List safe runtime agent metadata
Lists agents from the selected app runtime source using a strict public metadata allowlist. A Workspace catalog can include agents that are not published yet; user-delegated DM creation still resolves agentId against the published app configuration. Prompts, credentials, provider settings, MCP assignments, and container configuration are never returned.
Authentication
AuthorizationBearer
Runtime bearer accepted by the normal app-scoped pipeline: an API key or OAuth/JWT with the ‘runtime’ scope, or an app-scoped agent service token. Individual operations may require a narrower principal type.
Headers
X-CES-Workspace-ID
Optional Workspace runtime selector header. If supplied with workspaceId, both values must match.
Query parameters
workspaceId
Optional Workspace runtime selector for preview or validation calls. If supplied with X-CES-Workspace-ID, both values must match.
Response
Safe app agent catalog
agents
Errors
401
Unauthorized Error
403
Forbidden Error
404
Not Found Error
422
Unprocessable Entity Error