.agent.v1.GetWorkloadResponse":{"type":"object","properties":{"workload":{"title":"workload","description":"The workload with full detail.","$ref":"#/components/schemas/admiral.agent.v1.Workload"}},"title":"GetWorkloadResponse","additionalProperties":false,"description":"GetWorkloadResponse contains the workload with full detail."},"admiral.agent.v1.HeartbeatRequest":{"type":"object","properties":{"status":{"title":"status","description":"Current capacity and telemetry metrics.","$ref":"#/components/schemas/admiral.agent.v1.TerraformAgentStatus"},"instance_id":{"type":"string","title":"instance_id","format":"uuid","description":"Random UUID generated at process startup to distinguish multiple agent\n instances sharing the same SAT. The server tracks heartbeats per instance and\n aggregates capacity across instances. Not persisted across restarts."}},"title":"HeartbeatRequest","required":["status"],"additionalProperties":false,"description":"HeartbeatRequest contains a TERRAFORM agent's alive signal and current capacity.\n The agent is identified by the SAT's binding; no agent_id is required."},"admiral.agent.v1.HeartbeatResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the heartbeat was accepted."},"next_heartbeat_seconds":{"type":"integer","title":"next_heartbeat_seconds","format":"int32","description":"Server-controlled interval (seconds) before the next heartbeat."}},"title":"HeartbeatResponse","additionalProperties":false,"description":"HeartbeatResponse acknowledges the heartbeat."},"admiral.agent.v1.Hook":{"type":"object","properties":{"script":{"type":"string","title":"script","maxLength":65536,"minLength":1,"description":"The script body to execute, passed to the selected interpreter. The agent\n closes stdin (/dev/null) so interactive prompts cannot block execution."},"timeout_seconds":{"type":"integer","title":"timeout_seconds","maximum":3600,"minimum":0,"format":"int32","description":"Per-script timeout in seconds. If 0, the agent applies its built-in default\n (currently 300s). A hook that exceeds its timeout is killed and fails."},"name":{"type":"string","title":"name","maxLength":128,"description":"Optional human-friendly name used in log lines (e.g., \"vault-login\"). Not\n required to be unique."},"interpreter":{"not":{"enum":["HOOK_INTERPRETER_UNSPECIFIED"]},"title":"interpreter","description":"Required. Which interpreter runs `script`. Server populates from the hook\n config; UNSPECIFIED is rejected.","$ref":"#/components/schemas/admiral.agent.v1.HookInterpreter"}},"title":"Hook","additionalProperties":false,"description":"Hook is a single script hook delivered with a JobBundle. Scripts are inlined by\n the server; the agent never fetches them from elsewhere."},"admiral.agent.v1.HookInterpreter":{"type":"string","title":"HookInterpreter","enum":["HOOK_INTERPRETER_UNSPECIFIED","HOOK_INTERPRETER_BASH"],"description":"HookInterpreter selects which language the agent uses to execute a hook's\n script body. Deliberately narrow today; the enum exists primarily as forward\n plumbing so non-shell interpreters (Python, Node, etc.) can be added without a\n breaking change. Server-side SetDefaults() applies HOOK_INTERPRETER_BASH when a\n hook is created with the field unset; UNSPECIFIED on the wire is rejected."},"admiral.agent.v1.Hooks":{"type":"object","properties":{"before_init":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"before_init","description":"Scripts to run before the init phase. Fail-fast."},"after_init":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"after_init","description":"Scripts to run after init succeeded. Run-all; skipped if init failed."},"before_plan":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"before_plan","description":"Scripts to run before the plan phase. Fail-fast."},"after_plan":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"after_plan","description":"Scripts to run after plan succeeded. Run-all; skipped if plan failed."},"before_apply":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"before_apply","description":"Scripts to run before the apply phase. Fail-fast."},"after_apply":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"after_apply","description":"Scripts to run after apply succeeded. Run-all; skipped if apply failed."},"after_run":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Hook"},"title":"after_run","description":"Scripts to run after the job completes, regardless of outcome. Always\n executed (finally-semantics). Run-all."}},"title":"Hooks","additionalProperties":false,"description":"Hooks groups the seven lifecycle extension points. Scripts within a list run in\n list order. Failure behavior differs by phase:\n - `before_*` hooks are fail-fast: the first non-zero exit aborts the phase.\n - `after_*` hooks run ONLY when the corresponding engine command succeeded;\n they are run-all (individual failures are logged, not fatal).\n - `after_run` always runs (the agent's `finally`). Also run-all."},"admiral.agent.v1.Job":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the job (UUID)."},"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent this job is assigned to (UUID)."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision this job belongs to (UUID)."},"run_id":{"type":"string","title":"run_id","format":"uuid","description":"The run this job belongs to (UUID). Denormalized for convenience."},"job_type":{"title":"job_type","description":"The type of infrastructure operation to execute.","$ref":"#/components/schemas/admiral.agent.v1.JobType"},"status":{"title":"status","description":"Current lifecycle status of the job.","$ref":"#/components/schemas/admiral.agent.v1.JobStatus"},"started_at":{"title":"started_at","description":"When the agent started executing the job.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"completed_at":{"title":"completed_at","description":"When the job finished (succeeded, failed, or canceled).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_at":{"title":"created_at","description":"When the job was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Job","additionalProperties":false,"description":"Job represents an infrastructure execution job assigned to a TERRAFORM agent.\n Jobs bridge the Run/Revision system and the agent execution plane."},"admiral.agent.v1.JobBundle":{"type":"object","properties":{"artifact_url":{"type":"string","title":"artifact_url","description":"Signed URL to download the rendered artifact bundle (tar.gz of the rendered\n infrastructure source tree). Time-limited."},"artifact_checksum":{"type":"string","title":"artifact_checksum","description":"SHA-256 checksum of the artifact bundle for integrity verification."},"variables":{"type":"object","title":"variables","additionalProperties":{"type":"string","title":"value"},"description":"Resolved variable values written to the workspace as an auto-loaded tfvars\n file. Sensitive values are included (the agent is a trusted execution\n context). Encoding contract: the agent writes the map verbatim as HCL\n `key = value` lines; the server produces the correct HCL literal per type."},"provider_configs":{"type":"object","title":"provider_configs","additionalProperties":{"type":"string","title":"value"},"description":"Provider configuration blocks (JSON-encoded). Keys are provider names, values\n are JSON objects with provider config."},"backend_config":{"type":"string","title":"backend_config","description":"Backend configuration (JSON-encoded). Contains the backend type and its\n configuration for state storage. Engine-agnostic in shape."},"engine":{"not":{"enum":["ENGINE_UNSPECIFIED"]},"title":"engine","description":"Required. The infrastructure-as-code engine the agent should execute. Server\n populates from the catalog item's declared engine; UNSPECIFIED is rejected.","$ref":"#/components/schemas/admiral.agent.v1.Engine"},"engine_version":{"type":"string","title":"engine_version","description":"Version of the selected engine (e.g., \"1.7.5\"). Empty means the agent uses\n its pre-installed default. When set, the agent writes the appropriate version\n file so tfenv/tofuenv dispatches to the matching binary. If it cannot provide\n the requested version, the job fails fast; the server does not re-route."},"working_directory":{"type":"string","title":"working_directory","description":"Subdirectory within the extracted archive where the executor should run\n (e.g., \"modules/cloudsql\"). Empty means the archive root. The broader tree is\n preserved so relative module references resolve."},"plan_file_url":{"type":"string","title":"plan_file_url","description":"(Apply/destroy-apply jobs only) URL to download the binary plan file produced\n by the preceding plan job, passed to `apply ` so the exact reviewed\n plan is applied. Empty for plan jobs."},"hooks":{"title":"hooks","description":"Shell-script hooks that run before and after each engine phase. The agent\n invokes each hook via its selected interpreter in the execution directory.","$ref":"#/components/schemas/admiral.agent.v1.Hooks"}},"title":"JobBundle","additionalProperties":false,"description":"JobBundle contains everything a TERRAFORM agent needs to execute an\n infrastructure operation. Fetched separately from ClaimJob to keep the claim\n response light."},"admiral.agent.v1.JobBundle.ProviderConfigsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"ProviderConfigsEntry","additionalProperties":false},"admiral.agent.v1.JobBundle.VariablesEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"VariablesEntry","additionalProperties":false},"admiral.agent.v1.JobPhase":{"type":"string","title":"JobPhase","enum":["JOB_PHASE_UNSPECIFIED","JOB_PHASE_INITIALIZING","JOB_PHASE_PLANNING","JOB_PHASE_APPLYING","JOB_PHASE_FINALIZING"],"description":"JobPhase represents the current execution phase of a job as reported by the\n TERRAFORM agent's worker thread. Used in heartbeat payloads to give the server\n visibility into job progress between ClaimJob and ReportJobResult."},"admiral.agent.v1.JobStatus":{"type":"string","title":"JobStatus","enum":["JOB_STATUS_UNSPECIFIED","JOB_STATUS_PENDING","JOB_STATUS_ASSIGNED","JOB_STATUS_RUNNING","JOB_STATUS_SUCCEEDED","JOB_STATUS_FAILED","JOB_STATUS_CANCELED"],"description":"JobStatus represents the lifecycle state of a TERRAFORM agent job."},"admiral.agent.v1.JobType":{"type":"string","title":"JobType","enum":["JOB_TYPE_UNSPECIFIED","JOB_TYPE_PLAN","JOB_TYPE_APPLY","JOB_TYPE_DESTROY_PLAN","JOB_TYPE_DESTROY_APPLY"],"description":"JobType identifies the kind of infrastructure operation a job executes. The\n concrete engine (Terraform or OpenTofu) is selected per job via\n JobBundle.engine; the semantics of each type are identical across engines."},"admiral.agent.v1.KubernetesAgentStatus":{"type":"object","properties":{"k8s_version":{"type":"string","title":"k8s_version","description":"Kubernetes version reported by the agent (e.g., \"1.29.2\")."},"node_count":{"type":"integer","title":"node_count","format":"int32","description":"Total number of nodes in the cluster."},"nodes_ready":{"type":"integer","title":"nodes_ready","format":"int32","description":"Number of nodes in Ready condition."},"pod_capacity":{"type":"integer","title":"pod_capacity","format":"int32","description":"Maximum number of pods the cluster can schedule."},"pod_count":{"type":"integer","title":"pod_count","format":"int32","description":"Total number of pods across all namespaces."},"pods_running":{"type":"integer","title":"pods_running","format":"int32","description":"Number of pods in Running phase."},"pods_pending":{"type":"integer","title":"pods_pending","format":"int32","description":"Number of pods in Pending phase."},"pods_failed":{"type":"integer","title":"pods_failed","format":"int32","description":"Number of pods in Failed phase."},"cpu_capacity_millicores":{"type":["integer","string"],"title":"cpu_capacity_millicores","format":"int64","description":"Total CPU capacity across all nodes, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all nodes, in millicores."},"memory_capacity_bytes":{"type":["integer","string"],"title":"memory_capacity_bytes","format":"int64","description":"Total memory capacity across all nodes, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all nodes, in bytes."},"workloads_total":{"type":"integer","title":"workloads_total","format":"int32","description":"Total number of tracked workloads."},"workloads_healthy":{"type":"integer","title":"workloads_healthy","format":"int32","description":"Number of workloads in healthy state."},"workloads_degraded":{"type":"integer","title":"workloads_degraded","format":"int32","description":"Number of workloads in degraded state."},"workloads_error":{"type":"integer","title":"workloads_error","format":"int32","description":"Number of workloads in error state."},"metrics_available":{"type":"boolean","title":"metrics_available","description":"Whether the metrics.k8s.io API is available in this cluster. When false,\n per-workload CPU/memory collection is disabled and the UI can surface an\n \"install metrics-server\" affordance."},"namespace_count":{"type":"integer","title":"namespace_count","format":"int32","description":"Total number of namespaces in the cluster."}},"title":"KubernetesAgentStatus","additionalProperties":false,"description":"KubernetesAgentStatus contains cluster-level telemetry for a KUBERNETES agent,\n as reported via ReportAgentStatus. Used in both the push payload and the read\n response (GetAgentStatusResponse).\n\n (Successor to the former admiral.cluster.v1.ClusterStatus.)"},"admiral.agent.v1.ListAgentJobsRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent whose jobs to list (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `status`: filter by job status (PENDING, ASSIGNED, RUNNING, etc.).\n - `job_type`: filter by job type (PLAN, APPLY, DESTROY_PLAN, DESTROY_APPLY).\n - `run_id`: jobs for a specific run (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of jobs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListAgentJobsRequest","required":["agent_id"],"additionalProperties":false,"description":"ListAgentJobsRequest contains pagination and filter parameters for listing jobs\n assigned to a specific TERRAFORM agent."},"admiral.agent.v1.ListAgentJobsResponse":{"type":"object","properties":{"jobs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Job"},"title":"jobs","description":"The list of jobs, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListAgentJobsResponse","additionalProperties":false,"description":"ListAgentJobsResponse contains a page of jobs."},"admiral.agent.v1.ListAgentTokensRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent to list tokens for (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListAgentTokensRequest","required":["agent_id"],"additionalProperties":false,"description":"ListAgentTokensRequest contains pagination and filter parameters."},"admiral.agent.v1.ListAgentTokensResponse":{"type":"object","properties":{"access_tokens":{"type":"array","items":{"$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"title":"access_tokens","description":"The list of tokens. Token secrets are never included."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListAgentTokensResponse","additionalProperties":false,"description":"ListAgentTokensResponse contains a page of agent SAT metadata."},"admiral.agent.v1.ListAgentsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `kind`: filter by agent kind (TERRAFORM, KUBERNETES).\n - `name`: filter by agent name.\n - `health_status`: filter by health status.\n - `labels.key`: filter by label key.\n\n Example: `field['kind'] = 'KUBERNETES' AND field['health_status'] = 'HEALTHY'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of agents to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListAgentsRequest","additionalProperties":false,"description":"ListAgentsRequest contains pagination and filter parameters."},"admiral.agent.v1.ListAgentsResponse":{"type":"object","properties":{"agents":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Agent"},"title":"agents","description":"The list of agents."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListAgentsResponse","additionalProperties":false,"description":"ListAgentsResponse contains a page of agents."},"admiral.agent.v1.ListWorkloadEventsRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) whose events to list (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `type`: filter by event type (Normal, Warning).\n - `reason`: filter by event reason.\n - `component`: filter by reporting component.\n - `host`: filter by node."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of events to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListWorkloadEventsRequest","required":["agent_id"],"additionalProperties":false,"description":"ListWorkloadEventsRequest contains pagination and filter parameters for listing\n a KUBERNETES agent's observed Kubernetes events."},"admiral.agent.v1.ListWorkloadEventsResponse":{"type":"object","properties":{"events":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.WorkloadEvent"},"title":"events","description":"The list of events."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListWorkloadEventsResponse","additionalProperties":false,"description":"ListWorkloadEventsResponse contains a page of events."},"admiral.agent.v1.ListWorkloadsRequest":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","format":"uuid","description":"The agent (cluster) whose workloads to list (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `namespace`: filter by Kubernetes namespace.\n - `kind`: filter by workload kind (Deployment, StatefulSet, DaemonSet).\n - `name`: filter by workload name.\n - `health_status`: filter by workload health status."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of workloads to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListWorkloadsRequest","required":["agent_id"],"additionalProperties":false,"description":"ListWorkloadsRequest contains pagination and filter parameters for listing\n workloads on a KUBERNETES agent's cluster."},"admiral.agent.v1.ListWorkloadsResponse":{"type":"object","properties":{"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Workload"},"title":"workloads","description":"The list of workloads."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListWorkloadsResponse","additionalProperties":false,"description":"ListWorkloadsResponse contains a page of workloads."},"admiral.agent.v1.ObjectReference":{"type":"object","properties":{"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Pod\", \"ReplicaSet\")."},"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Object name."},"api_version":{"type":"string","title":"api_version","description":"Kubernetes apiVersion (e.g., \"v1\", \"apps/v1\"). Empty when unknown."},"uid":{"type":"string","title":"uid","description":"Object UID, used to disambiguate references across recreations. Empty when\n unknown."}},"title":"ObjectReference","additionalProperties":false,"description":"ObjectReference is a lightweight reference to a Kubernetes object."},"admiral.agent.v1.ReportAgentStatusRequest":{"type":"object","properties":{"status":{"title":"status","description":"Cluster-level telemetry snapshot.","$ref":"#/components/schemas/admiral.agent.v1.KubernetesAgentStatus"},"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.WorkloadStatus"},"title":"workloads","description":"Per-workload status snapshots."},"events":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.WorkloadEvent"},"title":"events","description":"Kubernetes events observed since the last push."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"cluster_uid":{"type":"string","title":"cluster_uid","description":"The Kubernetes kube-system namespace UID, used by the server to verify this\n token is still bound to the same physical cluster. Empty until resolved."}},"title":"ReportAgentStatusRequest","required":["status"],"additionalProperties":false,"description":"ReportAgentStatusRequest contains a combined telemetry payload from a KUBERNETES\n agent. Admiral splits this into storage tiers: current snapshot, time-series\n metrics, and events. The agent is identified by the SAT's binding; the optional\n cluster_uid lets the server verify the token is still bound to the same physical\n cluster (trust-on-first-use)."},"admiral.agent.v1.ReportAgentStatusResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the report was accepted."},"next_push_seconds":{"type":"integer","title":"next_push_seconds","format":"int32","description":"Server-controlled interval (seconds) before the next status push."},"pending_revision_ids":{"type":"array","items":{"type":"string"},"title":"pending_revision_ids","description":"IDs of workload revisions currently awaiting apply on this agent's cluster.\n The agent fetches each via GetRevisionBundle, applies it, and reports via\n ReportRevisionResult. Piggybacked on the telemetry heartbeat so the agent\n needs no separate poll loop."}},"title":"ReportAgentStatusResponse","additionalProperties":false,"description":"ReportAgentStatusResponse acknowledges a telemetry push."},"admiral.agent.v1.ReportJobResultRequest":{"type":"object","properties":{"job_id":{"type":"string","title":"job_id","format":"uuid","description":"The job being reported on (UUID)."},"result":{"title":"result","description":"The execution report with status, normalized summary, outputs, transcript,\n and error information.","$ref":"#/components/schemas/admiral.run.v1.ExecutionReport"}},"title":"ReportJobResultRequest","required":["job_id","result"],"additionalProperties":false,"description":"ReportJobResultRequest contains the outcome of a completed job."},"admiral.agent.v1.ReportJobResultResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the result was accepted."}},"title":"ReportJobResultResponse","additionalProperties":false,"description":"ReportJobResultResponse acknowledges the result."