Web App Routes
Route Map
Section titled “Route Map”| Route | Purpose | Key actions |
|---|---|---|
/ | Landing + sign-in CTA | Privy login, pricing/features presentation |
/dashboard | Agent list and management entry | Usage/limit snapshot, open agent, delete agent, create agent |
/dashboard/create | New agent workflow | Create DB record + provision machine |
/dashboard/agent/[id] | Agent operations | Start/stop/provision/delete/clone, runtime updates, shell, channel connect |
/settings | Account, billing, and runtime governance | Update profile, checkout, credits, usage summary, billing portal, runtime spend approvals/policies, runtime delegations |
/auth/device | Device flow approval UI | Approve user code for CLI/MCP login |
Auth Behavior
Section titled “Auth Behavior”- Protected routes redirect unauthenticated users to
/. /auth/devicerequires authenticated user before approval call.
Polling and Live Updates
Section titled “Polling and Live Updates”- Agent list: periodic refresh in
useAgents(). - Agent detail: periodic refresh in
useAgent()plus machine status polling during deploy/startup. - Runtime update status: periodic refresh while machine exists.
Main Client APIs Used by Web Routes
Section titled “Main Client APIs Used by Web Routes”Agent surfaces
Section titled “Agent surfaces”GET /api/agentsPOST /api/agentsGET /api/agents/:idPATCH /api/agents/:idDELETE /api/agents/:idPOST /api/agents/:id/provisionPOST /api/agents/:id/clonePOST /api/agents/:id/startPOST /api/agents/:id/stopGET /api/agents/:id/statusGET /api/agents/:id/gateway-accessGET /api/agents/:id/runtime-update-statusPOST /api/agents/:id/runtime-update-grantPOST /api/agents/:id/connect-telegramPOST /api/agents/:id/whatsapp-qrPOST /api/agents/:id/whatsapp-wait
User and billing
Section titled “User and billing”GET /api/users/mePATCH /api/users/meGET /api/billing/summaryGET /api/billing/usage-summaryPOST /api/billing/checkoutPOST /api/billing/credits/checkoutPOST /api/billing/portalPOST /api/billing/syncGET /api/billing/runtime-requestsGET /api/billing/runtime-requests/:idPOST /api/billing/runtime-requests/:id/approvePOST /api/billing/runtime-requests/:id/denyGET /api/billing/runtime-spend-policies/:controllerAgentIdPOST /api/billing/runtime-spend-policies/:controllerAgentIdDELETE /api/billing/runtime-spend-policies/:controllerAgentIdGET /api/runtime/delegationsPOST /api/runtime/delegationsDELETE /api/runtime/delegations/:id
Billing flow semantics
Section titled “Billing flow semantics”- Plan changes from web app always start with Stripe Checkout (
POST /api/billing/checkout). - This includes both upgrades and downgrades; the control plane does not expose a direct plan mutation endpoint.
- The web app expects return query params on
/settings:billing=success|cancelfor subscription checkout.billing=credits_success|credits_cancelfor one-time credits checkout.
Billing redirect validation checklist
Section titled “Billing redirect validation checklist”- Start plan checkout from
/settingsand complete payment in Stripe test mode. - Verify redirect back to
/settings?billing=successand that plan/entitlement cards refresh. - Start plan checkout again and cancel in Stripe.
- Verify redirect back to
/settings?billing=canceland no plan/credit mutation. - Start credits checkout and complete payment.
- Verify redirect back to
/settings?billing=credits_successand credits balance increases. - Start credits checkout and cancel in Stripe.
- Verify redirect back to
/settings?billing=credits_canceland credits balance is unchanged.
Device approval
Section titled “Device approval”POST /api/auth/device/approve