Skip to main content

List roles

GET /api/policy/roles
Response (200): 
{
  "roles": []
}

Create role

POST /api/policy/roles

Request body

{
  "id": "developer",
  "name": "Developer",
  "patterns": ["github.**", "linear.issues.*", "slack.channels.list"]
}
Validated against RoleSchema from @toolshed/shared.

Response (201)

{
  "created": {
    "id": "developer",
    "name": "Developer",
    "patterns": ["github.**", "linear.issues.*", "slack.channels.list"]
  }
}
The response wraps the role object in a created field.

Update role

PUT /api/policy/roles/:id
ParameterInRequiredDescription
idpathYesRole ID

Request body

Same shape as create — a full Role object.

Response (200)

{
  "updated": {
    "id": "developer",
    "name": "Developer",
    "patterns": ["github.**", "linear.**", "slack.**"]
  }
}
The response wraps the role object in an updated field. The id is taken from the URL path parameter.

Resolve user tools

GET /api/policy/resolve?userId=<userId>
Returns the effective set of tools a user can access based on their role.
ParameterInRequiredDescription
userIdqueryYesUser ID
Response (200): 
{
  "userId": "user-123",
  "tools": []
}