Add remaining http-api endpoints and docs

Author: Symbiont OSS Sync

README.md

@@ -2,7 +2,7 @@
 
 [中文简体](README.zh-cn.md) | [Español](README.es.md) | [Português](README.pt.md) | [日本語](README.ja.md) | [Deutsch](README.de.md)
 
-**Symbi** is an AI-native agent framework for building autonomous, policy-aware agents that can safely collaborate with humans, other agents, and large language models. The Community edition provides core functionality with optional Enterprise features for advanced security, monitoring, and collaboration.
+**Symbi** is an AI-native agent framework for building autonomous, policy-aware agents that can safely collaborate with humans, other agents, and large language models. 
 
 ## 🚀 Quick Start
 
@@ -66,10 +66,19 @@ symbi-runtime = { version = "0.1.2", features = ["http-api"] }
 
 **Key Endpoints:**
 - `GET /api/v1/health` - Health check and system status
-- `GET /api/v1/agents` - List all active agents
+- `GET /api/v1/agents` - List all active agents (requires authentication)
+- `GET /api/v1/agents/{id}/status` - Get specific agent status (requires authentication)
+- `POST /api/v1/agents` - Create a new agent (requires authentication)
+- `PUT /api/v1/agents/{id}` - Update an agent (requires authentication)
+- `DELETE /api/v1/agents/{id}` - Delete an agent (requires authentication)
+- `POST /api/v1/agents/{id}/execute` - Execute an agent (requires authentication)
+- `GET /api/v1/agents/{id}/history` - Get agent execution history (requires authentication)
 - `POST /api/v1/workflows/execute` - Execute workflows
 - `GET /api/v1/metrics` - System metrics
 
+> **Note:** All `/api/v1/agents*` endpoints require Bearer token authentication. Set the `API_AUTH_TOKEN` environment variable and use the header:
+> `Authorization: Bearer <your-token>`
+
 ## 📁 Project Structure
 
 ```

crates/runtime/README.md

@@ -26,8 +26,8 @@ The Symbi Agent Runtime System provides a complete infrastructure for executing
 ## Architecture
 
 ```
-┌─────────────────────────────────────────────────────────────────────────────┐
-│                         Agent Runtime System                               │
+┌───────────────────────────────────────────────────────────────────────────────┐
+│                         Agent Runtime System                                  │
 ├─────────────────┬─────────────────┬─────────────────┬─────────────────────────┤
 │   Scheduler     │   Lifecycle     │ Resource Manager│   Context Manager       │
 │                 │   Controller    │                 │                         │
@@ -38,8 +38,8 @@ The Symbi Agent Runtime System provides a complete infrastructure for executing
 │  MCP Client     │ SchemaPin       │ Tool Review     │   Policy Engine         │
 │                 │ Integration     │ Workflow        │                         │
 ├─────────────────┼─────────────────┼─────────────────┼─────────────────────────┤
-│ HTTP API Server │                 │                 │     (Optional)          │
-│   (Optional)    │                 │                 │                         │
+│ HTTP API Server │  HTTP-Input     │                 │     (Optional)          │
+│   (Optional)    │  (Optional)     │                 │                         │
 └─────────────────┴─────────────────┴─────────────────┴─────────────────────────┘
 ```
 
@@ -438,11 +438,19 @@ api_server.start().await?;
 #### Available Endpoints
 
 - `GET /api/v1/health` - System health check
-- `GET /api/v1/agents` - List all active agents
-- `GET /api/v1/agents/{id}/status` - Get specific agent status
+- `GET /api/v1/agents` - List all active agents (requires authentication)
+- `GET /api/v1/agents/{id}/status` - Get specific agent status (requires authentication)
+- `POST /api/v1/agents` - Create a new agent (requires authentication)
+- `PUT /api/v1/agents/{id}` - Update an agent (requires authentication)
+- `DELETE /api/v1/agents/{id}` - Delete an agent (requires authentication)
+- `POST /api/v1/agents/{id}/execute` - Execute an agent (requires authentication)
+- `GET /api/v1/agents/{id}/history` - Get agent execution history (requires authentication)
 - `POST /api/v1/workflows/execute` - Execute workflows
 - `GET /api/v1/metrics` - System performance metrics
 
+> **Note:** All `/api/v1/agents*` endpoints require Bearer token authentication. Set the `API_AUTH_TOKEN` environment variable and use the header:
+> `Authorization: Bearer <your-token>`
+
 #### Example Usage
 
 ```bash

crates/runtime/src/api/middleware.rs

@@ -6,11 +6,37 @@
 #[cfg(feature = "http-api")]
 use axum::{extract::Request, http::StatusCode, middleware::Next, response::Response};
 
