List safe runtime agent metadata

Lists agents from the selected app runtime source using a strict public metadata allowlist. A Workspace catalog can include agents that are not published yet; user-delegated DM creation still resolves agentId against the published app configuration. Prompts, credentials, provider settings, MCP assignments, and container configuration are never returned.

Authentication

AuthorizationBearer

Runtime bearer accepted by the normal app-scoped pipeline: an API key or OAuth/JWT with the ‘runtime’ scope, or an app-scoped agent service token. Individual operations may require a narrower principal type.

Headers

X-CES-Workspace-IDstringOptionalformat: "^ws_[A-Za-z0-9_-]+$"
Optional Workspace runtime selector header. If supplied with workspaceId, both values must match.

Query parameters

workspaceIdstringOptionalformat: "^ws_[A-Za-z0-9_-]+$"

Optional Workspace runtime selector for preview or validation calls. If supplied with X-CES-Workspace-ID, both values must match.

Response

Safe app agent catalog
agentslist of objects

Errors

401
Unauthorized Error
403
Forbidden Error
404
Not Found Error
422
Unprocessable Entity Error