},"admiral.agent.v1.ReportRevisionResultRequest":{"type":"object","properties":{"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision being reported on (UUID)."},"result":{"title":"result","description":"The result of applying the revision.","$ref":"#/components/schemas/admiral.run.v1.ExecutionReport"}},"title":"ReportRevisionResultRequest","required":["revision_id","result"],"additionalProperties":false,"description":"ReportRevisionResultRequest contains the outcome of applying a workload revision\n to the cluster."},"admiral.agent.v1.ReportRevisionResultResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the result was accepted."}},"title":"ReportRevisionResultResponse","additionalProperties":false,"description":"ReportRevisionResultResponse acknowledges the result."},"admiral.agent.v1.ReportWorkloadMetricsRequest":{"type":"object","properties":{"metrics":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.WorkloadMetric"},"title":"metrics","description":"Per-pod metric samples collected since the last push."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"cluster_uid":{"type":"string","title":"cluster_uid","description":"The Kubernetes kube-system namespace UID, used by the server to verify this\n token is still bound to the same physical cluster. Empty until resolved."}},"title":"ReportWorkloadMetricsRequest","additionalProperties":false,"description":"ReportWorkloadMetricsRequest contains a batch of per-pod resource samples from a\n KUBERNETES agent. The agent is identified by the SAT's binding."},"admiral.agent.v1.ReportWorkloadMetricsResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the report was accepted."},"next_push_seconds":{"type":"integer","title":"next_push_seconds","format":"int32","description":"Server-controlled interval (seconds) before the next metrics push. Zero\n leaves the agent's configured cadence unchanged."}},"title":"ReportWorkloadMetricsResponse","additionalProperties":false,"description":"ReportWorkloadMetricsResponse acknowledges a workload metrics push."},"admiral.agent.v1.ReportWorkloadStatusRequest":{"type":"object","properties":{"workloads":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.WorkloadStatus"},"title":"workloads","description":"Per-workload status snapshots."},"reported_at":{"title":"reported_at","description":"When the agent generated this report.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ReportWorkloadStatusRequest","additionalProperties":false,"description":"ReportWorkloadStatusRequest contains incremental workload telemetry from a\n KUBERNETES agent. The agent is identified by the SAT's binding."},"admiral.agent.v1.ReportWorkloadStatusResponse":{"type":"object","properties":{"ack":{"type":"boolean","title":"ack","description":"Whether the report was accepted."}},"title":"ReportWorkloadStatusResponse","additionalProperties":false,"description":"ReportWorkloadStatusResponse acknowledges a workload telemetry push."},"admiral.agent.v1.ResourceSnapshot":{"type":"object","properties":{"group":{"type":"string","title":"group","description":"API group; empty for core resources (Pod, Service, ...)."},"version":{"type":"string","title":"version","description":"API version (e.g., \"v1\")."},"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind."},"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace; empty for cluster-scoped resources."},"name":{"type":"string","title":"name","description":"Object name."},"sync":{"title":"sync","description":"Whether this resource matches the bundle.","$ref":"#/components/schemas/admiral.agent.v1.SyncState"},"health":{"title":"health","description":"Derived health of this resource.","$ref":"#/components/schemas/admiral.agent.v1.WorkloadHealthStatus"},"message":{"type":"string","title":"message","description":"Short human-readable detail (e.g., \"ready: 2/3\", \"ImagePullBackOff\"). Empty\n for healthy resources."},"field_owners":{"type":"array","items":{"type":"string"},"title":"field_owners","description":"Field managers other than the agent that have touched this resource (from\n .metadata.managedFields). Empty when the agent is the sole writer; non-empty\n is the \"known drift\" signal (HPA, VPA, kubectl edits)."}},"title":"ResourceSnapshot","additionalProperties":false,"description":"ResourceSnapshot is the per-managed-resource entry inside a WorkloadStatus.\n Identity is structured (group/version/kind/namespace/name) so the server does\n not parse an encoded ID."},"admiral.agent.v1.RevisionBundle":{"type":"object","properties":{"artifact_url":{"type":"string","title":"artifact_url","description":"Signed URL to download the rendered manifest bundle (tar.gz of ordered\n Kubernetes YAML manifests). Time-limited."},"artifact_checksum":{"type":"string","title":"artifact_checksum","description":"SHA-256 checksum of the artifact bundle for integrity verification."},"namespace":{"type":"string","title":"namespace","description":"The Kubernetes namespace to apply manifests into. Resolved from the\n component's target namespace (defaults to the environment name when empty)."},"component_name":{"type":"string","title":"component_name","description":"Component name for logging and status tracking."},"ref":{"type":"string","title":"ref","description":"The git ref / version selector being deployed (chart version, git ref)."}},"title":"RevisionBundle","additionalProperties":false,"description":"RevisionBundle contains pre-rendered Kubernetes manifests for a workload\n revision, ready for server-side apply by a KUBERNETES agent."},"admiral.agent.v1.RevokeAgentTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokeAgentTokenRequest","required":["token_id"],"additionalProperties":false,"description":"RevokeAgentTokenRequest identifies an agent SAT to revoke. Token IDs are\n globally unique; the server resolves the parent agent from the token ID."},"admiral.agent.v1.RevokeAgentTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata with updated status.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"RevokeAgentTokenResponse","additionalProperties":false,"description":"RevokeAgentTokenResponse contains the revoked agent SAT metadata."},"admiral.agent.v1.SyncState":{"type":"string","title":"SyncState","enum":["SYNC_STATE_UNSPECIFIED","SYNC_STATE_SYNCED","SYNC_STATE_OUT_OF_SYNC","SYNC_STATE_UNKNOWN","SYNC_STATE_IGNORED"],"description":"SyncState describes whether the live cluster state matches the desired bundle\n for a workload's current revision."},"admiral.agent.v1.TerraformAgentStatus":{"type":"object","properties":{"version":{"type":"string","title":"version","description":"The agent binary version (e.g., \"1.2.0\")."},"active_jobs":{"type":"integer","title":"active_jobs","format":"int32","description":"Number of jobs currently being executed by this agent."},"max_concurrent_jobs":{"type":"integer","title":"max_concurrent_jobs","format":"int32","description":"Maximum number of concurrent jobs this agent supports."},"active_job_details":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.ActiveJobInfo"},"title":"active_job_details","description":"Details of jobs currently being executed by this agent instance. The worker\n thread updates job phase in shared memory; the heartbeat thread reads and\n includes it on each tick. `len(active_job_details)` equals `active_jobs` on\n every heartbeat (not capped or sampled)."}},"title":"TerraformAgentStatus","additionalProperties":false,"description":"TerraformAgentStatus contains capacity and telemetry metrics for a TERRAFORM\n agent, as reported via Heartbeat. Used in both the push payload\n (HeartbeatRequest) and the read response (GetAgentStatusResponse).\n\n (Successor to the former admiral.runner.v1.RunnerStatus.)"},"admiral.agent.v1.UpdateAgentRequest":{"type":"object","properties":{"agent":{"title":"agent","description":"The agent with updated fields. The `id` field is required. Only fields named\n in `update_mask` are updated. `kind` is immutable and cannot be updated.","$ref":"#/components/schemas/admiral.agent.v1.Agent"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateAgentRequest","required":["agent"],"additionalProperties":false,"description":"UpdateAgentRequest contains the agent fields to update."},"admiral.agent.v1.UpdateAgentResponse":{"type":"object","properties":{"agent":{"title":"agent","description":"The updated agent.","$ref":"#/components/schemas/admiral.agent.v1.Agent"}},"title":"UpdateAgentResponse","additionalProperties":false,"description":"UpdateAgentResponse contains the updated agent."},"admiral.agent.v1.Workload":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"Unique identifier for the workload within Admiral (UUID)."},"agent_id":{"type":"string","title":"agent_id","description":"The agent (cluster) this workload belongs to (UUID)."},"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Workload name."},"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Deployment\", \"StatefulSet\", \"DaemonSet\")."},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"Kubernetes labels on the workload."},"health_status":{"title":"health_status","description":"Derived health status.","$ref":"#/components/schemas/admiral.agent.v1.WorkloadHealthStatus"},"status_reason":{"type":"string","title":"status_reason","description":"Human-readable reason for the current status (e.g., \"MinimumReplicasUnavailable\")."},"replicas_desired":{"type":"integer","title":"replicas_desired","format":"int32","description":"Number of desired replicas."},"replicas_ready":{"type":"integer","title":"replicas_ready","format":"int32","description":"Number of ready replicas."},"replicas_available":{"type":"integer","title":"replicas_available","format":"int32","description":"Number of available replicas."},"cpu_requests_millicores":{"type":["integer","string"],"title":"cpu_requests_millicores","format":"int64","description":"CPU requests across all containers, in millicores."},"cpu_limits_millicores":{"type":["integer","string"],"title":"cpu_limits_millicores","format":"int64","description":"CPU limits across all containers, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all containers, in millicores."},"memory_requests_bytes":{"type":["integer","string"],"title":"memory_requests_bytes","format":"int64","description":"Memory requests across all containers, in bytes."},"memory_limits_bytes":{"type":["integer","string"],"title":"memory_limits_bytes","format":"int64","description":"Memory limits across all containers, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all containers, in bytes."},"containers":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.ContainerStatus"},"title":"containers","description":"Status of individual containers in this workload."},"last_updated_at":{"title":"last_updated_at","description":"When this workload's status was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"uid":{"type":"string","title":"uid","description":"Rich detail (populated by GetWorkload; omitted from ListWorkloads). Mirrors\n the agent-reported WorkloadStatus."},"generation":{"type":["integer","string"],"title":"generation","format":"int64"},"revision_id":{"type":"string","title":"revision_id"},"sync":{"title":"sync","$ref":"#/components/schemas/admiral.agent.v1.SyncState"},"suspended":{"type":"boolean","title":"suspended"},"resources":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.ResourceSnapshot"},"title":"resources"},"conditions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Condition"},"title":"conditions"},"observed_at":{"title":"observed_at","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_reconciled_at":{"title":"last_reconciled_at","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_applied_revision":{"type":"string","title":"last_applied_revision"}},"title":"Workload","additionalProperties":false,"description":"Workload represents a Kubernetes workload (Deployment, StatefulSet, DaemonSet,\n etc.) as observed by a KUBERNETES agent."},"admiral.agent.v1.Workload.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.agent.v1.WorkloadEvent":{"type":"object","properties":{"uid":{"type":"string","title":"uid","description":"Kubernetes event UID, used for deduplication."},"type":{"type":"string","title":"type","description":"Event type: \"Normal\" or \"Warning\"."},"reason":{"type":"string","title":"reason","description":"Short machine-readable reason (e.g., \"BackOff\", \"FailedScheduling\")."},"regarding":{"title":"regarding","description":"The Kubernetes object this event is about.","$ref":"#/components/schemas/admiral.agent.v1.ObjectReference"},"message":{"type":"string","title":"message","description":"Human-readable event message."},"first_seen":{"title":"first_seen","description":"When this event was first observed.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_seen":{"title":"last_seen","description":"When this event was most recently observed.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"count":{"type":"integer","title":"count","format":"int32","description":"Number of times this event has occurred."},"component":{"type":"string","title":"component","description":"Reporting component (event source), e.g. \"kubelet\", \"default-scheduler\"."},"host":{"type":"string","title":"host","description":"Node the reporting component ran on. Empty for cluster-level sources."}},"title":"WorkloadEvent","additionalProperties":false,"description":"WorkloadEvent represents a Kubernetes event related to a workload or its child\n objects. Events are deduplicated by their K8s UID."},"admiral.agent.v1.WorkloadHealthStatus":{"type":"string","title":"WorkloadHealthStatus","enum":["WORKLOAD_HEALTH_STATUS_UNSPECIFIED","WORKLOAD_HEALTH_STATUS_HEALTHY","WORKLOAD_HEALTH_STATUS_DEGRADED","WORKLOAD_HEALTH_STATUS_ERROR","WORKLOAD_HEALTH_STATUS_PROGRESSING","WORKLOAD_HEALTH_STATUS_SUSPENDED","WORKLOAD_HEALTH_STATUS_MISSING"],"description":"WorkloadHealthStatus represents the derived health state of a single workload."},"admiral.agent.v1.WorkloadMetric":{"type":"object","properties":{"application":{"title":"application","description":"The Application that owns the pod's top-level controller.","$ref":"#/components/schemas/admiral.agent.v1.ApplicationRef"},"pod":{"title":"pod","description":"The pod this sample was taken from.","$ref":"#/components/schemas/admiral.agent.v1.ObjectReference"},"node":{"type":"string","title":"node","description":"Name of the node the pod is scheduled on."},"cpu_millicores":{"type":["integer","string"],"title":"cpu_millicores","format":"int64","description":"CPU usage summed across all containers in the pod, in millicores."},"memory_bytes":{"type":["integer","string"],"title":"memory_bytes","format":"int64","description":"Memory usage summed across all containers in the pod, in bytes."},"window":{"title":"window","description":"The metrics-server scrape window this sample represents (typically ~30s).","$ref":"#/components/schemas/google.protobuf.Duration"},"timestamp":{"title":"timestamp","description":"When metrics-server recorded the sample.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"WorkloadMetric","additionalProperties":false,"description":"WorkloadMetric is a single per-pod CPU/memory sample from metrics-server,\n tagged with the Application that owns the pod's top-level controller. Admiral\n aggregates samples pod -> workload -> cluster server-side."},"admiral.agent.v1.WorkloadStatus":{"type":"object","properties":{"namespace":{"type":"string","title":"namespace","description":"Kubernetes namespace."},"name":{"type":"string","title":"name","description":"Workload name."},"kind":{"type":"string","title":"kind","description":"Kubernetes resource kind (e.g., \"Deployment\", \"StatefulSet\")."},"labels":{"type":"object","title":"labels","additionalProperties":{"type":"string","title":"value"},"description":"Kubernetes labels on the workload."},"replicas_desired":{"type":"integer","title":"replicas_desired","format":"int32","description":"Number of desired replicas."},"replicas_ready":{"type":"integer","title":"replicas_ready","format":"int32","description":"Number of ready replicas."},"replicas_available":{"type":"integer","title":"replicas_available","format":"int32","description":"Number of available replicas."},"cpu_requests_millicores":{"type":["integer","string"],"title":"cpu_requests_millicores","format":"int64","description":"CPU requests across all containers, in millicores."},"cpu_limits_millicores":{"type":["integer","string"],"title":"cpu_limits_millicores","format":"int64","description":"CPU limits across all containers, in millicores."},"cpu_used_millicores":{"type":["integer","string"],"title":"cpu_used_millicores","format":"int64","description":"Current CPU usage across all containers, in millicores."},"memory_requests_bytes":{"type":["integer","string"],"title":"memory_requests_bytes","format":"int64","description":"Memory requests across all containers, in bytes."},"memory_limits_bytes":{"type":["integer","string"],"title":"memory_limits_bytes","format":"int64","description":"Memory limits across all containers, in bytes."},"memory_used_bytes":{"type":["integer","string"],"title":"memory_used_bytes","format":"int64","description":"Current memory usage across all containers, in bytes."},"health_status":{"title":"health_status","description":"Derived health status.","$ref":"#/components/schemas/admiral.agent.v1.WorkloadHealthStatus"},"containers":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.ContainerStatus"},"title":"containers","description":"Status of individual containers."},"uid":{"type":"string","title":"uid","description":"Kubernetes object UID. Stable identity across rename (rename is delete +\n recreate, so a changed UID means a different workload)."},"generation":{"type":["integer","string"],"title":"generation","format":"int64","description":"The .metadata.generation observed for this workload."},"revision_id":{"type":"string","title":"revision_id","description":"The Admiral revision this workload was reconciled against."},"sync":{"title":"sync","description":"Whether the live cluster state matches the bundle.","$ref":"#/components/schemas/admiral.agent.v1.SyncState"},"suspended":{"type":"boolean","title":"suspended","description":"Whether the workload is deliberately paused (Application suspend)."},"resources":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.ResourceSnapshot"},"title":"resources","description":"Per-managed-resource inventory with sync/health and foreign field owners."},"conditions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.agent.v1.Condition"},"title":"conditions","description":"Typed observations on the workload as a whole."},"observed_at":{"title":"observed_at","description":"When the agent took this observation.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_reconciled_at":{"title":"last_reconciled_at","description":"When the workload was last reconciled.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_applied_revision":{"type":"string","title":"last_applied_revision","description":"The last revision the agent successfully applied."}},"title":"WorkloadStatus","additionalProperties":false,"description":"WorkloadStatus is the agent-reported status for a single workload within a\n telemetry push payload."},"admiral.agent.v1.WorkloadStatus.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.application.v1.Application":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the application (UUID).","readOnly":true},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"inventory-api\"). Unique within\n the tenant. Lowercase alphanumeric and hyphens only, must start with a\n letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the application's purpose\n (e.g., \"Core inventory service tracking warehouse stock and fulfillment\")."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering applications\n (e.g., `{\"team\": \"logistics\", \"tier\": \"critical\"}`)."},"created_by":{"title":"created_by","description":"The user or agent who created this application (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the application was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the application was last updated.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Application","additionalProperties":false,"description":"Application represents a deployable unit within a tenant. An application\n groups manifests, dependencies, and environment configuration into a single\n entity that Admiral orchestrates across environments.","example":{"id":"a1b2c3d4-5678-9abc-def0-1234567890ab","name":"inventory-api","description":"Core inventory management service for tracking warehouse stock levels and fulfillment.","labels":{"team":"logistics","tier":"critical"},"created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"created_at":"2025-09-15T10:30:00Z","updated_at":"2025-11-02T14:22:00Z"}},"admiral.application.v1.Application.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.application.v1.CreateApplicationRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"inventory-api\"). Unique within\n the tenant. Lowercase alphanumeric and hyphens only, must start with a\n letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the application's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering applications."}},"title":"CreateApplicationRequest","required":["name"],"additionalProperties":false,"description":"CreateApplicationRequest contains the parameters for creating a new application."},"admiral.application.v1.CreateApplicationRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.application.v1.CreateApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The created application.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"CreateApplicationResponse","additionalProperties":false,"description":"CreateApplicationResponse contains the newly created application."},"admiral.application.v1.DeleteApplicationRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application to delete (UUID)."