-/// Authentication middleware (placeholder)
+/// Authentication middleware for bearer token validation
 #[cfg(feature = "http-api")]
 pub async fn auth_middleware(request: Request, next: Next) -> Result<Response, StatusCode> {
-    // TODO: Implement actual authentication logic
-    // For now, just pass through all requests
+    // Extract the Authorization header
+    let headers = request.headers();
+    let auth_header = headers.get("authorization");
+    
+    // Check if Authorization header is present
+    let auth_value = match auth_header {
+        Some(value) => value.to_str().map_err(|_| StatusCode::UNAUTHORIZED)?,
+        None => return Err(StatusCode::UNAUTHORIZED),
+    };
+    
+    // Check if it's a Bearer token
+    if !auth_value.starts_with("Bearer ") {
+        return Err(StatusCode::UNAUTHORIZED);
+    }
+    
+    // Extract the token part (after "Bearer ")
+    let token = &auth_value[7..];
+    
+    // Get the expected token from environment variable
+    let expected_token = std::env::var("API_AUTH_TOKEN")
+        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
+    
+    // Validate the token
+    if token != expected_token {
+        return Err(StatusCode::UNAUTHORIZED);
+    }
+    
+    // Token is valid, proceed with the request
     Ok(next.run(request).await)
 }
 

crates/runtime/src/api/routes.rs

@@ -16,7 +16,7 @@ use std::sync::Arc;
 use super::traits::RuntimeApiProvider;
 
 #[cfg(feature = "http-api")]
-use super::types::{AgentStatusResponse, ErrorResponse, WorkflowExecutionRequest};
+use super::types::{AgentStatusResponse, CreateAgentRequest, CreateAgentResponse, DeleteAgentResponse, ErrorResponse, ExecuteAgentRequest, ExecuteAgentResponse, GetAgentHistoryResponse, UpdateAgentRequest, UpdateAgentResponse, WorkflowExecutionRequest};
 
 #[cfg(feature = "http-api")]
 use crate::types::AgentId;
@@ -99,3 +99,100 @@ pub async fn get_metrics(
         )),
     }
 }
+
+/// Create agent endpoint handler
+#[cfg(feature = "http-api")]
+pub async fn create_agent(
+    State(provider): State<Arc<dyn RuntimeApiProvider>>,
+    Json(request): Json<CreateAgentRequest>,
+) -> Result<Json<CreateAgentResponse>, (StatusCode, Json<ErrorResponse>)> {
+    match provider.create_agent(request).await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(ErrorResponse {
+                error: e.to_string(),
+                code: "AGENT_CREATION_FAILED".to_string(),
+                details: None,
+            }),
+        )),
+    }
+}
+
+/// Update agent endpoint handler
+#[cfg(feature = "http-api")]
+pub async fn update_agent(
+    State(provider): State<Arc<dyn RuntimeApiProvider>>,
+    Path(agent_id): Path<String>,
+    Json(request): Json<UpdateAgentRequest>,
+) -> Result<Json<UpdateAgentResponse>, (StatusCode, Json<ErrorResponse>)> {
+    match provider.update_agent(agent_id, request).await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(ErrorResponse {
+                error: e.to_string(),
+                code: "AGENT_UPDATE_FAILED".to_string(),
+                details: None,
+            }),
+        )),
+    }
+}
+
+/// Delete agent endpoint handler
+#[cfg(feature = "http-api")]
+pub async fn delete_agent(
+    State(provider): State<Arc<dyn RuntimeApiProvider>>,
+    Path(agent_id): Path<String>,
+) -> Result<Json<DeleteAgentResponse>, (StatusCode, Json<ErrorResponse>)> {
+    match provider.delete_agent(agent_id).await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(ErrorResponse {
+                error: e.to_string(),
+                code: "AGENT_DELETION_FAILED".to_string(),
+                details: None,
+            }),
+        )),
+    }
+}
+
+/// Execute agent endpoint handler
+#[cfg(feature = "http-api")]
+pub async fn execute_agent(
+    State(provider): State<Arc<dyn RuntimeApiProvider>>,
+    Path(agent_id): Path<String>,
+    Json(request): Json<ExecuteAgentRequest>,
+) -> Result<Json<ExecuteAgentResponse>, (StatusCode, Json<ErrorResponse>)> {
+    match provider.execute_agent(agent_id, request).await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(ErrorResponse {
+                error: e.to_string(),
+                code: "AGENT_EXECUTION_FAILED".to_string(),
+                details: None,
+            }),
+        )),
+    }
+}
+
+/// Get agent execution history endpoint handler
+#[cfg(feature = "http-api")]
+pub async fn get_agent_history(
+    State(provider): State<Arc<dyn RuntimeApiProvider>>,
+    Path(agent_id): Path<String>,
+) -> Result<Json<GetAgentHistoryResponse>, (StatusCode, Json<ErrorResponse>)> {
+    match provider.get_agent_history(agent_id).await {
+        Ok(response) => Ok(Json(response)),
+        Err(e) => Err((
+            StatusCode::INTERNAL_SERVER_ERROR,
+            Json(ErrorResponse {
+                error: e.to_string(),
+                code: "AGENT_HISTORY_FAILED".to_string(),
+                details: None,
+            }),
+        )),
+    }
+}

