Skip to content

Send a message and stream the agent's reply.

POST
/conversations/{conversation_id}/messages
curl --request POST \
--url 'https://shiftagent.example.com/conversations/example/messages?stream=true' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "content": "Summarize today'\''s open jobs." }'

Appends a user message and runs the agent. Default response is a streaming application/x-ndjson body (200): one ConversationEvent per line. Pass ?stream=false for a blocking 201 with the completed assistant Message JSON instead.

NDJSON protocol

  • seq is monotonic from 0 with no gaps — detect truncation by a gap or a missing terminal event.
  • Exactly one terminal event ends every complete stream: message_end (carries the full persisted assistant message) or error (carries an RFC 9457 problem object).
  • Ordering: optional queued events (capacity hold) → message_startcontent_delta* (filler deltas flagged data.filler: true) → optional approval_requiredresumedmessage_end.
  • If the connection drops mid-stream, the run continues server-side; reconcile via listMessages (the assistant message lands in history regardless).
{"object":"conversation.event","type":"queued","conversation_id":"con_01hzx8conv001","message_id":null,"seq":0,"data":{"position":2,"retry_hint_seconds":15},"created_at":"2026-07-02T10:00:00Z"}
{"object":"conversation.event","type":"message_start","conversation_id":"con_01hzx8conv001","message_id":"msg_01hzx8asst001","seq":1,"data":{"role":"assistant"},"created_at":"2026-07-02T10:00:01Z"}
{"object":"conversation.event","type":"content_delta","conversation_id":"con_01hzx8conv001","message_id":"msg_01hzx8asst001","seq":2,"data":{"text":"One moment while I pull that up — ","filler":true},"created_at":"2026-07-02T10:00:01Z"}
{"object":"conversation.event","type":"content_delta","conversation_id":"con_01hzx8conv001","message_id":"msg_01hzx8asst001","seq":3,"data":{"text":"You have three open jobs today."},"created_at":"2026-07-02T10:00:03Z"}
{"object":"conversation.event","type":"message_end","conversation_id":"con_01hzx8conv001","message_id":"msg_01hzx8asst001","seq":4,"data":{"message":{"object":"message","id":"msg_01hzx8asst001","...":"..."}},"created_at":"2026-07-02T10:00:04Z"}

Per-message knobs (most specific wins in every cascade)

  • repository_id — one-shot repository override for this run.
  • skill_ids — narrow to specific skills so the agent context stays lean (must be within the conversation’s effective skills).
  • env — plaintext, non-secret run parameters. Never place secret material here — the runtime sees these values verbatim.
  • secrets — write-only alias → value map, vaulted on arrival and scoped to the conversation. Values never appear in any response; the agent sees only {{secret:ALIAS}} placeholders, resolved by the egress proxy at the network boundary.
  • filler {enabled} — override the filler cascade for this message.
  • on_capacityreject (default): 429 capacity-exhausted + Retry-After when no sandbox is available; hold: the stream first emits queued events, bounded by the deployment’s max hold time.

HITL

When the agent raises an approval, the stream emits approval_required (full Approval object, incl. requested_items) and the message parks in awaiting_approval — sticky sandboxes stay warm until the approval’s expires_at; pooled runs checkpoint and re-hydrate. The stream stays open awaiting resolution: on a valid signed approveApproval it emits resumed and continues to message_end; deny/expiry ends with a problem-typed error event and status: "failed". Disconnected clients reconcile via listMessages / listApprovals.

conversation_id
required
string
/^con_[A-Za-z0-9]+$/

Internal conversation ID.

Idempotency-Key
string
<= 255 characters

Optional idempotency key (any unique string, e.g. a UUID; max 255 chars). Responses are cached 24h per (key principal, operation, key); replays return the original status and body with Idempotency-Replayed: true. Reusing a key with a different payload responds 409 idempotency-key-conflict.

stream
boolean
default: true

true (default) streams NDJSON events; false blocks until the run completes and returns the assistant message as JSON.

Media type application/json

Body for createMessage (and initial_message on createConversation).

object
content
required

The user’s message text.

string
>= 1 characters
parts

Optional typed blocks (extensibility).

Array<object>

Typed content block — the extensibility seam for richer runs. Known types: text, tool_call, tool_result; unknown types must be ignored by clients.

object
type
required

Block type (open enum).

string
text

Text content (for text blocks).

string
key
additional properties
any
repository_id

One-shot repository override for this run only (top of the resolution cascade).

string
/^rep_[A-Za-z0-9]+$/
skill_ids

Per-message skill narrowing — keeps the agent context lean. Must be within the conversation’s effective skills.

