-
Notifications
You must be signed in to change notification settings - Fork 0
Learning Rest Openapi Agent Workflow
Intermediate to expert.
Full-stack developers, AI-agent engineers, platform teams, and instructors teaching tool-calling workflows.
By the end, you can:
- start the CaeReflex REST server in a bounded workspace;
- inspect health and OpenAPI endpoints;
- import a case through the API;
- retrieve agent context and inspection flags; and
- design safe tool instructions for Custom GPT, Claude-style, or internal agents.
- Architecture: REST API
- Reference: OpenAPI
openapi/openapi.yamlexamples/agent_workflow/
Start the server from the repository root:
caereflex serve --host 127.0.0.1 --port 8765 --workspace .In another terminal:
curl http://127.0.0.1:8765/health
curl http://127.0.0.1:8765/openapi.yaml
curl -X POST "http://127.0.0.1:8765/cases/import" \
-H "Content-Type: application/json" \
-d '{"path":"examples/openfoam_cavity_minimal","adapter":"auto","attach_crossref":false,"return_agent_context":true}'Use the returned case_id:
curl "http://127.0.0.1:8765/cases/CASE_ID/agent-context"
curl "http://127.0.0.1:8765/cases/CASE_ID/inspection-flags"- The OpenAPI schema describes the tool surface for action-capable agents.
- Case paths should be workspace-relative.
- CrossRef should be requested explicitly, not silently.
- Agent answers must preserve inspection warnings and safe-use policy.
A representative health response is intentionally small:
{"status": "ok", "service": "caereflex"}A representative import response for examples/openfoam_cavity_minimal should include the stored case identifier and optional agent context:
{
"status": "success",
"case_id": "case_6c5707a83ec1",
"summary": "OpenFOAM case inspected. 8 files were considered.",
"warnings": [],
"provenance_summary": ["openfoam_inspection_started"],
"next_recommended_actions": ["get_agent_context", "export_case_report"],
"data": {
"agent_context": {
"case_type": "openfoam",
"source_files": [{"relative_path": "system/controlDict", "hash_status": "complete"}],
"do_not_claim": ["Do not claim simulation convergence unless explicit evidence is present."]
}
}
}A representative inspection-flags response is:
{"inspection_flags": []}Interpret the output as follows:
- Extracted evidence:
source_files,detected_formats, field records, and hashes indata.agent_contextcome from the workspace-relative example path. - Inferred context:
summary,next_recommended_actions, and case classification help sequence agent behavior; they are not engineering conclusions. - Warnings: top-level
warningsand/inspection-flagsmust be fetched and echoed before summarization. An empty list is only an absence of emitted flags for that run. - Provenance:
provenance_summaryidentifies adapter events that produced the stored case. - Unsafe claims to avoid: agents must not claim validation, convergence, mesh adequacy, certification, design safety, unrestricted filesystem access, or CrossRef attachment unless the corresponding endpoint was explicitly called.
Identify the health endpoint, OpenAPI endpoint, import endpoint, and agent-context endpoint.
Draft safe agent instructions that require health check, case import, agent context retrieval, and inspection flag review before summarization.
Review API exposure risks:
- What changes when binding outside localhost?
- Why is an API key required for external exposure?
- How should workspace boundaries shape agent tool descriptions?
- What should an agent do if a user provides an absolute path?
- The learner understands the REST workflow sequence.
- The learner can write a safe agent prompt or tool policy.
- The learner explains workspace and authentication risks.
Use these examples to check that learners design safe REST/OpenAPI workflows rather than over-permissive agent tools.
Sample acceptable answer
- Health endpoint:
GET /health, called withcurl http://127.0.0.1:8765/health. - OpenAPI endpoint:
GET /openapi.yaml, called withcurl http://127.0.0.1:8765/openapi.yaml. - Import endpoint:
POST /cases/import, called with a JSON body containing a workspace-relativepath,adapter,attach_crossref, andreturn_agent_context. - Agent-context endpoint:
GET /cases/{case_id}/agent-context, called after replacing{case_id}with the returned case identifier. - Inspection-flags endpoint:
GET /cases/{case_id}/inspection-flags, used before summarization even when the import response includes warnings.
Unsafe or incorrect answer
- "Skip health and flags, call any URL exposed by OpenAPI, use absolute paths such as
/etc/passwd, and summarize the case as validated if the import succeeds."