crates/runtime/src/api/server.rs

@@ -92,22 +92,33 @@ impl HttpApiServer {
 
     /// Create the Axum router with all routes and middleware
     fn create_router(&self) -> Router {
-        use axum::routing::{get, post};
+        use axum::routing::{get, post, put};
 
         let mut router = Router::new().route("/api/v1/health", get(health_check));
 
         // Add stateful routes if we have a runtime provider
         if let Some(provider) = &self.runtime_provider {
-            use super::routes::{execute_workflow, get_agent_status, list_agents, get_metrics};
+            use super::routes::{create_agent, delete_agent, execute_agent, execute_workflow, get_agent_history, get_agent_status, list_agents, get_metrics, update_agent};
+            use super::middleware::auth_middleware;
+            use axum::middleware;
 
-            let stateful_router = Router::new()
-                .route("/api/v1/workflows/execute", post(execute_workflow))
-                .route("/api/v1/agents", get(list_agents))
+            // Agent routes that require authentication
+            let agent_router = Router::new()
+                .route("/api/v1/agents", get(list_agents).post(create_agent))
                 .route("/api/v1/agents/:id/status", get(get_agent_status))
+                .route("/api/v1/agents/:id", put(update_agent).delete(delete_agent))
+                .route("/api/v1/agents/:id/execute", post(execute_agent))
+                .route("/api/v1/agents/:id/history", get(get_agent_history))
+                .layer(middleware::from_fn(auth_middleware))
+                .with_state(provider.clone());
+            
+            // Other routes without authentication
+            let other_router = Router::new()
+                .route("/api/v1/workflows/execute", post(execute_workflow))
                 .route("/api/v1/metrics", get(get_metrics))
                 .with_state(provider.clone());
 
-            router = router.merge(stateful_router);
+            router = router.merge(agent_router).merge(other_router);
         }
 
         // Add middleware conditionally

crates/runtime/src/api/traits.rs

@@ -10,7 +10,7 @@ use async_trait::async_trait;
 use crate::types::{AgentId, RuntimeError};
 
 #[cfg(feature = "http-api")]
-use super::types::{AgentStatusResponse, WorkflowExecutionRequest};
+use super::types::{AgentStatusResponse, CreateAgentRequest, CreateAgentResponse, DeleteAgentResponse, ExecuteAgentRequest, ExecuteAgentResponse, GetAgentHistoryResponse, UpdateAgentRequest, UpdateAgentResponse, WorkflowExecutionRequest};
 
 /// Trait providing API access to core runtime functionalities
 #[cfg(feature = "http-api")]
@@ -39,4 +39,36 @@ pub trait RuntimeApiProvider: Send + Sync {
 
     /// Get runtime system metrics
     async fn get_metrics(&self) -> Result<serde_json::Value, RuntimeError>;
+
+    /// Create a new agent with the given configuration
+    async fn create_agent(
+        &self,
+        request: CreateAgentRequest,
+    ) -> Result<CreateAgentResponse, RuntimeError>;
+
+    /// Update an existing agent with the given configuration
+    async fn update_agent(
+        &self,
+        agent_id: String,
+        request: UpdateAgentRequest,
+    ) -> Result<UpdateAgentResponse, RuntimeError>;
+
+    /// Delete an existing agent
+    async fn delete_agent(
+        &self,
+        agent_id: String,
+    ) -> Result<DeleteAgentResponse, RuntimeError>;
+
+    /// Execute an agent with the given request
+    async fn execute_agent(
+        &self,
+        agent_id: String,
+        request: ExecuteAgentRequest,
+    ) -> Result<ExecuteAgentResponse, RuntimeError>;
+
+    /// Get execution history for an agent
+    async fn get_agent_history(
+        &self,
+        agent_id: String,
+    ) -> Result<GetAgentHistoryResponse, RuntimeError>;
 }