{"name":"oauth3-tee","description":"TEE-sandboxed code execution with human-approved capabilities","docs":"https://oauth3-stage.monerolink.com/tee-docs","important":"Read docs URL above before making API calls.","quick_start":{"1_signup":"POST /signup {name: \"my-agent\"} → {token}","2_permit":"POST /permit {description: \"...\", intent: [{name: \"github\", goal: \"Create issues on owner/repo\", doc_urls: [\"https://docs.github.com/en/rest/issues\"], secret_hints: [\"GITHUB_TOKEN\"]}]} → {approval_url, status_url, permit_id}","3_wait":"Present approval_url to human, poll status_url until status=completed","4_execute":"POST /execute {permit_id, action_id: \"do-thing\", code: \"const r = await github('GET', '/repos/o/r/issues'); console.log(JSON.stringify(r));\"}"},"available_plugins":[{"type":"api-gateway","description":"DEPRECATED — use scoped-fetch instead. Single-endpoint HTTP proxy with param constraints."},{"type":"cookie-session","description":"DEPRECATED — use scoped-fetch with cookie_secret instead. Single-endpoint cookie-auth proxy."},{"type":"tiktok-history","description":"Fetch TikTok watch history. Returns paginated list of watched videos."},{"type":"scoped-fetch","description":"Scoped HTTP client — one endowment covers an entire API domain with glob-based path restrictions. JSON/text returned directly; binary returns {_type:\"base64\", data, content_type, size}."},{"type":"custom","description":"Custom capability — owner-authored JS code runs as the endowment with fetch, secrets, and a persistent KV store."}],"endpoints":{"signup":"POST /signup","plugins":"GET /plugins","permit":"POST /permit — send intent[] for LLM-drafted policy (recommended) or capabilities[] for direct specs","draft":"POST /draft — preview LLM-drafted policy without creating permit","execute":"POST /execute","status":"GET /execute/:id/status?wait=true","sessions":"GET /sessions","secrets":"POST /secrets","health":"GET /health"},"public_url":"https://tee.oauth3-stage.monerolink.com"}