},"force":{"type":"boolean","title":"force","description":"When true, bypass the children-exist check and cascade-delete all\n environments and their runs (metadata records only)."}},"title":"DeleteApplicationRequest","required":["application_id"],"additionalProperties":false,"description":"DeleteApplicationRequest identifies an application to delete."},"admiral.application.v1.DeleteApplicationResponse":{"type":"object","title":"DeleteApplicationResponse","additionalProperties":false,"description":"DeleteApplicationResponse is empty on success."},"admiral.application.v1.GetApplicationRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The unique identifier of the application (UUID)."}},"title":"GetApplicationRequest","required":["application_id"],"additionalProperties":false,"description":"GetApplicationRequest identifies an application to retrieve."},"admiral.application.v1.GetApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The retrieved application.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"GetApplicationResponse","additionalProperties":false,"description":"GetApplicationResponse contains the application record."},"admiral.application.v1.ListApplicationsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by application name.\n - `labels.key`: filter by label key.\n\n Example: `field['name'] = 'inventory-api' AND field['labels.team'] = 'logistics'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of applications to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListApplicationsRequest","additionalProperties":false,"description":"ListApplicationsRequest contains pagination and filter parameters."},"admiral.application.v1.ListApplicationsResponse":{"type":"object","properties":{"applications":{"type":"array","items":{"$ref":"#/components/schemas/admiral.application.v1.Application"},"title":"applications","description":"The list of applications."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListApplicationsResponse","additionalProperties":false,"description":"ListApplicationsResponse contains a page of applications."},"admiral.application.v1.UpdateApplicationRequest":{"type":"object","properties":{"application":{"title":"application","description":"The application with updated fields. Its `id` identifies the application;\n only fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.application.v1.Application"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateApplicationRequest","required":["application"],"additionalProperties":false,"description":"UpdateApplicationRequest contains the application fields to update."},"admiral.application.v1.UpdateApplicationResponse":{"type":"object","properties":{"application":{"title":"application","description":"The updated application.","$ref":"#/components/schemas/admiral.application.v1.Application"}},"title":"UpdateApplicationResponse","additionalProperties":false,"description":"UpdateApplicationResponse contains the updated application."},"admiral.catalog.v1.CatalogItem":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the catalog item (UUID).","readOnly":true},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"billing-vpc\", \"rds-standard\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the catalog item's purpose\n (e.g., \"Standard VPC module for billing workloads\")."},"type":{"title":"type","description":"(IMMUTABLE) The content type: what this item contains and how it should be executed.\n Immutable after creation.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItemType"},"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Reference to the Source this catalog item fetches from (UUID)."},"ref":{"type":"string","title":"ref","maxLength":256,"description":"Git ref, registry version, chart version, or OCI tag to fetch.\n Optional. When empty, the backend uses its default (e.g., HEAD for Git,\n latest for registries). This is the default a component copies at create\n time; the component owns its ref thereafter."},"root":{"type":"string","title":"root","maxLength":512,"description":"Subdirectory within the fetched tree to treat as the item root.\n Optional. When empty, the entire fetched tree is the root.\n Example: \"modules/vpc\" within a monorepo."},"path":{"type":"string","title":"path","maxLength":512,"description":"Working directory within root for execution (e.g., \"environments/prod\").\n Optional. When empty, defaults to root itself."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering catalog items\n (e.g., `{\"team\": \"platform\", \"stack\": \"networking\"}`)."},"source_name":{"type":"string","title":"source_name","description":"Display name of the parent source. Denormalized for display.","readOnly":true},"created_by":{"title":"created_by","description":"The user or agent who created this catalog item (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the catalog item was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the catalog item was last updated.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CatalogItem","additionalProperties":false,"description":"CatalogItem represents a named, reusable reference to a slice of content\n within a Source at a specific ref. One Source can back many catalog items\n (different refs, different subtrees, different working directories).\n\n The catalog item type identifies what the content is (Terraform, Helm,\n Kustomize, raw manifests) independently of how it is fetched (the Source\n type). This separation allows a single Git source to back Terraform, Helm,\n and manifest items in different subdirectories.\n\n A catalog item is a starting point: components are instantiated FROM it as\n self-contained copies (copy-not-link), so editing or deleting an item never\n mutates already-placed components."},"admiral.catalog.v1.CatalogItem.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.catalog.v1.CatalogItemType":{"type":"string","title":"CatalogItemType","enum":["CATALOG_ITEM_TYPE_UNSPECIFIED","CATALOG_ITEM_TYPE_TERRAFORM","CATALOG_ITEM_TYPE_HELM","CATALOG_ITEM_TYPE_KUSTOMIZE","CATALOG_ITEM_TYPE_MANIFEST"],"description":"CatalogItemType identifies the content semantics: what the fetched content is\n and how it should be executed. This is orthogonal to SourceType, which\n identifies the fetch protocol. A single GIT source can back TERRAFORM, HELM,\n KUSTOMIZE, and MANIFEST items in different subdirectories."},"admiral.catalog.v1.CreateCatalogItemRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"billing-vpc\", \"rds-standard\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the catalog item's purpose."},"type":{"not":{"enum":["CATALOG_ITEM_TYPE_UNSPECIFIED"]},"title":"type","description":"The content type: what this item contains and how it should be executed.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItemType"},"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Reference to the Source this catalog item fetches from (UUID)."},"ref":{"type":"string","title":"ref","maxLength":256,"description":"Git ref, registry version, chart version, or OCI tag to fetch.\n Optional. When empty, the backend uses its default (e.g., HEAD for Git,\n latest for registries). This is the default a component copies at create\n time; the component owns its ref thereafter."},"root":{"type":"string","title":"root","maxLength":512,"description":"Subdirectory within the fetched tree to treat as the item root.\n Optional. When empty, the entire fetched tree is the root.\n Example: \"modules/vpc\" within a monorepo."},"path":{"type":"string","title":"path","maxLength":512,"description":"Working directory within root for execution (e.g., \"environments/prod\").\n Optional. When empty, defaults to root itself."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels."}},"title":"CreateCatalogItemRequest","required":["name","type","source_id"],"additionalProperties":false,"description":"CreateCatalogItemRequest contains the parameters for creating a new item."},"admiral.catalog.v1.CreateCatalogItemRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.catalog.v1.CreateCatalogItemResponse":{"type":"object","properties":{"catalog_item":{"title":"catalog_item","description":"The created catalog item.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"}},"title":"CreateCatalogItemResponse","additionalProperties":false,"description":"CreateCatalogItemResponse contains the newly created catalog item."},"admiral.catalog.v1.DeleteCatalogItemRequest":{"type":"object","properties":{"catalog_item_id":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item to delete (UUID)."}},"title":"DeleteCatalogItemRequest","required":["catalog_item_id"],"additionalProperties":false,"description":"DeleteCatalogItemRequest identifies a catalog item to delete."},"admiral.catalog.v1.DeleteCatalogItemResponse":{"type":"object","title":"DeleteCatalogItemResponse","additionalProperties":false,"description":"DeleteCatalogItemResponse is empty on success."},"admiral.catalog.v1.GetCatalogItemRequest":{"type":"object","properties":{"catalog_item_id":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item (UUID)."}},"title":"GetCatalogItemRequest","required":["catalog_item_id"],"additionalProperties":false,"description":"GetCatalogItemRequest identifies a catalog item to retrieve."},"admiral.catalog.v1.GetCatalogItemResponse":{"type":"object","properties":{"catalog_item":{"title":"catalog_item","description":"The retrieved catalog item.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"}},"title":"GetCatalogItemResponse","additionalProperties":false,"description":"GetCatalogItemResponse contains the catalog item record."},"admiral.catalog.v1.ListCatalogItemsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by catalog item name.\n - `type`: filter by item type (TERRAFORM, HELM, KUSTOMIZE, MANIFEST).\n - `source_id`: filter by source reference.\n\n Example: `field['type'] = 'TERRAFORM'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of catalog items to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListCatalogItemsRequest","additionalProperties":false,"description":"ListCatalogItemsRequest contains pagination and filter parameters."},"admiral.catalog.v1.ListCatalogItemsResponse":{"type":"object","properties":{"catalog_items":{"type":"array","items":{"$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"},"title":"catalog_items","description":"The list of catalog items."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListCatalogItemsResponse","additionalProperties":false,"description":"ListCatalogItemsResponse contains a page of catalog items."},"admiral.catalog.v1.ResolveCatalogItemRequest":{"type":"object","properties":{"catalog_item_id":{"type":"string","title":"catalog_item_id","format":"uuid","description":"Unique identifier of the catalog item to resolve (UUID)."},"ref_override":{"type":"string","title":"ref_override","maxLength":256,"description":"Optional ref override. When set, this ref is used instead of the item's\n default ref. Useful for previewing a different version without modifying\n the catalog item definition."}},"title":"ResolveCatalogItemRequest","required":["catalog_item_id"],"additionalProperties":false,"description":"ResolveCatalogItemRequest identifies a catalog item to resolve."},"admiral.catalog.v1.ResolveCatalogItemResponse":{"type":"object","properties":{"revision":{"type":"string","title":"revision","description":"The resolved revision identifier. For Git sources, this is the commit SHA.\n For registry sources, the canonical version string. For HTTP, a content hash."},"digest":{"type":"string","title":"digest","description":"Content-addressing digest of the fetched content (e.g., \"sha1:\",\n \"sha256:\")."},"catalog_item":{"title":"catalog_item","description":"The catalog item that was resolved, with current field values.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"}},"title":"ResolveCatalogItemResponse","additionalProperties":false,"description":"ResolveCatalogItemResponse contains the resolved metadata from fetching the\n catalog item's content via its Source."},"admiral.catalog.v1.UpdateCatalogItemRequest":{"type":"object","properties":{"catalog_item":{"title":"catalog_item","description":"The catalog item with updated fields. Its `id` identifies the item; only\n fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `source_id`, `ref`, `root`, `path`, `labels`. `type` is\n immutable and cannot be updated.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateCatalogItemRequest","required":["catalog_item"],"additionalProperties":false,"description":"UpdateCatalogItemRequest contains the catalog item fields to update."},"admiral.catalog.v1.UpdateCatalogItemResponse":{"type":"object","properties":{"catalog_item":{"title":"catalog_item","description":"The updated catalog item.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItem"}},"title":"UpdateCatalogItemResponse","additionalProperties":false,"description":"UpdateCatalogItemResponse contains the updated catalog item."},"admiral.changeset.v1.CatalogItemVersionDiff":{"type":"object","properties":{"catalog_item_id_old":{"type":["string","null"],"title":"catalog_item_id_old","description":"Catalog item UUID before the change."},"catalog_item_id_new":{"type":["string","null"],"title":"catalog_item_id_new","description":"Catalog item UUID after the change."},"catalog_item_name_old":{"type":["string","null"],"title":"catalog_item_name_old","description":"Catalog item name before the change (denormalized for display)."},"catalog_item_name_new":{"type":["string","null"],"title":"catalog_item_name_new","description":"Catalog item name after the change (denormalized for display)."},"ref_old":{"type":["string","null"],"title":"ref_old","description":"Ref (git ref / version selector) before the change."},"ref_new":{"type":["string","null"],"title":"ref_new","description":"Ref (git ref / version selector) after the change."}},"title":"CatalogItemVersionDiff","additionalProperties":false,"description":"CatalogItemVersionDiff describes a catalog-item-id and/or version change on\n an entry. Absent halves mean \"unset.\" Both halves can be absent for CREATE\n entries whose catalog item fields aren't being changed (caller still emits\n the new values)."},"admiral.changeset.v1.ChangeSet":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the change set (UUID).","readOnly":true},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this change set targets (UUID).","readOnly":true},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this change set targets (UUID).","readOnly":true},"status":{"title":"status","description":"Lifecycle status of this change set.","readOnly":true,"$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetStatus"},"copied_from_id":{"type":"string","title":"copied_from_id","description":"If this change set was created via CopyChangeSet, the UUID of the source\n change set. Forms the promotion chain (e.g., dev -> staging -> prod).\n Empty for change sets created directly via CreateChangeSet.","readOnly":true},"title":{"type":"string","title":"title","maxLength":256,"description":"Human-readable title for the change set (e.g., \"Bump database version\")."},"description":{"type":"string","title":"description","maxLength":4096,"description":"Optional longer description of what the change set proposes."},"deploy_run_id":{"type":"string","title":"deploy_run_id","description":"The run that deployed this change set (UUID). Populated when status\n transitions to DEPLOYED. Empty otherwise. Note: many runs may target a\n change set over its life (via runs.change_set_id); this is the single run\n that closed it.","readOnly":true},"entries":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntry"},"title":"entries","description":"Component entries proposed by this change set. Populated by GetChangeSet;\n empty in ListChangeSets responses.","readOnly":true},"variable_entries":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetVariableEntry"},"title":"variable_entries","description":"Variable entries proposed by this change set. Populated by GetChangeSet;\n empty in ListChangeSets responses.","readOnly":true},"display_id":{"type":"string","title":"display_id","description":"Typed display identifier of the form `cs-<12-char-suffix>` (e.g.,\n `cs-3k7m9p2q4rvw`). Server-generated, indexed, and stable. Prefer this\n over `id` for user-facing references; lookups accept either form.","readOnly":true},"application_name":{"type":"string","title":"application_name","description":"Display name of the parent application. Denormalized for display.","readOnly":true},"environment_name":{"type":"string","title":"environment_name","description":"Display name of the parent environment. Denormalized for display.","readOnly":true},"created_by":{"title":"created_by","description":"The user or agent that created this change set\n (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the change set was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the change set was last updated (metadata, entries, variable\n entries, or status).","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ChangeSet","additionalProperties":false,"description":"ChangeSet is a scoped, isolated proposal to mutate the deployed state of an\n application within a single environment.\n\n The change set holds two kinds of proposals:\n - Component entries: per-name deltas (CREATE/UPDATE/DESTROY/ORPHAN).\n - Variable entries: per-key set or delete-on-apply."},"admiral.changeset.v1.ChangeSetDiff":{"type":"object","properties":{"entries":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.EntryDiff"},"title":"entries","description":"Per-component entry deltas, ordered by component name."},"variables":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.VariableDiff"},"title":"variables","description":"Per-key variable deltas, ordered by key."},"downstream":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.DownstreamImpact"},"title":"downstream","description":"Deployed components affected by changes to the entries above (static\n graph walk over `values_template` references)."}},"title":"ChangeSetDiff","additionalProperties":false,"description":"ChangeSetDiff describes what a change set would change relative to current\n environment HEAD: per-component entries, per-key variable changes, and the\n deployed components whose `values_template` references a name touched by\n this change set."},"admiral.changeset.v1.ChangeSetEntry":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the entry (UUID)."},"change_set_id":{"type":"string","title":"change_set_id","format":"uuid","description":"The change set this entry belongs to (UUID)."},"component_id":{"type":"string","title":"component_id","description":"The component this entry targets (UUID). Absent for CREATE entries\n (the component does not exist yet)."},"component_name":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name (stable identifier set at creation). Required for all\n entries. For CREATE entries, this is the name of the component to be\n created. For UPDATE/DESTROY/ORPHAN entries, this matches an existing\n component in the application."},"change_type":{"title":"change_type","description":"The change type.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntryType"},"catalog_item_id":{"type":["string","null"],"title":"catalog_item_id","format":"uuid","description":"The catalog item to deploy (UUID). Required for CREATE; optional for UPDATE\n (if changing the catalog item); not allowed for DESTROY/ORPHAN."},"ref":{"type":["string","null"],"title":"ref","maxLength":256,"description":"The git ref / version selector to deploy (e.g., tag, branch, or commit SHA).\n On CREATE, defaults to the catalog item's ref when absent. For UPDATE\n entries, absent means \"no change to ref.\""},"values_template":{"type":["string","null"],"title":"values_template","maxLength":65536,"description":"Values template for catalog item inputs. For UPDATE entries, absent means\n \"no change to values_template.\""},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Explicit dependencies (component names). Whatever the client sends is\n recorded; an empty list clears existing dependencies. Not allowed for\n DESTROY/ORPHAN entries. Names may reference components materialized\n earlier in the same change set (their UUIDs do not exist until apply)."},"description":{"type":["string","null"],"title":"description","maxLength":1024,"description":"Optional description for the proposed change (e.g., \"Bump to v2.1.0\n for performance fix\"). For UPDATE entries, absent means \"no change.\""},"catalog_item_name":{"type":"string","title":"catalog_item_name","description":"Display name of the referenced catalog item. Denormalized for display.\n Read-only; ignored on writes."},"created_at":{"title":"created_at","description":"When the entry was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the entry was last replaced.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"target":{"title":"target","description":"Resolved placement for the component: the agent it deploys on (plus a\n namespace for WORKLOAD components). Copied onto the component at deploy\n time; the environment is no longer the source of truth for placement.","$ref":"#/components/schemas/admiral.component.v1.ComponentTarget"}},"title":"ChangeSetEntry","additionalProperties":false,"description":"ChangeSetEntry is a per-component proposal within a change set.\n\n Patch semantics: optional fields that are absent mean \"no change relative\n to the component's current state at deploy time.\" Required fields per\n `change_type`:\n - CREATE: `catalog_item_id` required; `component_id` must be empty.\n - UPDATE: `component_id` required; at least one optional field set.\n - DESTROY / ORPHAN: `component_id` required; no patch fields allowed."},"admiral.changeset.v1.ChangeSetEntryType":{"type":"string","title":"ChangeSetEntryType","enum":["CHANGE_SET_ENTRY_TYPE_UNSPECIFIED","CHANGE_SET_ENTRY_TYPE_CREATE","CHANGE_SET_ENTRY_TYPE_UPDATE","CHANGE_SET_ENTRY_TYPE_DESTROY","CHANGE_SET_ENTRY_TYPE_ORPHAN"],"description":"ChangeSetEntryType selects what the entry does to the targeted component."