Array<string>
env

Plaintext, non-secret run parameters, visible to the agent verbatim. Never place secret material here — use secrets.

object
key
additional properties
string
secrets

Write-only alias → value map. Vaulted at the boundary, conversation-scoped, never echoed anywhere; the agent sees only {{secret:ALIAS}} placeholders resolved by the egress proxy.

object
>= 1 properties
key
additional properties
string
filler

Per-message filler override (most specific wins).

object
enabled
required

Whether the low-latency filler agent runs for this scope.

boolean
on_capacity

reject429 capacity-exhausted + Retry-After when no sandbox is available; hold → the stream first emits queued events until one frees (bounded by the deployment’s max hold time).

string
default: reject
Allowed values: reject hold
metadata

Free-form string key–value map for host/adapter bookkeeping (e.g. a host-side reference ID). Max 50 keys; values max 500 chars. Replaced wholesale when provided in updates.

object
<= 50 properties
key
additional properties
string
<= 500 characters
Examples

Plain message

{
"content": "Summarize today's open jobs."
}

NDJSON event stream (default). Each line is one ConversationEvent; the stream terminates with message_end or error. See the operation description for the full protocol and an end-to-end transcript.

Media type application/x-ndjson
One of: discriminator: type

The assistant message has opened; deltas follow.

object
object
required
string
Allowed value: conversation.event
type
required

Event discriminator.

string
conversation_id
required
string
/^con_[A-Za-z0-9]+$/
message_id
required

The assistant message this event belongs to; null on queued events emitted before the run starts.

string | null
seq
required

Monotonic per-response counter — gap ⇒ truncation.

integer
created_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
type
required
string
Allowed value: message_start
data
required
object
role
required
string
Allowed value: assistant
conversation

Present only on streams initiated by createConversation with initial_message — the just-created conversation.

object
object
required
string
Allowed value: conversation
id
required
string
/^con_[A-Za-z0-9]+$/
tenant_id
required
string
/^tnt_[A-Za-z0-9]+$/
user_id
required
string
/^usr_[A-Za-z0-9]+$/
title
required

Display title; auto-derivable from the first message.

string | null
<= 255 characters
status
required

Archived conversations keep readable history but reject message writes with 409 conversation-archived.

string
Allowed values: active archived
repository_id
required

Conversation-level repository override in the cascade.

string | null
/^rep_[A-Za-z0-9]+$/
context
required

Resolution snapshot taken at conversation creation (user → role → repository → skills) — makes history self-explaining even after roles or repositories change.

object
role_id
required

The role the conversation was resolved under.

string
/^rol_[A-Za-z0-9]+$/
repository_id
required

The effective repository at creation.

string
/^rep_[A-Za-z0-9]+$/
skill_ids
required

The effective skills at creation.

Array<string>
selected_skill_ids
required

Optional narrowing within context.skill_ids; null means no narrowing.

Array<string> | null
runtime
required

Runtime placement state of a conversation. agent_type selects the agent runtime behind the platform’s runtime abstraction — each type runs in its own isolated sandbox.

object
agent_type
required

Agent runtime — open enum so new runtimes are non-breaking. Known values: claude-agent-sdk, codex, deepagent. Defaults from tenant settings. Immutable after creation.

string
mode
required

pooled — each message claims a warm-pool sandbox; sticky — a dedicated sandbox is leased for sticky_ttl_seconds (refreshed per message).

string
Allowed values: sticky pooled
sticky_ttl_seconds
required

Lease TTL; null for pooled conversations.

integer | null
sandbox_state
required

warm — no dedicated sandbox held (pooled, or sticky before first message); active — sticky lease held; expired — sticky lease lapsed (next message re-acquires, subject to capacity).

string
Allowed values: warm active expired
expires_at
required

Sticky lease expiry; null for pooled conversations.

string | null format: date-time
filler
required
One of:

Filler-agent enablement. Cascade: tenant settings → conversation → message; most specific wins. When enabled, filler output arrives as content_delta events flagged data.filler: true.

object
enabled
required

Whether the low-latency filler agent runs for this scope.

boolean
storage
required

S3-style storage bucket attached to a user or conversation. Platform-assigned automatically at creation; host-owned buckets can be linked via update (provider: "external").

object
provider
required

platform — bucket provisioned and owned by the deployment; external — host-linked BYO bucket.

string
Allowed values: platform external
bucket_uri
required

S3-style URI of the bucket root (e.g. s3://bucket/prefix).

string
message_count
required

Persisted message count (all roles).

integer
last_message_at
required

Timestamp of the newest message; null when empty.

string | null format: date-time
metadata
required

Free-form string key–value map for host/adapter bookkeeping (e.g. a host-side reference ID). Max 50 keys; values max 500 chars. Replaced wholesale when provided in updates.

object
<= 50 properties
key
additional properties
string
<= 500 characters
created_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
updated_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
Examples

Stream line: assistant message opened

{
"object": "conversation.event",
"type": "message_start",
"conversation_id": "con_01hzx8conv001",
"message_id": "msg_01hzx8asst001",
"seq": 1,
"data": {
"role": "assistant"
},
"created_at": "2026-07-02T10:00:01Z"
}

Completed assistant message (only with ?stream=false). The user message and this reply both land in history.

