api reference · 6 routers · 15 procedures

The public procedure surface.

What you can call from the CLI, an integration, or your own dashboard. Auth tier, input shape, and return shape for each. Internal-only admin procedures are not documented here.

trpc.auth

Magic-link sign-in and sign-out. Verification itself lives at /api/auth/* (Better Auth handler) because it sets cookies via browser redirect.

auth.requestMagicLinkmutationpublic

Send a sign-in magic link to the supplied email.

input
{ email: string; callbackURL?: string }
returns
{ ok: true }
errors
INTERNAL_SERVER_ERROR · email provider rejected the send
auth.signOutmutationprotected

Sign out the current session. Sets clearing cookies on the response.

input
— (none)
returns
{ ok: true }

trpc.me

Single round-trip "who am I" payload — session, active org, org list. The one call you make to figure out the current caller's context.

me.bootstrapquerypublic

Returns the auth state needed to render any authed UI. Returns nullable session for unauthed callers so the same hook drives both paths.

input
— (none)
returns
{ session: { userId, email, name } | null, activeOrg, organizations[] }

trpc.org

Organization lifecycle wrappers over Better Auth's org plugin. Create, switch, and list orgs the caller belongs to.

org.createmutationpublic

Create a new org. Caller (must be signed in) becomes the owner.

input
{ name: string (1-80); slug: string (lowercase, 1-48) }
returns
{ id, name, slug, … }
errors
UNAUTHORIZED · sign-in required
BAD_REQUEST · slug conflict / invalid
org.setActivemutationprotected

Switch the active org for the current session.

input
{ organizationId: string }
returns
{ ok: true }
org.listqueryprotected

All orgs the caller belongs to, including their role in each.

returns
Array<{ id, name, slug, role }>

trpc.project

List / get / create / archive projects within the active org. Every query routes through scoped(db, orgId) — direct schema queries are not allowed here.

project.listqueryprotected

Every project the active org owns.

returns
Array<Project>
project.getqueryprotected

One project by slug. 404s if it does not belong to the active org.

input
{ slug: string }
returns
Project
errors
NOT_FOUND
project.createmutationpermissionreq: project.create

Create a project, its scope row, and synthetic credentials in a single transaction. Flips the per-member addedFirstProject flag.

input
{ name, slug, baseUrl, environment: "staging" | "production", scope: { allowedPaths[], blockedPaths[], blockedMethods[], maxRequestsPerMinute }, accounts: Array<{ label, token }>, contextMd? }
returns
{ id, slug, name }
errors
CONFLICT · slug already exists in this org
project.archivemutationpermissionreq: project.delete

Soft-delete: flips active=false. Cleanup of runs/findings is a separate op.

input
{ id: string (uuid) }
returns
{ ok: true }

trpc.run

Start / list / get / cancel agent runs. `start` enqueues — actual sandbox spawn happens in apps/workflows via durable Inngest steps.

run.startmutationpermissionreq: run.trigger

Queue a fleet of agents against a project. Inserts one run row per agent class and fans out Inngest events.

input
{ projectId, agentClasses?: ("idor" | "auth-bypass" | "ssrf" | "stored-xss" | "business-logic")[], wallClockBudgetMs?, tokenBudget? }
returns
{ runs: Array<{ id, agentClass }> }
run.listqueryprotected

Recent runs across the active org, optionally filtered to one project.

input
{ projectId?: string; limit?: number (1-200, default 50) }
returns
Array<Run>
run.getqueryprotected

One run with its audit-log tail (last 200 request events).

input
{ id: string (uuid) }
returns
{ run, events: RequestAuditLog[] }
errors
NOT_FOUND
run.cancelmutationpermissionreq: run.cancel

Request cancellation. Workflow notices between steps and tears down.

input
{ id: string (uuid) }
returns
{ ok: true }

trpc.waitlist

Public signup endpoint used by the marketing site.

waitlist.submitmutationpublic

Submit a waitlist application. Captures IP + user-agent for abuse review.

input
SubmitWaitlistSchema
returns
Waitlist row