},"admiral.changeset.v1.ChangeSetStatus":{"type":"string","title":"ChangeSetStatus","enum":["CHANGE_SET_STATUS_UNSPECIFIED","CHANGE_SET_STATUS_OPEN","CHANGE_SET_STATUS_DEPLOYED","CHANGE_SET_STATUS_DISCARDED"],"description":"ChangeSetStatus is the lifecycle state of a change set. Only OPEN change\n sets can be mutated. DEPLOYED is reached when a run referencing the change\n set succeeds; DISCARDED is reached via DiscardChangeSet."},"admiral.changeset.v1.ChangeSetVariableEntry":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the variable entry (UUID)."},"change_set_id":{"type":"string","title":"change_set_id","format":"uuid","description":"The change set this entry belongs to (UUID)."},"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable key (e.g., \"TF_VAR_region\", \"IMAGE_TAG\")."},"value":{"type":["string","null"],"title":"value","description":"The value to set on apply. Absent means \"delete this key on apply\"\n (tombstone). Masked in responses when `sensitive` is true."},"type":{"title":"type","description":"How the value should be interpreted by the rendering engine and\n displayed in the UI.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"sensitive":{"type":"boolean","title":"sensitive","description":"When true, the value is encrypted at rest and masked in API responses."},"created_at":{"title":"created_at","description":"When the variable entry was created or last replaced.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"ChangeSetVariableEntry","additionalProperties":false,"description":"ChangeSetVariableEntry is a per-key variable proposal within a change set.\n\n At deploy time, each variable entry is applied to the change set's\n environment: an entry with `value` set upserts the key, and an entry with\n `value` absent (a tombstone) removes the key."},"admiral.changeset.v1.CopyChangeSetRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the source change set to copy. Accepts either the short\n ID (`cs-`) or the canonical UUID. Can be in any status."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment for the new change set (UUID). Must belong to\n the source change set's application."},"title":{"type":"string","title":"title","maxLength":256,"description":"Optional title override. Defaults to the source's title when empty."},"description":{"type":"string","title":"description","maxLength":4096,"description":"Optional description override. Defaults to the source's description\n when empty."}},"title":"CopyChangeSetRequest","required":["change_set_id","environment_id"],"additionalProperties":false,"description":"CopyChangeSetRequest creates a new OPEN change set by copying an existing\n one to a target environment."},"admiral.changeset.v1.CopyChangeSetResponse":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The new change set with `copied_from_id` set to the source.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"}},"title":"CopyChangeSetResponse","additionalProperties":false,"description":"CopyChangeSetResponse contains the newly created change set."},"admiral.changeset.v1.CreateChangeSetRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this change set targets (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this change set targets (UUID)."},"title":{"type":"string","title":"title","maxLength":256,"description":"Optional human-readable title (e.g., \"Bump database version\")."},"description":{"type":"string","title":"description","maxLength":4096,"description":"Optional longer description of what the change set proposes."}},"title":"CreateChangeSetRequest","required":["application_id","environment_id"],"additionalProperties":false,"description":"CreateChangeSetRequest opens a new change set for an (application,\n environment) pair."},"admiral.changeset.v1.CreateChangeSetResponse":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The created change set. Status is OPEN; entries and variable entries\n are empty.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"}},"title":"CreateChangeSetResponse","additionalProperties":false,"description":"CreateChangeSetResponse contains the newly created change set."},"admiral.changeset.v1.DiffChangeSetRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},"title":"DiffChangeSetRequest","required":["change_set_id"],"additionalProperties":false,"description":"DiffChangeSetRequest identifies the change set to diff."},"admiral.changeset.v1.DiffChangeSetResponse":{"type":"object","properties":{"diff":{"title":"diff","description":"The structural diff. Empty `entries`, `variables`, and `downstream` lists\n mean the change set proposes no changes relative to current state.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetDiff"}},"title":"DiffChangeSetResponse","additionalProperties":false,"description":"DiffChangeSetResponse contains the computed diff."},"admiral.changeset.v1.DiffChangeType":{"type":"string","title":"DiffChangeType","enum":["DIFF_CHANGE_TYPE_UNSPECIFIED","DIFF_CHANGE_TYPE_ADDED","DIFF_CHANGE_TYPE_CHANGED","DIFF_CHANGE_TYPE_REMOVED"],"description":"DiffChangeType classifies a single change inside a ChangeSetDiff:\n per-key value changes inside an entry's values_template, or per-key\n variable changes."},"admiral.changeset.v1.DiscardChangeSetRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set to discard. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},"title":"DiscardChangeSetRequest","required":["change_set_id"],"additionalProperties":false,"description":"DiscardChangeSetRequest abandons an OPEN change set."},"admiral.changeset.v1.DiscardChangeSetResponse":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The change set with status set to DISCARDED.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"}},"title":"DiscardChangeSetResponse","additionalProperties":false,"description":"DiscardChangeSetResponse contains the discarded change set."},"admiral.changeset.v1.DownstreamImpact":{"type":"object","properties":{"component_name":{"type":"string","title":"component_name","description":"Name of the deployed component that will be affected."},"affected_by":{"type":"array","items":{"type":"string"},"title":"affected_by","description":"Names in this change set whose outputs the deployed component\n references."}},"title":"DownstreamImpact","additionalProperties":false,"description":"DownstreamImpact lists deployed components whose `values_template`\n references the outputs of a component touched by this change set. Surfaces\n the \"if you apply this, these other components will also re-plan\" set."},"admiral.changeset.v1.EntryDiff":{"type":"object","properties":{"component_name":{"type":"string","title":"component_name","description":"Component name this entry targets."},"change_type":{"title":"change_type","description":"Change kind.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntryType"},"catalog_item":{"oneOf":[{"$ref":"#/components/schemas/admiral.changeset.v1.CatalogItemVersionDiff"},{"type":"null"}],"title":"catalog_item","description":"Catalog item / version delta. Absent when neither field changes."},"values":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.ValueDiff"},"title":"values","description":"Per-key value-template deltas. Today this contains a single ValueDiff\n keyed `values_template` carrying the full template text so reviewers\n can read the new template."},"depends_on_added":{"type":"array","items":{"type":"string"},"title":"depends_on_added","description":"Names added to depends_on by this entry."},"depends_on_removed":{"type":"array","items":{"type":"string"},"title":"depends_on_removed","description":"Names removed from depends_on by this entry."},"description_old":{"type":["string","null"],"title":"description_old","description":"Old description (UPDATE only, when the entry sets description)."},"description_new":{"type":["string","null"],"title":"description_new","description":"New description (CREATE/UPDATE only)."}},"title":"EntryDiff","additionalProperties":false,"description":"EntryDiff describes a single component entry's effect.\n\n For CREATE entries, `catalog_item`/`values`/`depends_on_added` describe the\n proposed new component; the `_old` halves are absent.\n For UPDATE entries, only fields the entry actually changes appear; absent\n patch fields mean \"no change.\"\n For DESTROY/ORPHAN entries, `catalog_item`/`values`/`depends_on_*` are absent."},"admiral.changeset.v1.GetChangeSetRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."}},"title":"GetChangeSetRequest","required":["change_set_id"],"additionalProperties":false,"description":"GetChangeSetRequest identifies a change set to retrieve."},"admiral.changeset.v1.GetChangeSetResponse":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The change set, with `entries` and `variable_entries` populated.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"}},"title":"GetChangeSetResponse","additionalProperties":false,"description":"GetChangeSetResponse contains the change set with all entries inline."},"admiral.changeset.v1.ListChangeSetsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: change sets for a specific application (UUID).\n - `environment_id`: change sets for a specific environment (UUID).\n - `status`: filter by status (OPEN, DEPLOYED, DISCARDED).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'OPEN'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of change sets to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListChangeSetsRequest","additionalProperties":false,"description":"ListChangeSetsRequest contains pagination and filter parameters."},"admiral.changeset.v1.ListChangeSetsResponse":{"type":"object","properties":{"change_sets":{"type":"array","items":{"$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"},"title":"change_sets","description":"The list of change sets, ordered from newest to oldest. Each record\n omits `entries` and `variable_entries`; call GetChangeSet for the\n full record."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListChangeSetsResponse","additionalProperties":false,"description":"ListChangeSetsResponse contains a page of change sets."},"admiral.changeset.v1.RemoveEntryRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"component_name":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name of the entry to remove."}},"title":"RemoveEntryRequest","required":["change_set_id","component_name"],"additionalProperties":false,"description":"RemoveEntryRequest deletes a single entry from an OPEN change set."},"admiral.changeset.v1.RemoveEntryResponse":{"type":"object","title":"RemoveEntryResponse","additionalProperties":false,"description":"RemoveEntryResponse is empty on success."},"admiral.changeset.v1.RemoveVariableRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable key to remove on apply."}},"title":"RemoveVariableRequest","required":["change_set_id","key"],"additionalProperties":false,"description":"RemoveVariableRequest writes a tombstone variable entry that, when the\n change set is deployed, removes the key from the target environment."},"admiral.changeset.v1.RemoveVariableResponse":{"type":"object","properties":{"variable_entry":{"title":"variable_entry","description":"The tombstone entry (value absent, marking the key for deletion on apply).","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetVariableEntry"}},"title":"RemoveVariableResponse","additionalProperties":false,"description":"RemoveVariableResponse contains the tombstone variable entry."},"admiral.changeset.v1.SetEntryRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"component_name":{"type":"string","title":"component_name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component name (stable identifier set at creation). Required."},"change_type":{"not":{"enum":["CHANGE_SET_ENTRY_TYPE_UNSPECIFIED"]},"title":"change_type","description":"The change type.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntryType"},"catalog_item_id":{"type":["string","null"],"title":"catalog_item_id","format":"uuid","description":"The catalog item to deploy (UUID). Required for CREATE; optional for UPDATE.\n Not allowed for DESTROY/ORPHAN."},"ref":{"type":["string","null"],"title":"ref","maxLength":256,"description":"The git ref / version selector to deploy."},"values_template":{"type":["string","null"],"title":"values_template","maxLength":65536,"description":"Values template for catalog item inputs."},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Explicit dependencies (component names). Empty list clears."},"description":{"type":["string","null"],"title":"description","maxLength":1024,"description":"Optional description of the proposed change."},"target":{"title":"target","description":"Resolved placement for the component, by kind. Required for CREATE (the\n component needs a placement); for UPDATE, absent means \"no change to\n placement.\" Replaces the former per-environment target defaults.","$ref":"#/components/schemas/admiral.component.v1.ComponentTarget"}},"title":"SetEntryRequest","required":["change_set_id","component_name","change_type"],"additionalProperties":false,"description":"SetEntryRequest creates or replaces a component entry within a change set."},"admiral.changeset.v1.SetEntryResponse":{"type":"object","properties":{"entry":{"title":"entry","description":"The entry as recorded on the change set.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetEntry"}},"title":"SetEntryResponse","additionalProperties":false,"description":"SetEntryResponse contains the created or replaced entry."},"admiral.changeset.v1.SetVariableRequest":{"type":"object","properties":{"change_set_id":{"type":"string","title":"change_set_id","minLength":1,"description":"Identifier of the change set. Accepts either the short ID\n (`cs-`) or the canonical UUID."},"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_]{0,62}$","description":"The variable key."},"value":{"type":"string","title":"value","minLength":1,"description":"The value to set on apply. For COMPLEX type, must be valid JSON."},"type":{"title":"type","description":"How the value should be interpreted. Defaults to STRING when unspecified.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"sensitive":{"type":"boolean","title":"sensitive","description":"When true, the value is encrypted at rest and masked in API responses."}},"title":"SetVariableRequest","required":["change_set_id","key","value"],"additionalProperties":false,"description":"SetVariableRequest creates or replaces a variable entry within a change set."},"admiral.changeset.v1.SetVariableResponse":{"type":"object","properties":{"variable_entry":{"title":"variable_entry","description":"The variable entry as recorded on the change set.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSetVariableEntry"}},"title":"SetVariableResponse","additionalProperties":false,"description":"SetVariableResponse contains the created or replaced variable entry."},"admiral.changeset.v1.UpdateChangeSetRequest":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The change set with updated fields. Its `id` identifies the change set;\n only fields named in `update_mask` are applied.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `title`,\n `description`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateChangeSetRequest","required":["change_set"],"additionalProperties":false,"description":"UpdateChangeSetRequest updates a change set's mutable metadata."},"admiral.changeset.v1.UpdateChangeSetResponse":{"type":"object","properties":{"change_set":{"title":"change_set","description":"The updated change set.","$ref":"#/components/schemas/admiral.changeset.v1.ChangeSet"}},"title":"UpdateChangeSetResponse","additionalProperties":false,"description":"UpdateChangeSetResponse contains the updated change set (metadata only;\n entries are not returned; call GetChangeSet for the full record)."},"admiral.changeset.v1.ValueDiff":{"type":"object","properties":{"key":{"type":"string","title":"key","description":"Key inside the values_template. Always `values_template` today."},"change_type":{"title":"change_type","description":"The change type (ADDED, CHANGED, REMOVED).","$ref":"#/components/schemas/admiral.changeset.v1.DiffChangeType"},"old":{"type":["string","null"],"title":"old","description":"Previous value (absent for ADDED, sensitive, or when not tracked)."},"new":{"type":["string","null"],"title":"new","description":"New value (absent for REMOVED, sensitive, or when not tracked)."},"sensitive":{"type":"boolean","title":"sensitive","description":"True when the underlying value is sensitive; old/new must be omitted."}},"title":"ValueDiff","additionalProperties":false,"description":"ValueDiff describes a single value change inside an entry's\n `values_template`. EntryDiff emits at most one ValueDiff per entry, keyed\n `values_template`, carrying the full template text.\n\n Sensitive values are masked: when `sensitive=true`, both `old` and `new`\n are absent."},"admiral.changeset.v1.VariableDiff":{"type":"object","properties":{"key":{"type":"string","title":"key","description":"The variable key."},"change_type":{"title":"change_type","description":"The change type (ADDED, CHANGED, REMOVED).","$ref":"#/components/schemas/admiral.changeset.v1.DiffChangeType"},"old":{"type":["string","null"],"title":"old","description":"Previous value (absent for ADDED or sensitive)."},"new":{"type":["string","null"],"title":"new","description":"New value (absent for REMOVED or sensitive)."},"sensitive":{"type":"boolean","title":"sensitive","description":"True when either side is sensitive; old/new must be omitted."}},"title":"VariableDiff","additionalProperties":false,"description":"VariableDiff describes a per-key change to environment variables.\n\n ADDED: the change set sets a key not currently present in the env.\n CHANGED: the change set sets a key with a different value/type/sensitivity.\n REMOVED: the change set carries a tombstone (delete-on-apply) for a key\n that exists in the env."},"admiral.common.v1.AccessToken":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the token (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"ci-deploy-key\").\n Unique within the parent resource. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"token_prefix":{"type":"string","title":"token_prefix","description":"Non-secret prefix of the token value. The five-character brand\n (`admp_` for PATs, `adms_` for SATs) followed by a short sample of\n characters from the secret body (e.g., \"adms_pL2m\"). URL-safe and safe\n to log and display. Use for incident response and audit trails without\n exposing the secret."},"token_type":{"title":"token_type","description":"The category of this token.","$ref":"#/components/schemas/admiral.common.v1.TokenType"},"scopes":{"type":"array","items":{"type":"string"},"title":"scopes","description":"The scopes granted to this token. For PATs, these are user-selected.\n For SATs, these are auto-assigned based on the resource type."},"status":{"title":"status","description":"Current lifecycle status of the token.","$ref":"#/components/schemas/admiral.common.v1.AccessTokenStatus"},"binding_type":{"title":"binding_type","description":"The kind of resource this token is bound to.","$ref":"#/components/schemas/admiral.common.v1.BindingType"},"binding_id":{"type":"string","title":"binding_id","description":"The ID of the resource this token is bound to (UUID): the user ID for\n PATs, the agent ID for SATs."},"expires_at":{"title":"expires_at","description":"When the token expires. If unset, the token does not expire.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"last_used_at":{"title":"last_used_at","description":"When the token was last used to authenticate an API request.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"revoked_at":{"title":"revoked_at","description":"When the token was revoked. Only set when status is REVOKED.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_by":{"title":"created_by","description":"The user who created this token. For PATs, this is the token owner.\n For SATs, this is the administrator who issued the token.","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the token was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"AccessToken","additionalProperties":false,"description":"$77","example":{"id":"9f8e7d6c-5b4a-3210-fedc-ba0987654321","name":"ci-deploy-key","token_prefix":"admp_pL2m","token_type":"TOKEN_TYPE_PAT","scopes":["run:write","app:read","env:read"],"status":"ACCESS_TOKEN_STATUS_ACTIVE","binding_type":"BINDING_TYPE_USER","binding_id":"d290f1ee-6c54-4b01-90e6-d701748f0851","created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"expires_at":"2026-06-01T00:00:00Z","last_used_at":"2025-11-20T14:30:00Z","created_at":"2025-09-01T10:00:00Z"}},"admiral.common.v1.AccessTokenStatus":{"type":"string","title":"AccessTokenStatus","enum":["ACCESS_TOKEN_STATUS_UNSPECIFIED","ACCESS_TOKEN_STATUS_ACTIVE","ACCESS_TOKEN_STATUS_REVOKED"],"description":"AccessTokenStatus represents the lifecycle state of an access token."},"admiral.common.v1.ActorRef":{"type":"object","properties":{"id":{"type":"string","title":"id","description":"UUID of the user or service access token."},"display_name":{"type":"string","title":"display_name","description":"Human-readable name (e.g., \"John Smith\", \"cluster-prod-agent\")."},"email":{"type":"string","title":"email","description":"Email address (empty for non-human actors)."}},"title":"ActorRef","additionalProperties":false,"description":"ActorRef is a lightweight reference to the user or agent that performed an action.\n Server-populated on all resource responses. Clients should never send this;\n use the plain string `created_by` UUID on request messages instead."},"admiral.common.v1.AuthRule":{"type":"object","properties":{"scope":{"type":"string","title":"scope","description":"The scope required to call this RPC (e.g., \"app:read\").\n Empty string means any valid token is sufficient; no specific scope required."