Media type application/json

A persisted conversation message. Write-only request fields (secrets) are never present; env is echoed as sent (non-secret by contract).

object
object
required
string
Allowed value: message
id
required
string
/^msg_[A-Za-z0-9]+$/
conversation_id
required
string
/^con_[A-Za-z0-9]+$/
role
required

Author role.

string
Allowed values: user assistant system
content
required

Full text content. Assistant content references secrets only by alias ({{secret:ALIAS}}) — never by value.

string
parts

Typed content blocks.

Array<object>

Typed content block — the extensibility seam for richer runs. Known types: text, tool_call, tool_result; unknown types must be ignored by clients.

object
type
required

Block type (open enum).

string
text

Text content (for text blocks).

string
key
additional properties
any
repository_id

Per-message repository override used for this run.

string | null
/^rep_[A-Za-z0-9]+$/
skill_ids

Per-message skill narrowing used for this run.

Array<string> | null
env

Plaintext run parameters as sent (never secret material by contract).

object | null
status
required

awaiting_approval — parked on a pending HITL approval; failed — the run errored, was denied, or the approval expired.

string
Allowed values: completed in_progress awaiting_approval failed
usage
One of:

Token accounting for an assistant message.

object
input_tokens
required

Tokens consumed composing the run input.

integer
output_tokens
required

Tokens generated.

integer
metadata

Free-form string key–value map for host/adapter bookkeeping (e.g. a host-side reference ID). Max 50 keys; values max 500 chars. Replaced wholesale when provided in updates.

object
<= 50 properties
key
additional properties
string
<= 500 characters
created_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
Example
{
"object": "message",
"role": "user",
"status": "completed"
}

Missing or invalid credentials — no bearer token, an unknown/revoked sk_int_ key, or an expired platform JWT.

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example unauthorized

Missing or invalid bearer token

{
"type": "https://shiftagent.example.com/problems/insufficient-scope",
"title": "Unauthorized",
"status": 401,
"detail": "Provide a valid sk_int_ service key or platform JWT.",
"request_id": "req_01hzx8auth001"
}

Forbidden — tenant-suspended (writes to a suspended tenant), insufficient-scope (key/token lacks the scope or a platform JWT reaches beyond its user), or approval-signature-invalid (approval assertion failed verification).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples

Suspended tenant rejects conversation writes

{
"type": "https://shiftagent.example.com/problems/tenant-suspended",
"title": "Tenant suspended",
"status": 403,
"detail": "Tenant tnt_01hzx8acme001 is suspended; conversation writes are rejected.",
"request_id": "req_01hzx8sus001"
}

Not found — the resource does not exist, was deprovisioned, or lies outside the integration key’s subtree (indistinguishable by design).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example not_found

Unknown resource

{
"type": "https://shiftagent.example.com/problems/not-found",
"title": "Not found",
"status": 404,
"detail": "No tenant with external_id acme:tenant:999999.",
"request_id": "req_01hzx8nf001"
}

Conflict — name-conflict / external-id-conflict (unique name or external ID taken; conflicting_resource_id names the holder — fetch it and continue), resource-in-use (guarded delete refused), cross-tenant (referenced resource belongs to another tenant), conversation-archived (write to an archived conversation), approval-expired (approval already resolved or expired), or idempotency-key-conflict (same key, different payload).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples

Named sub-resource already exists — recoverable

{
"type": "https://shiftagent.example.com/problems/name-conflict",
"title": "Name conflict",
"status": 409,
"detail": "A role named \"csr\" already exists in this tenant.",
"conflicting_resource_id": "rol_01hzx8csr001",
"request_id": "req_01hzx8conf01"
}

Unprocessable — validation-error (schema/semantic validation failed; errors[] lists JSON-pointer details) or role-required (user has multiple roles and no role_id was given).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples

Field-level validation failure

{
"type": "https://shiftagent.example.com/problems/validation-error",
"title": "Validation error",
"status": 422,
"detail": "One or more fields failed validation.",
"errors": [
{
"pointer": "/skill_access/skill_ids/0",
"message": "skl_01hzx8unknown does not belong to the effective repository."
}
],
"request_id": "req_01hzx8val001"
}

Too many requests — capacity-exhausted (no sandbox available, or the maximum hold time elapsed under on_capacity=hold) or rate-limited. Honor Retry-After.

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example capacity_exhausted

Sandbox pool exhausted (on_capacity=reject)

{
"type": "https://shiftagent.example.com/problems/capacity-exhausted",
"title": "Capacity exhausted",
"status": 429,
"detail": "No sandbox available; retry after the indicated delay or use on_capacity=hold.",
"request_id": "req_01hzx8cap001"
}
Retry-After
integer

Seconds to wait before retrying.