openapi: 3.1.0 info: title: GaaS API — Governance as a Service version: "1.0" description: | The GaaS API provides governance for autonomous AI agents. Every agent action passes through a five-stage pipeline: Intent Declaration, Context Enrichment, Policy Evaluation, Deliberation Engine, and Decision + Audit. ## Base URL `https://api.gaas.is/v1` ## Authentication All requests require an API key passed in the `Authorization` header: ``` Authorization: Bearer gaas_live_org_... ``` ## Shadow Mode Append `?mode=shadow` to any intent submission to run the full governance pipeline without enforcement. Actions are evaluated and audited but never blocked. contact: name: H2Om.AI LLC dba GaaS url: https://gaas.is email: waitlist@gaas.is license: name: Proprietary url: https://gaas.is servers: - url: https://api.gaas.is/v1 description: Production paths: /onboarding/quickstart: post: operationId: quickstart summary: Create a shadow deployment description: | Register a new organization and receive API credentials for a 14-day free shadow deployment. No credit card required. tags: - Onboarding requestBody: required: true content: application/json: schema: type: object required: - email - org_name - description properties: email: type: string format: email description: Contact email for the organization example: engineer@acme.com org_name: type: string description: Organization name example: Acme Corp description: type: string description: Description of what your AI agents do example: "Process customer refunds, generate compliance reports, handle loan applications" responses: "201": description: Shadow deployment created successfully content: application/json: schema: type: object properties: api_key: type: string description: API key for authenticating governance requests. Will not be shown again. example: gaas_live_org_a1b2c3d4e5f6 membrane_id: type: string description: Organization identity on the GaaS network example: mem_acme_7x8y9z quickstart_snippet: type: string description: Ready-to-use code snippet for SDK integration next_steps: type: array items: type: string description: Ordered list of recommended next steps example: - "Submit intents with ?mode=shadow" - "Review shadow stats in your dashboard" - "Activate enforcement when ready" "400": description: Invalid request (missing required fields or invalid email) "409": description: Organization already registered with this email /intents: post: operationId: declareIntent summary: Declare an agent intent for governance evaluation description: | Submit an agent's intended action through the full five-stage governance pipeline. The pipeline evaluates the intent, enriches context, applies policies, triggers deliberation if needed, and returns an audited decision. Use `?mode=shadow` to run without enforcement. **Note:** The schema below is illustrative. The full IntentDeclaration schema (with nested `agent`, `action`, `context_provided`, and `governance_request` objects) is available at https://api.gaas.is/openapi.json. tags: - Governance security: - bearerAuth: [] parameters: - name: mode in: query required: false schema: type: string enum: - live - shadow - test default: live description: | `live` — full pipeline with active enforcement (default). `shadow` — full pipeline evaluation without blocking actions. `test` — deterministic evaluation for integration testing. requestBody: required: true content: application/json: schema: type: object required: - action - target properties: action: type: string description: The action the agent intends to perform example: send_email target: type: string description: The target of the action example: customer@example.com risk_level: type: string enum: - low - medium - high - critical description: Agent's self-declared risk assessment example: low context: type: object additionalProperties: true description: Additional context about the action example: authenticated: true template: welcome_series agent_id: type: string description: Identifier for the agent submitting the intent example: cx-agent-7 responses: "200": description: Governance decision returned content: application/json: schema: type: object properties: approved: type: boolean description: Whether the action is approved for execution verdict: type: string enum: - APPROVE - MODIFY - ESCALATE - BLOCK description: The governance verdict modified_parameters: type: object nullable: true additionalProperties: true description: Modified parameters if verdict is MODIFY (null otherwise) pipeline: type: object description: Pipeline execution details properties: intent_declaration_ms: type: number description: Time spent in intent declaration stage context_enrichment_ms: type: number description: Time spent in context enrichment stage policy_evaluation_ms: type: number description: Time spent in policy evaluation stage deliberation_ms: type: number nullable: true description: Time spent in deliberation (null if not triggered) decision_audit_ms: type: number description: Time spent in decision + audit stage total_ms: type: number description: Total pipeline latency deliberation_triggered: type: boolean description: Whether multi-agent deliberation was triggered audit: type: object description: Audit record details properties: hash: type: string description: Immutable hash-chain reference for this decision example: 7f3a...c291 reason: type: string description: Human-readable explanation of the decision example: Action approved. Low risk, authenticated context, template-based. shadow: type: boolean description: Whether this was a shadow-mode evaluation (no enforcement) "401": description: Missing or invalid API key "429": description: Rate limit exceeded components: securitySchemes: bearerAuth: type: http scheme: bearer description: "API key from onboarding: `Authorization: Bearer gaas_live_org_...`"