},"allowed_token_types":{"type":"array","items":{"type":"string"},"title":"allowed_token_types","description":"Restrict to specific token types (\"pat\", \"sat\", \"session\").\n Empty means all token types are allowed."}},"title":"AuthRule","additionalProperties":false,"description":"AuthRule defines the authorization requirements for an RPC method.\n Applied as a custom method option and enforced at runtime by a Connect interceptor.\n\n The presence of the option means the RPC requires authentication.\n An empty scope means any authenticated request is sufficient."},"admiral.common.v1.BindingType":{"type":"string","title":"BindingType","enum":["BINDING_TYPE_UNSPECIFIED","BINDING_TYPE_USER","BINDING_TYPE_AGENT"],"description":"BindingType identifies the kind of resource an access token is bound to."},"admiral.common.v1.TokenType":{"type":"string","title":"TokenType","enum":["TOKEN_TYPE_UNSPECIFIED","TOKEN_TYPE_PAT","TOKEN_TYPE_SAT"],"description":"TokenType identifies the category of an access token issued by Admiral's token system.\n IDP-issued JWTs (OAuth2/OIDC sessions) are NOT represented here. They are\n resolved by separate middleware and can be referenced as \"session\" in\n AuthRule.allowed_token_types when needed."},"admiral.component.v1.Component":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the component (UUID)."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this component belongs to (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this component is scoped to (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"Component identifier within the (application, environment) pair (e.g.,\n \"vpc\", \"redis\", \"api-server\"). Set at creation; no rename path today.\n Referenced from peer components' template expressions\n (`{{ .component.. }}`), `depends_on` lists, and the\n variable namespace for outputs."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the component's purpose\n (e.g., \"Primary VPC for all environments\" or \"Redis cache layer\")."},"kind":{"title":"kind","description":"Whether this is an infrastructure or workload component. Derived from\n the referenced module's type when the component is created, but stored\n explicitly for filtering and to determine execution behavior.","$ref":"#/components/schemas/admiral.component.v1.ComponentKind"},"deletion_protection":{"type":"boolean","title":"deletion_protection","description":"When true, destroy operations are rejected for this component."},"ref":{"type":"string","title":"ref","maxLength":256,"description":"The git ref / version selector this component deploys (branch, tag, or\n commit SHA for git; version string for package sources). Seeded from the\n catalog item's ref at create time and owned thereafter (copy-not-link)."},"values_template":{"type":"string","title":"values_template","maxLength":65536,"description":"Values template that maps configuration into the module's expected inputs.\n This is a JSON-encoded object where keys are the module input names and\n values are either literal values or template expressions.\n\n Template expressions can reference:\n - Variables: `{{ .var.DATABASE_URL }}`\n - Component outputs: `{{ .component.vpc.vpc_id }}`\n - Environment metadata: `{{ .env.name }}`\n\n Example for a Terraform RDS module:\n {\n \"vpc_id\": \"{{ .component.vpc.vpc_id }}\",\n \"subnet_ids\": \"{{ .component.vpc.private_subnet_ids }}\",\n \"instance_class\": \"{{ .var.RDS_INSTANCE_CLASS }}\",\n \"engine_version\": \"15.4\"\n }\n\n Example for a Helm chart:\n {\n \"replicaCount\": \"{{ .var.REPLICA_COUNT }}\",\n \"image.repository\": \"myorg/api-server\",\n \"image.tag\": \"{{ .var.IMAGE_TAG }}\"\n }\n\n The rendering engine resolves all expressions at deployment time using\n the environment's variables and the outputs of upstream components."},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Component names that must complete successfully before this component\n can be deployed. Must reference components within the same environment.\n The run engine uses these, combined with implicit dependencies from\n template expressions, to build the execution DAG.\n\n Explicit depends_on is useful when there is a deployment-order dependency\n that is not captured by output references (e.g., cert-manager must be\n installed before any workload that uses TLS certificates)."},"outputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentOutput"},"title":"outputs","description":"Declared outputs for this component. For infrastructure components\n (Terraform), outputs are auto-discovered from the module and this field\n is ignored. For workload components, outputs must be declared here to\n be available for template expressions in other components.\n\n See ComponentOutput for examples."},"created_by":{"title":"created_by","description":"The user or agent who created this component (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the component was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the component was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"inputs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.component.v1.ComponentInput"},"title":"inputs","description":"Declared inputs this component consumes -- the symmetric half of outputs.\n Additive: the edge spec the impact-scoping work reads. Binding still flows\n through values_template today."},"target":{"title":"target","description":"Resolved placement: where this component deploys. Copied onto the component\n from the reviewed Change at deploy time (copy-not-link); the run snapshots\n it onto the revision. Exactly one shape is populated, by `kind`.","$ref":"#/components/schemas/admiral.component.v1.ComponentTarget"}},"title":"Component","additionalProperties":false,"description":"Component represents a named, deployable unit within an application+environment\n pair. It binds a module to a specific environment with configuration (values\n template) that maps variables and other component outputs into the module's\n expected inputs.\n\n Components are scoped to (application, environment): each environment has\n its own set of components. The same name may exist in multiple environments\n with different module/version/values, supporting both the uniform-fleet case\n (identical components stamped across envs) and the divergent case (Postgres\n in cluster for dev, managed service for prod).\n\n Components are the nodes in Admiral's dependency graph. Infrastructure\n components produce auto-discovered outputs (Terraform outputs). Workload\n components declare outputs explicitly. Other components consume these via\n template expressions. The run engine resolves this DAG to determine\n execution order.","example":{"id":"d4e5f6a7-8901-2bcd-ef34-567890123456","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","environment_id":"e5f6a7b8-9012-3cde-f456-789012345678","name":"api-server","description":"Main API server deployed via Helm chart.","kind":"COMPONENT_KIND_WORKLOAD","ref":"2.4.1","values_template":"{\"replicaCount\": \"{{ .var.REPLICA_COUNT }}\", \"image.tag\": \"{{ .var.IMAGE_TAG }}\"}","depends_on":["vpc","redis"],"target":{"agent_id":"1f2e3d4c-5b6a-7980-1234-567890abcdef","namespace":"inventory-staging"},"created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"created_at":"2025-09-16T09:00:00Z","updated_at":"2025-10-28T11:30:00Z"}},"admiral.component.v1.ComponentInput":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z][a-z0-9_]{0,62}$","description":"Input name. Must be a valid identifier (lowercase alphanumeric and\n underscores, e.g. \"database_url\", \"region\")."},"value_template":{"type":"string","title":"value_template","maxLength":4096,"minLength":1,"description":"Template expression that binds this input's value -- typically a reference\n to an environment variable or an upstream component's output, e.g.\n \"{{ .var.region }}\"\n \"{{ .component.db.outputs.connection_string }}\""},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the input's purpose."}},"title":"ComponentInput","additionalProperties":false,"description":"ComponentInput is the symmetric half of ComponentOutput: a declared input\n the component consumes, with the template expression that binds its value.\n The declared inputs are the edge spec of the dependency DAG -- they make\n impact scoping precise (which components reference a changed variable or an\n upstream output). Today component inputs are bound through the single\n values_template; this typed declaration is additive and is consumed by the\n impact-scoping work (see the execution-model doc, section 11)."},"admiral.component.v1.ComponentKind":{"type":"string","title":"ComponentKind","enum":["COMPONENT_KIND_UNSPECIFIED","COMPONENT_KIND_INFRASTRUCTURE","COMPONENT_KIND_WORKLOAD"],"description":"ComponentKind indicates whether the component provisions infrastructure\n or deploys workloads. This is derived from the referenced module's type but\n stored explicitly for filtering and to determine rendering and execution\n behavior."},"admiral.component.v1.ComponentOutput":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z][a-z0-9_]{0,62}$","description":"Output name used in template references. Must be a valid identifier\n (lowercase alphanumeric and underscores, e.g., \"service_host\",\n \"connection_string\"). Other components reference this as\n `{{ .component.. }}`."},"value_template":{"type":"string","title":"value_template","maxLength":4096,"minLength":1,"description":"Template expression that resolves to the output value after deployment.\n Can reference environment metadata and the component's own release info.\n\n Examples:\n \"{{ .release.name }}-redis-master.{{ .env.namespace }}.svc.cluster.local\"\n \"{{ .release.name }}-redis:6379\"\n \"http://{{ .release.name }}-grafana.{{ .env.namespace }}:3000\""},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the output's purpose."}},"title":"ComponentOutput","additionalProperties":false,"description":"ComponentOutput declares a named output value produced by a component.\n\n For infrastructure components (Terraform), outputs are auto-discovered from\n the module's output blocks and this field is ignored. Do not declare\n outputs manually for Terraform components.\n\n For workload components (Helm, Kustomize, manifests), outputs must be\n declared explicitly here to make them available for template expressions\n in other components (e.g., `{{ .component.cache.service_host }}`).\n\n Output values are template expressions resolved after the component is\n deployed. They typically reference well-known patterns from the deployed\n resources (e.g., Kubernetes service DNS names, ConfigMap keys)."},"admiral.component.v1.ComponentTarget":{"type":"object","properties":{"agent_id":{"type":"string","title":"agent_id","description":"The agent this component is placed on (UUID). A KUBERNETES agent for\n WORKLOAD components; a TERRAFORM agent for INFRASTRUCTURE components."},"namespace":{"type":"string","title":"namespace","description":"WORKLOAD only: the target namespace (defaults to the environment name\n when empty)."}},"title":"ComponentTarget","additionalProperties":false,"description":"ComponentTarget is a component's resolved placement on an agent, selected by\n the component's kind. Authored on a Changeset Change and copied onto the\n component (it is the source of truth at runtime, not the environment)."},"admiral.credential.v1.AuthConfig":{"type":"object","oneOf":[{"type":"object","properties":{"basic_auth":{"title":"basic_auth","$ref":"#/components/schemas/admiral.credential.v1.BasicAuth"}},"title":"basic_auth","required":["basic_auth"]},{"type":"object","properties":{"bearer_token":{"title":"bearer_token","$ref":"#/components/schemas/admiral.credential.v1.BearerTokenAuth"}},"title":"bearer_token","required":["bearer_token"]},{"type":"object","properties":{"ssh_key":{"title":"ssh_key","$ref":"#/components/schemas/admiral.credential.v1.SSHKeyAuth"}},"title":"ssh_key","required":["ssh_key"]}],"title":"AuthConfig","additionalProperties":false,"description":"AuthConfig is the polymorphic auth configuration attached to a Credential.\n Exactly one variant is populated, corresponding to the credential's type.\n Sensitive fields within each variant are write-only."},"admiral.credential.v1.BasicAuth":{"type":"object","properties":{"username":{"type":"string","title":"username","minLength":1,"description":"Username for authentication."},"password":{"type":"string","title":"password","description":"Password (or PAT / registry-scoped token / app password).\n Write-only: masked in responses.","writeOnly":true}},"title":"BasicAuth","additionalProperties":false,"description":"BasicAuth holds HTTP Basic credentials (username + password). Reused across\n any Source type that accepts HTTP Basic (Helm, OCI, HTTP archive, Git\n HTTPS)."},"admiral.credential.v1.BearerTokenAuth":{"type":"object","properties":{"token":{"type":"string","title":"token","description":"Token value.\n Write-only: masked in responses.","writeOnly":true}},"title":"BearerTokenAuth","additionalProperties":false,"description":"BearerTokenAuth holds a single token value. Presentation is per target\n protocol:\n - Terraform registries, Helm bearer, OCI bearer, HTTP archives:\n `Authorization: Bearer `\n - Git HTTPS (GitHub PAT, GitLab PAT): HTTP Basic with the token as\n password and a dummy username"},"admiral.credential.v1.CreateCredentialRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"github-org\", \"ecr-prod\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the credential's purpose."},"type":{"not":{"enum":["CREDENTIAL_TYPE_UNSPECIFIED"]},"title":"type","description":"The type of external system and authentication mechanism.","$ref":"#/components/schemas/admiral.credential.v1.CredentialType"},"auth_config":{"title":"auth_config","description":"Auth material corresponding to `type`.","$ref":"#/components/schemas/admiral.credential.v1.AuthConfig"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering credentials."}},"title":"CreateCredentialRequest","required":["name","type","auth_config"],"additionalProperties":false,"description":"CreateCredentialRequest contains the parameters for creating a new credential."},"admiral.credential.v1.CreateCredentialRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.credential.v1.CreateCredentialResponse":{"type":"object","properties":{"credential":{"title":"credential","description":"The created credential. Auth config sensitive fields are masked.","$ref":"#/components/schemas/admiral.credential.v1.Credential"}},"title":"CreateCredentialResponse","additionalProperties":false,"description":"CreateCredentialResponse contains the newly created credential."},"admiral.credential.v1.Credential":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the credential (UUID).","readOnly":true},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"github-org\", \"ecr-prod\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of what this credential is for\n (e.g., \"Read-only access to the platform team's GitHub org\")."},"type":{"title":"type","description":"(IMMUTABLE) The type of external system and authentication mechanism.\n Immutable after creation.","$ref":"#/components/schemas/admiral.credential.v1.CredentialType"},"auth_config":{"title":"auth_config","description":"Auth material corresponding to `type`. Sensitive fields are write-only\n and masked in responses.","$ref":"#/components/schemas/admiral.credential.v1.AuthConfig"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering credentials\n (e.g., `{\"team\": \"platform\", \"environment\": \"prod\"}`)."},"created_by":{"title":"created_by","description":"The user or agent who created this credential (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the credential was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the credential was last updated.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Credential","additionalProperties":false,"description":"Credential represents stored authentication configuration for accessing an\n external system. Credentials are tenant-scoped and referenced by sources\n when fetching artifacts.\n\n Sensitive fields within auth_config are write-only: accepted on create and\n update but never returned in API responses."},"admiral.credential.v1.Credential.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.credential.v1.CredentialType":{"type":"string","title":"CredentialType","enum":["CREDENTIAL_TYPE_UNSPECIFIED","CREDENTIAL_TYPE_SSH_KEY","CREDENTIAL_TYPE_BASIC_AUTH","CREDENTIAL_TYPE_BEARER_TOKEN"],"description":"CredentialType identifies the shape of the stored auth material (the\n mechanism), not the system it targets. The target system is determined by\n the Source that references the credential. One credential can be reused\n across multiple Sources of different types, provided the Source accepts\n that credential type (see the Source compatibility matrix)."},"admiral.credential.v1.DeleteCredentialRequest":{"type":"object","properties":{"credential_id":{"type":"string","title":"credential_id","format":"uuid","description":"The unique identifier of the credential to delete (UUID).\n Fails if any sources still reference this credential."}},"title":"DeleteCredentialRequest","required":["credential_id"],"additionalProperties":false,"description":"DeleteCredentialRequest identifies a credential to delete."},"admiral.credential.v1.DeleteCredentialResponse":{"type":"object","title":"DeleteCredentialResponse","additionalProperties":false,"description":"DeleteCredentialResponse is empty on success."},"admiral.credential.v1.GetCredentialRequest":{"type":"object","properties":{"credential_id":{"type":"string","title":"credential_id","format":"uuid","description":"The unique identifier of the credential (UUID)."}},"title":"GetCredentialRequest","required":["credential_id"],"additionalProperties":false,"description":"GetCredentialRequest identifies a credential to retrieve."},"admiral.credential.v1.GetCredentialResponse":{"type":"object","properties":{"credential":{"title":"credential","description":"The retrieved credential. Sensitive fields are masked.","$ref":"#/components/schemas/admiral.credential.v1.Credential"}},"title":"GetCredentialResponse","additionalProperties":false,"description":"GetCredentialResponse contains the credential record."},"admiral.credential.v1.ListCredentialsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by credential name.\n - `type`: filter by credential type (SSH_KEY, BASIC_AUTH, BEARER_TOKEN).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'BEARER_TOKEN'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of credentials to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListCredentialsRequest","additionalProperties":false,"description":"ListCredentialsRequest contains pagination and filter parameters."},"admiral.credential.v1.ListCredentialsResponse":{"type":"object","properties":{"credentials":{"type":"array","items":{"$ref":"#/components/schemas/admiral.credential.v1.Credential"},"title":"credentials","description":"The list of credentials. Sensitive fields are masked."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListCredentialsResponse","additionalProperties":false,"description":"ListCredentialsResponse contains a page of credentials."},"admiral.credential.v1.SSHKeyAuth":{"type":"object","properties":{"private_key":{"type":"string","title":"private_key","description":"PEM-encoded SSH private key.\n Write-only: masked in responses.","writeOnly":true},"passphrase":{"type":"string","title":"passphrase","description":"Optional passphrase for the private key.\n Write-only: masked in responses.","writeOnly":true}},"title":"SSHKeyAuth","additionalProperties":false,"description":"SSHKeyAuth holds an SSH private key and optional passphrase."},"admiral.credential.v1.UpdateCredentialRequest":{"type":"object","properties":{"credential":{"title":"credential","description":"The credential with updated fields.\n Only fields specified in `update_mask` are updated.\n\n When updating auth_config, the entire auth config is replaced.\n Omitting auth_config from the update_mask leaves credentials unchanged.","$ref":"#/components/schemas/admiral.credential.v1.Credential"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `auth_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateCredentialRequest","required":["credential"],"additionalProperties":false,"description":"UpdateCredentialRequest contains the credential fields to update."},"admiral.credential.v1.UpdateCredentialResponse":{"type":"object","properties":{"credential":{"title":"credential","description":"The updated credential. Sensitive fields are masked.","$ref":"#/components/schemas/admiral.credential.v1.Credential"}},"title":"UpdateCredentialResponse","additionalProperties":false,"description":"UpdateCredentialResponse contains the updated credential."},"admiral.environment.v1.CreateEnvironmentRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application to create this environment for (UUID)."},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod\", \"staging-us-east\").\n Unique within the application. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the environment's purpose."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering environments."}},"title":"CreateEnvironmentRequest","required":["application_id","name"],"additionalProperties":false,"description":"CreateEnvironmentRequest contains the parameters for creating a new environment."},"admiral.environment.v1.CreateEnvironmentRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.environment.v1.CreateEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The created environment.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"CreateEnvironmentResponse","additionalProperties":false,"description":"CreateEnvironmentResponse contains the newly created environment."},"admiral.environment.v1.DeleteEnvironmentRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment to delete (UUID)."