Why the acceptable answer passes
- It preserves the documented sequence and uses the
case_idreturned by import. - It treats inspection flags as a required safety check before agent summarization.
- It keeps paths workspace-relative for safe tool descriptions.
Why the unsafe answer fails
- It bypasses readiness and warning checks.
- It encourages unsafe filesystem access and unsupported validation claims.
References
- Command output to cite:
curl http://127.0.0.1:8765/health,curl http://127.0.0.1:8765/openapi.yaml, thePOST /cases/importresponse,curl .../agent-context, andcurl .../inspection-flags. - Adapter/API behavior:
caereflex/server/app.pyimplements/health,/openapi.yaml,/cases/import,/cases/{case_id}/agent-context, and/cases/{case_id}/inspection-flags. - Safety rule: agent answers must preserve inspection warnings and the safe-use/do-not-claim lists returned in agent context.
Sample acceptable answer
Before answering engineering questions, call
GET /healthand stop if the service is unavailable. Import only user-approved, workspace-relative case paths withPOST /cases/import; setattach_crossreftofalseunless the user explicitly requests literature metadata. After import, store the returnedcase_id, callGET /cases/{case_id}/agent-context, and callGET /cases/{case_id}/inspection-flags. In the answer, cite file-derived evidence fromsource_files,result_fields, and other extracted records, echo all warnings or flags, and state that empty flags do not prove correctness. Never claim validation, convergence, mesh adequacy, certification, design safety, unrestricted filesystem access, or CrossRef attachment unless the corresponding endpoint output explicitly supports that limited statement.
Unsafe or incorrect answer
- "The agent may import any path the user types, attach CrossRef automatically, skip flag retrieval, and present the API result as a certified engineering review."
Why the acceptable answer passes
- It defines an auditable, least-privilege workflow.
- It separates endpoint outputs from engineering conclusions and requires warning preservation.
- It avoids silent CrossRef attachment.
Why the unsafe answer fails
- It is over-permissive with filesystem paths and external metadata.
- It skips explicit warning retrieval and misrepresents inspection as certification.
References
- Command output to cite: health response, import response with
case_id, agent-context response, and inspection-flags response. - API behavior:
caereflex/server/app.pyreturns importwarnings, fullinspection_flags,provenance_summary, and optionaldata.agent_context; the agent-context endpoint returnssafe_use_policy,inspection_warnings,do_not_claim, andsource_referencesfromcaereflex/exporters.py. - Safety rule:
wiki/docs/user-guide/safe-use-policy.mdstates that CaeReflex output is structured evidence, not engineering validation.
Sample acceptable answer
- Binding outside localhost changes the threat model: the API can be reached by other machines, so unauthenticated access could expose inspection, export, and case-store operations.
- An API key is required for external exposure because
caereflex serverejects non-localhost binding without one, and the server checksx-api-keyfor external mode. - Workspace boundaries should be reflected in tool descriptions: tools should accept workspace-relative paths, should not advertise arbitrary filesystem access, and should tell agents to reject or ask the user to relocate paths that are outside the configured workspace.
- If a user provides an absolute path, an agent should not pass it blindly. Prefer asking for or constructing a workspace-relative path; for external deployments, paths outside the workspace are rejected by path-safety checks.
Unsafe or incorrect answer
- "Bind to
0.0.0.0without a key for convenience, describe the tool as able to read any path on the host, and pass absolute paths directly because the API will validate the engineering content."
Why the acceptable answer passes
- It recognizes that network exposure, authentication, and workspace scoping are part of safe agent operation.
- It ties path handling to the server's safety behavior instead of inventing broad capabilities.
Why the unsafe answer fails
- It creates an avoidable remote-access risk.
- It misstates the tool's filesystem and engineering-validation capabilities.
References
- Command output to cite:
caereflex serve --host 127.0.0.1 --port 8765 --workspace .,curl .../health, and the OpenAPI output fromcurl .../openapi.yaml. - API behavior:
caereflex/cli/main.pyrequires an API key when serving outside localhost;caereflex/server/app.pyenforcesx-api-keyin external mode and resolves request paths against the workspace;caereflex/core/validation.pyprovides workspace path checks. - Safety rule: agent tool descriptions must not claim unrestricted filesystem access or engineering validation beyond endpoint evidence.
- Home
- Architecture
- Developer-Guide
- Learning
- Reference
- Releases
- User-Guide
Synced from /wiki/docs in the main CaeReflex repository.