API versión
1.0.0
CORS
okAuth requerida
okEndpoints ready
21
CORS Origins permitidos
http://localhost:3000
http://192.168.1.4:3000
https://cockpit.angelvargasos.com
Advertencias de seguridad (5)
Do not expose AVOS_API_TOKEN to browser clients. Use Next.js server routes as BFF. The token must stay server-side at all times.
CORS is restricted to explicit origins. Wildcard (*) is NOT allowed.
/api/tasks, /api/agents, /api/logs/recent have no pagination. Acceptable now (<100 items), monitor as data grows.
Task created_at/started_at/completed_at are Unix timestamps in SECONDS not milliseconds. Convert with: new Date(task.created_at * 1000)
cockpit.angelvargasos.com MUST be protected with Cloudflare Access (Zero Trust) if exposed publicly. av-os-api must NOT be directly accessible from the internet. Only the Next.js PWA should be public-facing.
Endpoints disponibles (21)
Endpoints parciales (4)
GET /api/vexa/meetings
Vexa requires VEXA_API_KEY. Currently returns {detail: Missing API key}
Fix: Add VEXA_API_KEY to .env and update vexaFetch() to include X-API-Key header
GET /api/vexa/bots
Same as /api/vexa/meetings. Requires VEXA_API_KEY
Fix: Same fix as above
GET /api/agents/:id/activity
Lists session filenames only. Does not parse session content
Fix: Phase 2: parse sessions.json and expose last N agent actions
POST /api/hermes/chat
Creates kanban task, not free-form chat. Response is async via Telegram
Fix: Phase 2: poll /api/tasks for completed result or add WebSocket push