},"force":{"type":"boolean","title":"force","description":"When true, bypass the children-exist check and cascade-delete all\n run records (metadata only)."}},"title":"DeleteEnvironmentRequest","required":["environment_id"],"additionalProperties":false,"description":"DeleteEnvironmentRequest identifies an environment to delete."},"admiral.environment.v1.DeleteEnvironmentResponse":{"type":"object","title":"DeleteEnvironmentResponse","additionalProperties":false,"description":"DeleteEnvironmentResponse is empty on success."},"admiral.environment.v1.Environment":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the environment (UUID).","readOnly":true},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this environment belongs to (UUID).","readOnly":true},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"prod\", \"staging-us-east\").\n Unique within the application. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the environment's purpose\n (e.g., \"US East production serving live traffic\" or\n \"Shared staging for QA validation before prod promotion\")."},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering environments\n (e.g., `{\"region\": \"us-east-1\", \"tier\": \"production\"}`)."},"has_pending_changes":{"type":"boolean","title":"has_pending_changes","description":"Whether the environment has configuration changes that have not yet been\n deployed. Server-derived by comparing current resolved config (variables,\n component settings, overrides, source versions) against the last\n successful run's snapshot. False if no successful run exists yet (a\n fresh environment with no runs returns false; use `last_deployed_at`\n to distinguish \"clean\" from \"never deployed\").","readOnly":true},"last_deployed_at":{"title":"last_deployed_at","description":"When the last successful run for this environment completed. Absent if\n no successful run has occurred yet.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"created_by":{"title":"created_by","description":"The user or agent who created this environment (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the environment was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the environment was last updated.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Environment","additionalProperties":false,"description":"Environment represents a named deployment target for an application\n (e.g., dev, staging, prod). Each environment carries its own configuration\n and variables; promotion between environments is explicit.","example":{"id":"e5f6a7b8-9012-3cde-f456-789012345678","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","name":"staging","description":"Shared staging environment for QA validation before production promotion.","labels":{"region":"us-east-1","tier":"staging"},"has_pending_changes":true,"last_deployed_at":"2025-11-01T09:15:00Z","created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"created_at":"2025-09-15T11:00:00Z","updated_at":"2025-11-02T14:30:00Z"}},"admiral.environment.v1.Environment.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.environment.v1.EnvironmentComponent":{"type":"object","properties":{"name":{"type":"string","title":"name","description":"Component name (stable identifier set at creation)."},"catalog_item_type":{"title":"catalog_item_type","description":"Engine type the component renders against (TERRAFORM, HELM, etc),\n denormalized from the component's own deploy spec.","$ref":"#/components/schemas/admiral.catalog.v1.CatalogItemType"},"ref":{"type":"string","title":"ref","description":"The git ref / version selector the component deploys."},"last_revision_id":{"type":"string","title":"last_revision_id","description":"ID of the last-succeeded revision for this component in this env, if\n any (UUID). Empty when the component has never reached SUCCEEDED."},"last_revision_status":{"title":"last_revision_status","description":"Status of the last revision (SUCCEEDED when populated). UNSPECIFIED\n means the component has no last-succeeded revision yet.","$ref":"#/components/schemas/admiral.run.v1.RevisionStatus"},"last_deployed_at":{"title":"last_deployed_at","description":"When the last-succeeded revision completed.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"EnvironmentComponent","additionalProperties":false,"description":"EnvironmentComponent is a denormalized view of a deployed component for\n `ListEnvironmentComponents`. It joins the component's HEAD with the\n component's last-succeeded revision so the CLI can render an at-a-glance\n status row without follow-up calls."},"admiral.environment.v1.GetEnvironmentRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The unique identifier of the environment (UUID)."}},"title":"GetEnvironmentRequest","required":["environment_id"],"additionalProperties":false,"description":"GetEnvironmentRequest identifies an environment to retrieve."},"admiral.environment.v1.GetEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The retrieved environment.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"GetEnvironmentResponse","additionalProperties":false,"description":"GetEnvironmentResponse contains the environment record."},"admiral.environment.v1.ListEnvironmentComponentsRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment whose components should be listed (UUID)."}},"title":"ListEnvironmentComponentsRequest","required":["environment_id"],"additionalProperties":false,"description":"ListEnvironmentComponentsRequest identifies the environment whose\n components should be listed."},"admiral.environment.v1.ListEnvironmentComponentsResponse":{"type":"object","properties":{"components":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.EnvironmentComponent"},"title":"components","description":"Active (not soft-deleted) components attached to the environment, sorted\n by name."}},"title":"ListEnvironmentComponentsResponse","additionalProperties":false,"description":"ListEnvironmentComponentsResponse returns every active component for the\n environment, ordered by name."},"admiral.environment.v1.ListEnvironmentVariablesRequest":{"type":"object","properties":{"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment whose variables should be listed (UUID)."},"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `key`: filter by variable key (supports prefix matching via ~=).\n - `sensitive`: filter by sensitivity flag.\n - `type`: filter by variable type (STRING, NUMBER, BOOLEAN, COMPLEX).\n - `source`: filter by source (USER, INFRASTRUCTURE).\n\n Example: `field['source'] = 'USER' AND field['sensitive'] = false`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of variables to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListEnvironmentVariablesRequest","required":["environment_id"],"additionalProperties":false,"description":"ListEnvironmentVariablesRequest contains the environment ID, filters, and\n pagination parameters."},"admiral.environment.v1.ListEnvironmentVariablesResponse":{"type":"object","properties":{"variables":{"type":"array","items":{"$ref":"#/components/schemas/admiral.variable.v1.Variable"},"title":"variables","description":"The variables scoped to this environment. Sensitive values are masked."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListEnvironmentVariablesResponse","additionalProperties":false,"description":"ListEnvironmentVariablesResponse contains a page of variables."},"admiral.environment.v1.ListEnvironmentsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: filter by parent application (UUID).\n - `name`: filter by environment name.\n - `labels.key`: filter by label key.\n\n Example: `field['application_id'] = '' AND field['name'] = 'prod'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of environments to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListEnvironmentsRequest","additionalProperties":false,"description":"ListEnvironmentsRequest contains pagination and filter parameters."},"admiral.environment.v1.ListEnvironmentsResponse":{"type":"object","properties":{"environments":{"type":"array","items":{"$ref":"#/components/schemas/admiral.environment.v1.Environment"},"title":"environments","description":"The list of environments."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListEnvironmentsResponse","additionalProperties":false,"description":"ListEnvironmentsResponse contains a page of environments."},"admiral.environment.v1.UpdateEnvironmentRequest":{"type":"object","properties":{"environment":{"title":"environment","description":"The environment with updated fields.\n Only fields specified in `update_mask` are updated.","$ref":"#/components/schemas/admiral.environment.v1.Environment"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateEnvironmentRequest","required":["environment"],"additionalProperties":false,"description":"UpdateEnvironmentRequest contains the environment fields to update."},"admiral.environment.v1.UpdateEnvironmentResponse":{"type":"object","properties":{"environment":{"title":"environment","description":"The updated environment.","$ref":"#/components/schemas/admiral.environment.v1.Environment"}},"title":"UpdateEnvironmentResponse","additionalProperties":false,"description":"UpdateEnvironmentResponse contains the updated environment."},"admiral.healthcheck.v1.HealthcheckResponse":{"type":"object","title":"HealthcheckResponse","additionalProperties":false,"description":"Empty response indicating the service is healthy."},"admiral.run.v1.ApplyRunRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to apply. UUID or `run-` display ID."},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing the apply (e.g., \"Approved by @martin\")."}},"title":"ApplyRunRequest","required":["run_id"],"additionalProperties":false,"description":"ApplyRunRequest transitions a planned run to apply phase."},"admiral.run.v1.ApplyRunResponse":{"type":"object","properties":{"run":{"title":"run","description":"The run with status advanced to APPLYING. Revisions that were\n PLANNED are now APPLYING.","$ref":"#/components/schemas/admiral.run.v1.Run"}},"title":"ApplyRunResponse","additionalProperties":false,"description":"ApplyRunResponse contains the run after apply jobs are dispatched."},"admiral.run.v1.ArtifactKind":{"type":"string","title":"ArtifactKind","enum":["ARTIFACT_KIND_UNSPECIFIED","ARTIFACT_KIND_SOURCE_BUNDLE","ARTIFACT_KIND_PLAN","ARTIFACT_KIND_MANIFEST_BUNDLE"],"description":"ArtifactKind types an artifact a phase produces or consumes."},"admiral.run.v1.ArtifactRef":{"type":"object","properties":{"kind":{"title":"kind","description":"The kind of artifact.","$ref":"#/components/schemas/admiral.run.v1.ArtifactKind"},"key":{"type":"string","title":"key","description":"Storage key (object-storage path) where the artifact bytes live."},"checksum":{"type":"string","title":"checksum","description":"SHA-256 checksum of the artifact for integrity verification. May be empty\n for artifacts not yet verified."}},"title":"ArtifactRef","additionalProperties":false,"description":"ArtifactRef addresses one artifact an execution produced: its kind, the\n storage key where the bytes live, and a checksum for fail-closed\n verification."},"admiral.run.v1.CancelRunRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run to cancel. UUID or `run-` display ID."},"reason":{"type":"string","title":"reason","maxLength":1024,"description":"Optional reason for cancellation."}},"title":"CancelRunRequest","required":["run_id"],"additionalProperties":false,"description":"CancelRunRequest cancels an in-progress run."},"admiral.run.v1.CancelRunResponse":{"type":"object","properties":{"run":{"title":"run","description":"The canceled run.","$ref":"#/components/schemas/admiral.run.v1.Run"}},"title":"CancelRunResponse","additionalProperties":false,"description":"CancelRunResponse contains the updated run."},"admiral.run.v1.ChangeSummary":{"type":"object","properties":{"creates":{"type":"integer","title":"creates","format":"int32","description":"Number of resources to be created."},"updates":{"type":"integer","title":"updates","format":"int32","description":"Number of resources to be updated in place."},"deletes":{"type":"integer","title":"deletes","format":"int32","description":"Number of resources to be deleted."},"noops":{"type":"integer","title":"noops","format":"int32","description":"Number of resources left unchanged (no-op)."}},"title":"ChangeSummary","additionalProperties":false,"description":"ChangeSummary is the normalized, executor-agnostic count of what an\n execution does: creates, updates, deletes, and no-ops. Every executor maps\n its native result onto this shape -- terraform's +/~/- plan counts and\n kubernetes server-side-apply created/configured/deleted."},"admiral.run.v1.CreateRunRequest":{"type":"object","properties":{"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application to run (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment (UUID)."},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing this run."},"source_run_id":{"type":"string","title":"source_run_id","description":"Optional: run from a prior run's configuration snapshots instead of\n from the current component HEAD. When set, each revision is seeded\n from the source run's revision for the same component (catalog_item_id,\n version, resolved_values, source_id, working_directory). This is the\n rollback mechanism: re-plan and re-apply a known-good configuration\n against the current infrastructure state."},"change_set_id":{"type":"string","title":"change_set_id","description":"Optional: run the entries and variable changes captured in a change\n set. When set, the component set and variable overlay are sourced from\n the change set instead of the application's full component list. The\n change set must be OPEN and target the same (application, environment)."}},"title":"CreateRunRequest","required":["application_id","environment_id"],"additionalProperties":false,"description":"CreateRunRequest triggers a new run."},"admiral.run.v1.CreateRunResponse":{"type":"object","properties":{"run":{"title":"run","description":"The created run. Status will be PENDING initially.","$ref":"#/components/schemas/admiral.run.v1.Run"}},"title":"CreateRunResponse","additionalProperties":false,"description":"CreateRunResponse contains the newly created run."},"admiral.run.v1.EngineOutput":{"type":"object","properties":{"value":{"type":"string","title":"value","description":"The output value, serialized as a string. Complex values (lists, maps)\n are JSON-encoded."},"type":{"type":"string","title":"type","description":"Engine type descriptor (e.g. \"string\", \"number\", \"list(string)\")."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether the executor marked this output as sensitive."}},"title":"EngineOutput","additionalProperties":false,"description":"EngineOutput is a single output value captured from an executor after a\n successful apply (e.g. `terraform output -json`). Engine-agnostic: the\n (value, type, sensitive) shape generalizes across executors. Lives in run/v1\n so it can be shared by the TERRAFORM and KUBERNETES agent report paths via\n ExecutionReport."},"admiral.run.v1.ExecutionReport":{"type":"object","properties":{"status":{"title":"status","description":"Terminal status of the phase.","$ref":"#/components/schemas/admiral.run.v1.ExecutionStatus"},"error_message":{"type":"string","title":"error_message","description":"Error message if the phase failed. Empty on success."},"summary":{"title":"summary","description":"Normalized change counts (create/update/delete/noop).","$ref":"#/components/schemas/admiral.run.v1.ChangeSummary"},"outputs":{"type":"object","title":"outputs","additionalProperties":{"title":"value","$ref":"#/components/schemas/admiral.run.v1.EngineOutput"},"description":"Outputs captured after a successful apply. Keys are output names."},"artifact":{"title":"artifact","description":"Optional reference to an artifact this phase produced (e.g. a terraform\n PLAN). Recorded into the revision's artifact set when present.","$ref":"#/components/schemas/admiral.run.v1.ArtifactRef"},"transcript":{"type":"string","title":"transcript","description":"The phase's human-readable execution log (e.g. terraform plan/apply\n output). Persisted as the phase transcript. (Interim: live log streaming\n moves to a dedicated channel in a later phase.)"},"detail":{"type":"string","title":"detail","format":"byte","description":"Opaque, per-executor richness, never branched on by the orchestration\n layer. JSON-encoded."}},"title":"ExecutionReport","additionalProperties":false,"description":"ExecutionReport is the executor-agnostic outcome of one revision phase --\n the single report shape every executor maps its native result onto. It\n supersedes the terraform-shaped JobResult and the kubernetes RevisionResult:\n the TERRAFORM and KUBERNETES agents both report via this message."},"admiral.run.v1.ExecutionReport.OutputsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"title":"value","$ref":"#/components/schemas/admiral.run.v1.EngineOutput"}},"title":"OutputsEntry","additionalProperties":false},"admiral.run.v1.ExecutionStatus":{"type":"string","title":"ExecutionStatus","enum":["EXECUTION_STATUS_UNSPECIFIED","EXECUTION_STATUS_SUCCEEDED","EXECUTION_STATUS_FAILED"],"description":"ExecutionStatus is the terminal outcome an executor reports for a phase.\n Non-terminal progress (RUNNING) is observed server-side, not reported here."},"admiral.run.v1.GetRevisionRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"The run. UUID or `run-` display ID."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision (UUID)."}},"title":"GetRevisionRequest","required":["run_id","revision_id"],"additionalProperties":false,"description":"GetRevisionRequest identifies a revision within a run."},"admiral.run.v1.GetRevisionResponse":{"type":"object","properties":{"revision":{"title":"revision","description":"The revision record with current status and artifacts.","$ref":"#/components/schemas/admiral.run.v1.Revision"}},"title":"GetRevisionResponse","additionalProperties":false,"description":"GetRevisionResponse contains the revision record."},"admiral.run.v1.GetRunRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run. Either a UUID or a `run-` display ID."}},"title":"GetRunRequest","required":["run_id"],"additionalProperties":false,"description":"GetRunRequest identifies a run to retrieve."},"admiral.run.v1.GetRunResponse":{"type":"object","properties":{"run":{"title":"run","description":"The run record with current status.","$ref":"#/components/schemas/admiral.run.v1.Run"}},"title":"GetRunResponse","additionalProperties":false,"description":"GetRunResponse contains the run record."},"admiral.run.v1.ListRevisionsRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"Identifier of the run. UUID or `run-` display ID."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of revisions to return per page. Defaults to 50 when\n omitted or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRevisionsRequest","required":["run_id"],"additionalProperties":false,"description":"ListRevisionsRequest lists all revisions for a run."},"admiral.run.v1.ListRevisionsResponse":{"type":"object","properties":{"revisions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.run.v1.Revision"},"title":"revisions","description":"The list of revisions, ordered by dependency graph (upstream first)."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRevisionsResponse","additionalProperties":false,"description":"ListRevisionsResponse contains all revisions for a run."},"admiral.run.v1.ListRunsRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `application_id`: runs for a specific application (UUID).\n - `environment_id`: runs to a specific environment (UUID).\n - `status`: filter by run status (PENDING, PLANNING, APPLYING, SUCCEEDED, ...).\n - `change_set_id`: runs for a specific change set (UUID).\n\n Example: `field['environment_id'] = '' AND field['status'] = 'SUCCEEDED'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of runs to return per page. Defaults to 50 when omitted or\n 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListRunsRequest","additionalProperties":false,"description":"ListRunsRequest contains pagination and filter parameters."},"admiral.run.v1.ListRunsResponse":{"type":"object","properties":{"runs":{"type":"array","items":{"$ref":"#/components/schemas/admiral.run.v1.Run"},"title":"runs","description":"The list of runs, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListRunsResponse","additionalProperties":false,"description":"ListRunsResponse contains a page of runs."},"admiral.run.v1.RetryRevisionRequest":{"type":"object","properties":{"run_id":{"type":"string","title":"run_id","minLength":1,"description":"The run. UUID or `run-` display ID."},"revision_id":{"type":"string","title":"revision_id","format":"uuid","description":"The revision to retry (UUID). Must be in FAILED status."}},"title":"RetryRevisionRequest","required":["run_id","revision_id"],"additionalProperties":false,"description":"RetryRevisionRequest retries a failed revision."},"admiral.run.v1.RetryRevisionResponse":{"type":"object","properties":{"revision":{"title":"revision","description":"The retried revision. Status resets and retry_count is incremented.\n Downstream revisions that were BLOCKED will automatically unblock\n if this revision succeeds.","$ref":"#/components/schemas/admiral.run.v1.Revision"}},"title":"RetryRevisionResponse","additionalProperties":false,"description":"RetryRevisionResponse contains the updated revision."},"admiral.run.v1.Revision":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the revision (UUID)."},"run_id":{"type":"string","title":"run_id","format":"uuid","description":"The run this revision belongs to (UUID)."},"component_id":{"type":"string","title":"component_id","format":"uuid","description":"The component this revision is for (UUID)."},"component_name":{"type":"string","title":"component_name","description":"Component name at the time of run (immutable semantic key)."},"kind":{"title":"kind","description":"Component kind at the time of run (after override resolution).","$ref":"#/components/schemas/admiral.run.v1.RevisionKind"},"status":{"title":"status","description":"Lifecycle status of this revision.","$ref":"#/components/schemas/admiral.run.v1.RevisionStatus"},"change_type":{"title":"change_type","description":"What type of change this revision represents relative to the previously\n deployed state.","$ref":"#/components/schemas/admiral.run.v1.RevisionChangeType"},"previous_revision_id":{"type":"string","title":"previous_revision_id","description":"The last succeeded revision for this (component, environment) at the\n time this revision was created. Null for CREATE revisions."},"source_id":{"type":"string","title":"source_id","description":"The source the module pointed to at the time of this revision (UUID).\n Snapshotted so a rollback can re-fetch from the original source even if\n the module's source binding is later edited. Execution today resolves\n fetch location through the live module; this field is the audit anchor."},"ref":{"type":"string","title":"ref","description":"The git ref / version selector deployed (the component's ref at snapshot)."},"resolved_values":{"type":"string","title":"resolved_values","description":"The resolved values template snapshot: the values_template with all\n variable references and component output references fully resolved.\n Stored for audit: shows exactly what inputs were used. Sensitive\n variable values are masked in API responses."},"depends_on":{"type":"array","items":{"type":"string"},"title":"depends_on","description":"Component IDs that this revision depends on. Populated from the resolved\n depends_on list plus implicit dependencies from template expressions."},"blocked_by":{"type":"array","items":{"type":"string"},"title":"blocked_by","description":"Component IDs that are blocking this revision. Only populated when\n status is BLOCKED; indicates which upstream components failed."},"plan_summary":{"title":"plan_summary","description":"The normalized change counts (creates/updates/deletes/noops) this\n revision's plan computed. Populated after planning. Engine-agnostic.","$ref":"#/components/schemas/admiral.run.v1.ChangeSummary"},"available_phases":{"type":"array","items":{"$ref":"#/components/schemas/admiral.run.v1.RevisionPhase"},"title":"available_phases","description":"Phase labels for which a transcript has been stored, in the order they\n ran. Populated as each phase completes (a revision that planned and then\n applied carries `[REVISION_PHASE_PLAN, REVISION_PHASE_APPLY]`). Fetch a\n phase's transcript via\n `GET /api/v1/runs/{run_id}/revisions/{revision_id}/{phase}`."},"error_message":{"type":"string","title":"error_message","description":"Error message if the revision failed. Empty on success."},"retry_count":{"type":"integer","title":"retry_count","format":"int32","description":"Number of retry attempts. Starts at 0 for the initial attempt."},"started_at":{"title":"started_at","description":"When the revision started execution (transitioned from PENDING/QUEUED).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"completed_at":{"title":"completed_at","description":"When the revision finished (succeeded, failed, or canceled).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"working_directory":{"type":"string","title":"working_directory","description":"Subdirectory within the delivered archive where the executor runs.\n Empty means the archive root. Populated from the catalog item's path field\n at snapshot time so that relative references resolve correctly."},"created_at":{"title":"created_at","description":"When the revision was created (same as run created_at).","$ref":"#/components/schemas/google.protobuf.Timestamp"},"resolved_commit":{"type":"string","title":"resolved_commit","description":"The concrete commit this revision resolved its ref to and pinned -- the\n reproducibility anchor. `ref` is the intent (e.g. `main`); this is what\n actually deployed. Populated when resolution is wired (a later WP)."},"type":{"type":"string","title":"type","description":"The deploy/engine type this revision runs (TERRAFORM/HELM/KUSTOMIZE/\n MANIFEST), denormalized from the component at snapshot. Selects the\n executor: the orchestration layer routes by this type, not by kind."}},"title":"Revision","additionalProperties":false,"description":"$78"},"admiral.run.v1.RevisionChangeType":{"type":"string","title":"RevisionChangeType","enum":["REVISION_CHANGE_TYPE_UNSPECIFIED","REVISION_CHANGE_TYPE_CREATE","REVISION_CHANGE_TYPE_UPDATE","REVISION_CHANGE_TYPE_DESTROY","REVISION_CHANGE_TYPE_RECREATE","REVISION_CHANGE_TYPE_IMPORT","REVISION_CHANGE_TYPE_NO_CHANGE"],"description":"RevisionChangeType classifies the change a revision represents relative to\n the previously deployed state for the same component."},"admiral.run.v1.RevisionKind":{"type":"string","title":"RevisionKind","enum":["REVISION_KIND_UNSPECIFIED","REVISION_KIND_INFRASTRUCTURE","REVISION_KIND_WORKLOAD"],"description":"RevisionKind mirrors ComponentKind but is stored on the revision to capture\n the effective kind at run time (may differ from the component default\n if an environment override changed the source type)."},"admiral.run.v1.RevisionPhase":{"type":"string","title":"RevisionPhase","enum":["REVISION_PHASE_UNSPECIFIED","REVISION_PHASE_PLAN","REVISION_PHASE_APPLY"],"description":"RevisionPhase labels which phase of a revision's lifecycle produced a\n retrievable transcript. Plan and apply are the only phases today; future\n phases (e.g., import) extend this enum without changing the storage shape."},"admiral.run.v1.RevisionStatus":{"type":"string","title":"RevisionStatus","enum":["REVISION_STATUS_UNSPECIFIED","REVISION_STATUS_PENDING","REVISION_STATUS_QUEUED","REVISION_STATUS_PLANNING","REVISION_STATUS_PLANNED","REVISION_STATUS_APPLYING","REVISION_STATUS_SUCCEEDED","REVISION_STATUS_FAILED","REVISION_STATUS_BLOCKED","REVISION_STATUS_CANCELED","REVISION_STATUS_SUPERSEDED","REVISION_STATUS_DEFERRED","REVISION_STATUS_STALE","REVISION_STATUS_AWAITING_APPROVAL"],"description":"RevisionStatus represents the lifecycle status of a single component\n revision within a run."},"admiral.run.v1.RevisionSummary":{"type":"object","properties":{"total":{"type":"integer","title":"total","format":"int32","description":"Total number of component revisions in this run."},"succeeded":{"type":"integer","title":"succeeded","format":"int32","description":"Number of revisions that completed successfully."},"failed":{"type":"integer","title":"failed","format":"int32","description":"Number of revisions that failed."},"blocked":{"type":"integer","title":"blocked","format":"int32","description":"Number of revisions that are blocked by upstream failures."},"running":{"type":"integer","title":"running","format":"int32","description":"Number of revisions currently running (planning or applying)."},"canceled":{"type":"integer","title":"canceled","format":"int32","description":"Number of revisions that were canceled."},"pending":{"type":"integer","title":"pending","format":"int32","description":"Number of revisions that have not started yet."}},"title":"RevisionSummary","additionalProperties":false,"description":"RevisionSummary provides aggregate counts of revision statuses within a\n run, enabling quick status display without loading all revisions."},"admiral.run.v1.Run":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the run (UUID)."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application being deployed (UUID)."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The target environment (UUID)."},"status":{"title":"status","description":"Composite status derived from all component revisions.","$ref":"#/components/schemas/admiral.run.v1.RunStatus"},"triggered_by":{"title":"triggered_by","description":"The user or agent that triggered the run (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"message":{"type":"string","title":"message","maxLength":1024,"description":"Optional message describing the run (e.g., \"Deploying v2.1.0\n with new caching layer\" or \"Rolling back to stable after API errors\")."},"source_run_id":{"type":"string","title":"source_run_id","description":"If this run was created as a rollback from a prior run, this field\n contains the source run's UUID. Empty for normal runs."},"change_set_id":{"type":"string","title":"change_set_id","description":"The changeset that was deployed (UUID). Absent for pre-changeset runs\n and reconcile (no-changeset) runs."},"revision_summary":{"title":"revision_summary","description":"Summary counts for quick status display.","$ref":"#/components/schemas/admiral.run.v1.RevisionSummary"},"completed_at":{"title":"completed_at","description":"When the run finished (all revisions completed, failed, or canceled).\n Absent while the run is in progress.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"display_id":{"type":"string","title":"display_id","description":"Typed display identifier of the form `run-<12-char-suffix>` (e.g.,\n `run-3k7m9p2q4rvw`). Server-generated, indexed, and stable. Prefer this\n over `id` for user-facing references; lookups accept either form."},"application_name":{"type":"string","title":"application_name","description":"Display name of the parent application. Denormalized for display.\n Read-only; ignored on writes."},"environment_name":{"type":"string","title":"environment_name","description":"Display name of the parent environment. Denormalized for display.\n Read-only; ignored on writes."},"change_set_display_id":{"type":"string","title":"change_set_display_id","description":"Display ID of the changeset this run deployed (`cs-`).\n Denormalized for display. Empty when `change_set_id` is empty\n (pre-changeset runs, reconcile runs). Read-only."},"change_set_title":{"type":"string","title":"change_set_title","description":"Title of the changeset this run deployed. Denormalized for display.\n Empty when `change_set_id` is empty. Read-only."},"created_at":{"title":"created_at","description":"When the run was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Run","additionalProperties":false,"description":"Run represents a single execution against an application+environment.\n Each run produces one Revision per component. The run tracks the composite\n status across all revisions and provides the audit trail for what was\n executed, when, and by whom.\n\n Run records are immutable once created. There is no UpdateRun RPC and no\n `updated_at` field. The composite `status`, `revision_summary`, and\n `completed_at` fields are server-maintained as revisions progress;\n everything else is fixed at creation time. To change what is deployed,\n create a new run.","example":{"id":"7e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b","display_id":"run-3k7m9p2q4rvw","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","environment_id":"e5f6a7b8-9012-3cde-f456-789012345678","status":"RUN_STATUS_SUCCEEDED","message":"Deploy v2.4.1 with updated ingress rules","triggered_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"revision_summary":{"total":3,"succeeded":3},"created_at":"2025-11-20T14:00:00Z","completed_at":"2025-11-20T14:12:00Z"}},"admiral.run.v1.RunStatus":{"type":"string","title":"RunStatus","enum":["RUN_STATUS_UNSPECIFIED","RUN_STATUS_PENDING","RUN_STATUS_QUEUED","RUN_STATUS_PLANNING","RUN_STATUS_PLANNED","RUN_STATUS_APPLYING","RUN_STATUS_SUCCEEDED","RUN_STATUS_PARTIALLY_FAILED","RUN_STATUS_FAILED","RUN_STATUS_CANCELED","RUN_STATUS_SUPERSEDED","RUN_STATUS_STALE","RUN_STATUS_AWAITING_APPROVAL"],"description":"RunStatus represents the composite status of a run, derived from the\n statuses of all its component revisions."},"admiral.source.v1.CreateSourceRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"corporate-rds\", \"nginx-chart\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the source's purpose."},"type":{"not":{"enum":["SOURCE_TYPE_UNSPECIFIED"]},"title":"type","description":"The kind of artifact and fetch protocol.","$ref":"#/components/schemas/admiral.source.v1.SourceType"},"url":{"type":"string","title":"url","minLength":1,"description":"Base URL for the source (see Source.url for per-type semantics)."},"credential_id":{"type":["string","null"],"title":"credential_id","format":"uuid","description":"Reference to the credential providing authentication (UUID). Optional for\n public sources."},"source_config":{"title":"source_config","description":"Type-specific configuration. Only required for TERRAFORM and HELM;\n omit for GIT, OCI, HTTP.","$ref":"#/components/schemas/admiral.source.v1.SourceConfig"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels."}},"title":"CreateSourceRequest","required":["name","type","url"],"additionalProperties":false,"description":"CreateSourceRequest contains the parameters for creating a new source."},"admiral.source.v1.CreateSourceRequest.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.source.v1.CreateSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The created source.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"CreateSourceResponse","additionalProperties":false,"description":"CreateSourceResponse contains the newly created source."},"admiral.source.v1.DeleteSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to delete (UUID).\n Fails if any components still reference this source."}},"title":"DeleteSourceRequest","required":["source_id"],"additionalProperties":false,"description":"DeleteSourceRequest identifies a source to delete."},"admiral.source.v1.DeleteSourceResponse":{"type":"object","title":"DeleteSourceResponse","additionalProperties":false,"description":"DeleteSourceResponse is empty on success."},"admiral.source.v1.GetSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source (UUID)."}},"title":"GetSourceRequest","required":["source_id"],"additionalProperties":false,"description":"GetSourceRequest identifies a source to retrieve."},"admiral.source.v1.GetSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The retrieved source.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"GetSourceResponse","additionalProperties":false,"description":"GetSourceResponse contains the source record."},"admiral.source.v1.HelmConfig":{"type":"object","properties":{"chart_name":{"type":"string","title":"chart_name","minLength":1,"description":"The chart name within the repository (e.g., \"nginx-ingress\", \"redis\")."}},"title":"HelmConfig","required":["chart_name"],"additionalProperties":false,"description":"HelmConfig identifies which chart within a Helm HTTP repository the source\n points to. A single Helm repository hosts many charts; the chart name\n selects one."},"admiral.source.v1.ListSourceVersionsRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to query versions for (UUID)."},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of versions to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token for fetching additional versions."}},"title":"ListSourceVersionsRequest","required":["source_id"],"additionalProperties":false,"description":"ListSourceVersionsRequest queries available versions for a source."},"admiral.source.v1.ListSourceVersionsResponse":{"type":"object","properties":{"versions":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.SourceVersion"},"title":"versions","description":"Available versions, ordered from newest to oldest."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListSourceVersionsResponse","additionalProperties":false,"description":"ListSourceVersionsResponse contains available versions from the external system."},"admiral.source.v1.ListSourcesRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by source name.\n - `type`: filter by source type (GIT, TERRAFORM, HELM, OCI, HTTP).\n - `labels.key`: filter by label key.\n\n Example: `field['type'] = 'TERRAFORM' AND field['labels.team'] = 'platform'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of sources to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListSourcesRequest","additionalProperties":false,"description":"ListSourcesRequest contains pagination and filter parameters."},"admiral.source.v1.ListSourcesResponse":{"type":"object","properties":{"sources":{"type":"array","items":{"$ref":"#/components/schemas/admiral.source.v1.Source"},"title":"sources","description":"The list of sources."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListSourcesResponse","additionalProperties":false,"description":"ListSourcesResponse contains a page of sources."},"admiral.source.v1.Source":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the source (UUID).","readOnly":true},"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier (e.g., \"corporate-rds\", \"nginx-chart\").\n Unique within the tenant. Lowercase alphanumeric and hyphens only, must\n start with a letter and end with an alphanumeric character (1-63 chars)."},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional longer-form description of the source's purpose\n (e.g., \"Corporate-approved RDS module with encryption and backups\")."},"type":{"title":"type","description":"(IMMUTABLE) The kind of artifact and fetch protocol. Immutable after creation.","$ref":"#/components/schemas/admiral.source.v1.SourceType"},"url":{"type":"string","title":"url","minLength":1,"description":"Base URL for the source. The meaning varies by source type:\n - GIT: Git repo URL (https:// or git@host:...)\n - TERRAFORM: registry hostname (e.g., \"registry.terraform.io\")\n - HELM: chart repo URL (e.g., \"https://charts.bitnami.com/bitnami\")\n - OCI: OCI repository URL (e.g., \"oci://ghcr.io/myorg/charts/my-app\")\n - HTTP: full HTTP(S) URL to the archive (tar/zip). Covers plain\n HTTP hosts and presigned S3/GCS/Azure Blob URLs."},"credential_id":{"type":["string","null"],"title":"credential_id","format":"uuid","description":"Reference to the credential providing authentication for this source (UUID).\n Optional. Null for public sources that require no authentication\n (e.g., public Terraform registry, public Helm repos)."},"source_config":{"title":"source_config","description":"Type-specific configuration. Only set for source types whose location is\n not fully expressed by `url` alone (currently TERRAFORM and HELM, which\n both host multiple artifacts and need a selector). Other source types\n (GIT, OCI, HTTP) carry all location information in `url`.","$ref":"#/components/schemas/admiral.source.v1.SourceConfig"},"labels":{"type":"object","title":"labels","maxProperties":64,"additionalProperties":{"type":"string","title":"value","maxLength":256},"description":"Arbitrary key-value labels for organizing and filtering sources\n (e.g., `{\"team\": \"platform\", \"category\": \"database\"}`)."},"last_test_status":{"title":"last_test_status","description":"Outcome of the most recent TestSource invocation. Reflects whether the\n attached credential successfully authenticated against `url` the last time\n a test was run. UNSPECIFIED if the source has never been tested.","readOnly":true,"$ref":"#/components/schemas/admiral.source.v1.SourceTestStatus"},"last_test_error":{"type":"string","title":"last_test_error","description":"Human-readable error message from the most recent failed TestSource.\n Empty when `last_test_status` is SUCCESS or unset.","readOnly":true},"last_tested_at":{"title":"last_tested_at","description":"When TestSource was last explicitly invoked against this source. Absent if\n never tested. This reflects the last on-demand test, not the last time the\n source was used in a deployment fetch/render.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"credential_name":{"type":"string","title":"credential_name","description":"Display name of the attached credential. Denormalized for display.\n Empty when `credential_id` is unset (public sources).","readOnly":true},"created_by":{"title":"created_by","description":"The user or agent who created this source (server-populated from token).","readOnly":true,"$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the source was created.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the source was last updated.","readOnly":true,"$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Source","additionalProperties":false,"description":"Source represents a fetchable artifact definition: a pointer to an external\n module, chart, or manifest set that Admiral can fetch, inspect, and render\n into deployment snapshots.\n\n Sources are tenant-scoped.","example":{"id":"f6a7b8c9-0123-4def-5678-901234567890","name":"nginx-ingress","description":"NGINX Ingress Controller Helm chart from the official repository.","type":"SOURCE_TYPE_HELM","url":"https://kubernetes.github.io/ingress-nginx","source_config":{"helm":{"chart_name":"ingress-nginx"}},"labels":{"category":"networking","team":"platform"},"last_test_status":"SOURCE_TEST_STATUS_SUCCESS","last_tested_at":"2025-11-01T08:00:00Z","created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"created_at":"2025-08-01T12:00:00Z","updated_at":"2025-10-20T09:00:00Z"}},"admiral.source.v1.Source.LabelsEntry":{"type":"object","properties":{"key":{"type":"string","title":"key"},"value":{"type":"string","title":"value"}},"title":"LabelsEntry","additionalProperties":false},"admiral.source.v1.SourceConfig":{"type":"object","oneOf":[{"type":"object","properties":{"helm":{"title":"helm","description":"Helm HTTP repository config (for SOURCE_TYPE_HELM).","$ref":"#/components/schemas/admiral.source.v1.HelmConfig"}},"title":"helm","required":["helm"]},{"type":"object","properties":{"terraform":{"title":"terraform","description":"Terraform Registry Protocol config (for SOURCE_TYPE_TERRAFORM).","$ref":"#/components/schemas/admiral.source.v1.TerraformConfig"}},"title":"terraform","required":["terraform"]}],"title":"SourceConfig","additionalProperties":false,"description":"SourceConfig is the type-specific configuration attached to a Source. Only\n source types whose location is not fully expressed by `url` alone (TERRAFORM,\n HELM) populate a variant. Source types whose URL is self-contained (GIT, OCI,\n HTTP) leave this message unset."},"admiral.source.v1.SourceRefKind":{"type":"string","title":"SourceRefKind","enum":["SOURCE_REF_KIND_UNSPECIFIED","SOURCE_REF_KIND_TAG","SOURCE_REF_KIND_BRANCH","SOURCE_REF_KIND_SEMVER","SOURCE_REF_KIND_DIGEST"],"description":"SourceRefKind classifies a discovered ref by what it is, so a single\n version list can carry branches, tags, and registry versions together and\n the consumer can bucket them. The kind also signals mutability: BRANCH is a\n moving pointer that re-resolves over time, while TAG, SEMVER, and DIGEST are\n conventionally stable."},"admiral.source.v1.SourceTestStatus":{"type":"string","title":"SourceTestStatus","enum":["SOURCE_TEST_STATUS_UNSPECIFIED","SOURCE_TEST_STATUS_SUCCESS","SOURCE_TEST_STATUS_FAILURE"],"description":"SourceTestStatus reports the outcome of the last TestSource invocation."},"admiral.source.v1.SourceType":{"type":"string","title":"SourceType","enum":["SOURCE_TYPE_UNSPECIFIED","SOURCE_TYPE_GIT","SOURCE_TYPE_TERRAFORM","SOURCE_TYPE_HELM","SOURCE_TYPE_OCI","SOURCE_TYPE_HTTP"],"description":"SourceType identifies the fetch protocol: how Admiral's Fetcher layer\n retrieves content from the source URL. Types are carved by wire protocol,\n not by content semantics. \"This is a Terraform module\" vs \"this is a Helm\n chart\" is a Catalog/Component concern, not a Source concern."},"admiral.source.v1.SourceVersion":{"type":"object","properties":{"version":{"type":"string","title":"version","description":"Version identifier. For registry sources, this is a semver string\n (e.g., \"1.2.3\"). For Git sources, this is a branch or tag name\n (e.g., \"main\", \"v1.2.3\"). For OCI, this is a tag."},"published_at":{"title":"published_at","description":"When this version was published or tagged. May not be available for all\n source types.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"description":{"type":"string","title":"description","description":"Optional description or release notes for this version. Typically only\n available from registry sources."},"kind":{"title":"kind","description":"What kind of ref this is. Lets a single list carry mixed kinds (branches,\n tags, registry versions) so consumers can bucket them.","$ref":"#/components/schemas/admiral.source.v1.SourceRefKind"},"resolved":{"type":"string","title":"resolved","description":"The immutable handle this ref currently points to: a Git commit SHA for\n BRANCH and TAG, an OCI digest for a tag. Empty when not applicable (registry\n SEMVER, where `version` is already the immutable identifier) or not cheaply\n resolvable. For a BRANCH this is a snapshot that changes as the branch\n moves; pinning by `resolved` captures an exact, reproducible point."}},"title":"SourceVersion","additionalProperties":false,"description":"SourceVersion represents an available ref of a source artifact, as reported\n by the external system (registry versions, Git branches and tags, OCI tags)."},"admiral.source.v1.TerraformConfig":{"type":"object","properties":{"namespace":{"type":"string","title":"namespace","minLength":1,"description":"Module namespace in the registry (e.g., \"hashicorp\", \"myorg\")."},"module_name":{"type":"string","title":"module_name","minLength":1,"description":"Module name in the registry (e.g., \"consul\", \"rds\")."},"system":{"type":"string","title":"system","minLength":1,"description":"Target system / provider (e.g., \"aws\", \"azurerm\", \"google\")."}},"title":"TerraformConfig","required":["namespace","module_name","system"],"additionalProperties":false,"description":"TerraformConfig identifies a module within a Terraform registry."},"admiral.source.v1.TestSourceRequest":{"type":"object","properties":{"source_id":{"type":"string","title":"source_id","format":"uuid","description":"Unique identifier of the source to test (UUID)."}},"title":"TestSourceRequest","required":["source_id"],"additionalProperties":false,"description":"TestSourceRequest identifies a source to test."},"admiral.source.v1.TestSourceResponse":{"type":"object","properties":{"status":{"title":"status","description":"The outcome of the test.","$ref":"#/components/schemas/admiral.source.v1.SourceTestStatus"},"error":{"type":"string","title":"error","description":"Human-readable error message when `status` is FAILURE. Empty on success."},"source":{"title":"source","description":"The source with test status fields refreshed.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"TestSourceResponse","additionalProperties":false,"description":"TestSourceResponse reports the outcome of the test against the external\n system. The same outcome is persisted on the Source (`last_test_status`,\n `last_test_error`, `last_tested_at`)."},"admiral.source.v1.UpdateSourceRequest":{"type":"object","properties":{"source":{"title":"source","description":"The source with updated fields. Only fields specified in `update_mask`\n are updated.","$ref":"#/components/schemas/admiral.source.v1.Source"},"update_mask":{"title":"update_mask","description":"The set of fields to update. Optional; if omitted, all populated fields\n are updated. Pass `*` for full replacement. Supported fields: `name`,\n `description`, `url`, `credential_id`, `source_config`, `labels`.","$ref":"#/components/schemas/google.protobuf.FieldMask"}},"title":"UpdateSourceRequest","required":["source"],"additionalProperties":false,"description":"UpdateSourceRequest contains the source fields to update."},"admiral.source.v1.UpdateSourceResponse":{"type":"object","properties":{"source":{"title":"source","description":"The updated source.","$ref":"#/components/schemas/admiral.source.v1.Source"}},"title":"UpdateSourceResponse","additionalProperties":false,"description":"UpdateSourceResponse contains the updated source."},"admiral.user.v1.CreatePersonalAccessTokenRequest":{"type":"object","properties":{"name":{"type":"string","title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"URL-safe, human-readable identifier for the token (e.g., \"postman-testing\").\n Unique per user within the tenant. Lowercase alphanumeric and hyphens only,\n must start with a letter and end with an alphanumeric character (1-63 chars)."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"The scopes to grant this token. Must be valid scopes allowed for PATs.\n The server enforces that issued scopes are a subset of the caller's own\n scopes. A token cannot grant more access than the user holds."},"expires_at":{"title":"expires_at","description":"Optional expiration time. If unset, the token does not expire.\n Tenant policies may enforce a maximum lifetime.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"CreatePersonalAccessTokenRequest","required":["name"],"additionalProperties":false,"description":"CreatePersonalAccessTokenRequest contains the parameters for creating a new PAT."},"admiral.user.v1.CreatePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The created token metadata.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"plain_text_token":{"type":"string","title":"plain_text_token","description":"The raw token secret (e.g., \"admp_7kH3mNqR2xFb...\"). This value is\n shown exactly once and cannot be retrieved again. Store it securely."}},"title":"CreatePersonalAccessTokenResponse","additionalProperties":false,"description":"CreatePersonalAccessTokenResponse contains the newly created PAT."},"admiral.user.v1.GetMeRequest":{"type":"object","title":"GetMeRequest","additionalProperties":false,"description":"GetMeRequest is the request message for GetMe.\n No parameters are required as the user is identified by the auth token."},"admiral.user.v1.GetMeResponse":{"type":"object","properties":{"user":{"title":"user","description":"The user profile.","$ref":"#/components/schemas/admiral.user.v1.User"}},"title":"GetMeResponse","additionalProperties":false,"description":"GetMeResponse contains the authenticated user's profile."},"admiral.user.v1.GetPersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token (UUID)."}},"title":"GetPersonalAccessTokenRequest","required":["token_id"],"additionalProperties":false,"description":"GetPersonalAccessTokenRequest identifies a PAT to retrieve."},"admiral.user.v1.GetPersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata. The token secret is never included.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"GetPersonalAccessTokenResponse","additionalProperties":false,"description":"GetPersonalAccessTokenResponse contains the requested PAT metadata."},"admiral.user.v1.GetUserRequest":{"type":"object","properties":{"user_id":{"type":"string","title":"user_id","format":"uuid","description":"The unique identifier of the user (UUID)."}},"title":"GetUserRequest","required":["user_id"],"additionalProperties":false,"description":"GetUserRequest identifies a user to retrieve by ID."},"admiral.user.v1.GetUserResponse":{"type":"object","properties":{"user":{"title":"user","description":"The user profile.","$ref":"#/components/schemas/admiral.user.v1.User"}},"title":"GetUserResponse","additionalProperties":false,"description":"GetUserResponse contains the requested user's profile."},"admiral.user.v1.ListPersonalAccessTokensRequest":{"type":"object","properties":{"filter":{"type":"string","title":"filter","maxLength":1024,"description":"Filter expression to narrow results. Uses the Admiral filter DSL (see the\n API documentation for the full operator and predicate reference).\n\n Filterable fields:\n - `name`: filter by token name.\n - `status`: filter by token status (ACTIVE, REVOKED).\n\n Example: `field['status'] = 'ACTIVE'`"},"page_size":{"type":"integer","title":"page_size","maximum":100,"minimum":0,"format":"int32","description":"Maximum number of tokens to return per page. Defaults to 50 when omitted\n or 0; must not exceed 100."},"page_token":{"type":"string","title":"page_token","description":"Opaque pagination token from a previous response."}},"title":"ListPersonalAccessTokensRequest","additionalProperties":false,"description":"ListPersonalAccessTokensRequest contains pagination and filter parameters."},"admiral.user.v1.ListPersonalAccessTokensResponse":{"type":"object","properties":{"access_tokens":{"type":"array","items":{"$ref":"#/components/schemas/admiral.common.v1.AccessToken"},"title":"access_tokens","description":"The list of tokens. Token secrets are never included."},"next_page_token":{"type":"string","title":"next_page_token","description":"Pagination token for the next page. Empty when there are no more results."}},"title":"ListPersonalAccessTokensResponse","additionalProperties":false,"description":"ListPersonalAccessTokensResponse contains a page of PAT metadata."},"admiral.user.v1.RevokePersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to revoke (UUID)."}},"title":"RevokePersonalAccessTokenRequest","required":["token_id"],"additionalProperties":false,"description":"RevokePersonalAccessTokenRequest identifies a PAT to revoke."},"admiral.user.v1.RevokePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The token metadata with updated status.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"RevokePersonalAccessTokenResponse","additionalProperties":false,"description":"RevokePersonalAccessTokenResponse contains the revoked PAT metadata."},"admiral.user.v1.UpdatePersonalAccessTokenRequest":{"type":"object","properties":{"token_id":{"type":"string","title":"token_id","format":"uuid","description":"The unique identifier of the token to update (UUID)."},"name":{"type":["string","null"],"title":"name","maxLength":63,"minLength":1,"pattern":"^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$","description":"New name for the token. Must follow the same naming rules as creation.\n Omit to leave the name unchanged."},"scopes":{"type":"array","items":{"type":"string","maxLength":64,"minLength":1},"title":"scopes","maxItems":255,"description":"New scopes for the token. Replaces all existing scopes.\n The server enforces that issued scopes are a subset of the caller's own\n scopes. A token cannot grant more access than the user holds.\n Omit to leave scopes unchanged."}},"title":"UpdatePersonalAccessTokenRequest","required":["token_id"],"additionalProperties":false,"description":"UpdatePersonalAccessTokenRequest contains the fields to update on a PAT.\n Only provided fields are updated; omitted fields remain unchanged."},"admiral.user.v1.UpdatePersonalAccessTokenResponse":{"type":"object","properties":{"access_token":{"title":"access_token","description":"The updated token metadata.","$ref":"#/components/schemas/admiral.common.v1.AccessToken"}},"title":"UpdatePersonalAccessTokenResponse","additionalProperties":false,"description":"UpdatePersonalAccessTokenResponse contains the updated PAT metadata."},"admiral.user.v1.User":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the user (UUID)."},"email":{"type":"string","title":"email","description":"User's email address."},"email_verified":{"type":"boolean","title":"email_verified","description":"Whether the email has been verified by the IdP."},"display_name":{"type":["string","null"],"title":"display_name","description":"User's display name for UI purposes."},"given_name":{"type":["string","null"],"title":"given_name","description":"User's given (first) name."},"family_name":{"type":["string","null"],"title":"family_name","description":"User's family (last) name."},"avatar_url":{"type":["string","null"],"title":"avatar_url","description":"URL to the user's avatar image."},"created_at":{"title":"created_at","description":"When the user was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the user was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"User","additionalProperties":false,"description":"User represents a user's profile information.","example":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","email":"alex.chen@example.com","display_name":"Alex Chen","given_name":"Alex","family_name":"Chen","avatar_url":"https://avatars.example.com/alex-chen.jpg","created_at":"2025-06-01T09:00:00Z","updated_at":"2025-11-15T11:00:00Z"}},"admiral.variable.v1.Variable":{"type":"object","properties":{"id":{"type":"string","title":"id","format":"uuid","description":"Unique identifier for the variable (UUID)."},"key":{"type":"string","title":"key","maxLength":63,"minLength":1,"pattern":"^[A-Za-z_][A-Za-z0-9_.]{0,62}$","description":"The variable name. For user-created variables, must be a valid\n environment variable identifier (e.g., \"DATABASE_URL\", \"API_KEY\").\n Infrastructure output variables use dot-namespaced keys\n (e.g., \"vpc.vpc_id\", \"database.endpoint\") and are system-managed."},"value":{"type":"string","title":"value","description":"The variable value. Always stored as a string; use `type` to indicate\n how to interpret it. Masked or empty for sensitive variables in responses.\n\n For COMPLEX type, this is a JSON-encoded string (e.g., '[\"a\",\"b\"]' or\n '{\"key\":\"value\"}'). The rendering engine converts it to the target format\n (HCL for Terraform, YAML for Helm)."},"sensitive":{"type":"boolean","title":"sensitive","description":"Whether the variable value is encrypted at rest and masked in API responses."},"type":{"title":"type","description":"How the value should be interpreted by the rendering engine and displayed\n in the UI. Defaults to STRING if not specified.","$ref":"#/components/schemas/admiral.variable.v1.VariableType"},"description":{"type":"string","title":"description","maxLength":1024,"description":"Optional description of the variable's purpose (e.g., \"Maximum replica\n count for production scaling\" or \"RDS instance class per environment\")."},"application_id":{"type":"string","title":"application_id","format":"uuid","description":"The application this variable belongs to (UUID). Always set; variables\n are env-scoped and inherit their app from the environment."},"environment_id":{"type":"string","title":"environment_id","format":"uuid","description":"The environment this variable is scoped to (UUID). Always set; variables\n are env-scoped."},"source":{"title":"source","description":"How the variable was created. USER for change-set-managed variables,\n INFRASTRUCTURE for variables produced by engine output capture (Terraform\n or OpenTofu). Server-populated.","$ref":"#/components/schemas/admiral.variable.v1.VariableSource"},"created_by":{"title":"created_by","description":"The user or agent who created this variable (server-populated from token).","$ref":"#/components/schemas/admiral.common.v1.ActorRef"},"created_at":{"title":"created_at","description":"When the variable was created.","$ref":"#/components/schemas/google.protobuf.Timestamp"},"updated_at":{"title":"updated_at","description":"When the variable was last updated.","$ref":"#/components/schemas/google.protobuf.Timestamp"}},"title":"Variable","additionalProperties":false,"description":"Variable represents a configuration key-value pair scoped to a specific\n environment within an application. Variables are user-managed configuration\n values, distinct from infrastructure outputs which are system-managed values\n produced by apply (e.g., Terraform outputs, namespaced as\n `.`).\n\n Variables are mutated exclusively through change sets (ChangeSetAPI.SetVariable\n / RemoveVariable). They are read via EnvironmentAPI.ListEnvironmentVariables.\n\n Sensitive variables have their values masked in API responses.","example":{"id":"1a2b3c4d-5e6f-7890-abcd-ef0123456789","key":"DATABASE_URL","value":"postgresql://db.internal:5432/inventory","sensitive":false,"type":"VARIABLE_TYPE_STRING","description":"Primary database connection string for the inventory service.","application_id":"a1b2c3d4-5678-9abc-def0-1234567890ab","environment_id":"e5f6a7b8-9012-3cde-f456-789012345678","source":"VARIABLE_SOURCE_USER","created_by":{"id":"d290f1ee-6c54-4b01-90e6-d701748f0851","display_name":"Alex Chen","email":"alex.chen@example.com"},"created_at":"2025-09-16T12:00:00Z","updated_at":"2025-10-30T15:00:00Z"}},"admiral.variable.v1.VariableSource":{"type":"string","title":"VariableSource","enum":["VARIABLE_SOURCE_UNSPECIFIED","VARIABLE_SOURCE_USER","VARIABLE_SOURCE_INFRASTRUCTURE"],"description":"VariableSource indicates how the variable was created."},"admiral.variable.v1.VariableType":{"type":"string","title":"VariableType","enum":["VARIABLE_TYPE_UNSPECIFIED","VARIABLE_TYPE_STRING","VARIABLE_TYPE_NUMBER","VARIABLE_TYPE_BOOLEAN","VARIABLE_TYPE_COMPLEX"],"description":"VariableType indicates how the variable value should be interpreted by the\n rendering engine and displayed in the UI. The value is always stored as a\n string regardless of type."},"google.protobuf.Duration":{"type":"string","format":"duration","description":"$79"},"google.protobuf.FieldMask":{"type":"string","description":"$7a"},"google.protobuf.Timestamp":{"type":"string","examples":["2023-01-15T01:30:15.01Z","2024-12-25T12:00:00Z"],"format":"date-time","description":"$7b"},"StateLockInfo":{"type":"object","description":"Terraform/OpenTofu lock-info payload. Sent as the LOCK/UNLOCK request body and returned (HTTP 423) when a lock is already held.","properties":{"ID":{"type":"string","description":"Lock identifier (UUID), generated by the Terraform client."},"Operation":{"type":"string","description":"Terraform operation holding the lock (informational)."},"Info":{"type":"string"},"Who":{"type":"string","description":"Holder identity, typically \"user@host\" (informational)."},"Version":{"type":"string","description":"Terraform/OpenTofu client version (informational)."},"Created":{"type":"string","format":"date-time"},"Path":{"type":"string"}}}},"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"PAT","description":"Personal Access Token (PAT) or Service Access Token (SAT). Pass the token in the Authorization header: `Bearer admp_...`"}}},"security":[{"bearerAuth":[]}],"tags":[{"name":"Applications","description":"Manage application lifecycle and configuration.","kind":"nav"},{"name":"Environments","description":"Manage deployment environments within an application, and view the components deployed to them.","kind":"nav"},{"name":"ChangeSets","description":"Manage change sets: scoped, isolated proposals to mutate the deployed state of an application within a single environment.","kind":"nav"},{"name":"Runs","description":"Manage runs across components in an environment.","kind":"nav"},{"name":"Run Revisions","description":"Retrieve and retry per-component revisions within a run.","kind":"nav"},{"name":"Catalog","description":"Manage catalog items: named, reusable references to a slice of content within a source.","kind":"nav"},{"name":"Sources","description":"Manage source definitions for external artifacts.","kind":"nav"},{"name":"Credentials","description":"Manage credentials for accessing external systems.","kind":"nav"},{"name":"Agents","description":"Manage agents (Terraform and Kubernetes) and their lifecycle.","kind":"nav"},{"name":"Agent Tokens","description":"Manage service access tokens bound to an agent.","kind":"nav"},{"name":"User","description":"Retrieve user profiles.","kind":"nav"},{"name":"Personal Access Tokens","description":"Manage personal access tokens for API authentication.","kind":"nav"},{"name":"State Backend","description":"Terraform/OpenTofu HTTP state backend, consumed by the terraform CLI during job execution (authenticated with a PAT or SAT).","kind":"nav"}],"servers":[{"url":"{baseUrl}","description":"Admiral API server","variables":{"baseUrl":{"default":"https://api.admiral.io","description":"The base URL of your Admiral instance."}}}],"host":"api.admiral.io","schemes":["https","http"]},"proxyUrl":"/api/proxy"},"document":"./openapi.v3.yaml","operations":[{"method":"delete","path":"/api/v1/sources/{source_id}","tags":["Sources"]}],"showDescription":true}]}]]}]

Delete a source

Authorization

Path Parameters

Response Body

200application/json

`application/json`