Minimal Protocol
The protocol a CLI client speaks to Olyx Cloud is intentionally narrow.
The protocol has three responsibilities:
| Responsibility | What the client does |
|---|---|
| Discover policy | Fetch config and apply distribution, guardrail, and replay settings. |
| Create trace work | Send a small trace envelope with safe metadata or an opaque local reference. |
| Coordinate replay | Queue replay jobs and poll until a terminal status is reached. |
This public protocol covers the CLI control-plane contract. For cloud deployments, Olyx Cloud may retain public or anonymized telemetry according to project policy. For Enterprise private deployments, provider secrets stay customer-side and private payloads are not stored by Olyx Cloud unless the deployment is explicitly configured to allow that boundary.
Trace IDs are opaque UUIDs in the current backend, and replay job IDs are opaque hex strings. Clients should treat both as unlabeled identifiers rather than trying to infer meaning from their shape.
Control Plane Calls
All public protocol calls use HTTPS and a project-scoped API key.
Authorization: Bearer ak_...
Accept: application/json
Content-Type: application/jsonThe default control-plane URL is:
https://app.olyxai.ioProtocol Sequence
The integration surface is intentionally narrow:
GET /api/v1/configto discover policy.POST /api/v1/tracesto register a unit of work.- Local model or workflow execution in the customer environment.
PATCH /api/v1/traces/{trace_id}/completeorPOST /api/v1/replayafter the work finishes.
Request Conventions
Every request should include:
Authorization: Bearer ak_...
Accept: application/json
Content-Type: application/json
User-Agent: olyx-cli/0.1Clients should send JSON request bodies and expect JSON responses. Unknown response fields should be ignored so the control plane can add optional fields without breaking older clients.
Idempotency
For operations that create work, send an idempotency key when retrying after a timeout:
Idempotency-Key: trace-create-01J2Z9F7J8S8CZ1K2YQ9M9P7TXRecommended keys:
| Operation | Suggested key |
|---|---|
| Create trace | Stable local request ID. |
| Complete trace | Trace ID plus completion attempt. |
| Queue replay | Trace ID plus replay configuration hash. |
If a request times out before a response is received, retry with the same idempotency key instead of creating duplicate work.
Example idempotent trace create:
POST /api/v1/traces
Idempotency-Key: trace-create-checkout-01J6AH...Discover Configuration
GET /api/v1/configThe endpoint name is kept for compatibility, but CLI clients should read the distribution object.
{
"offline_testing": false,
"enterprise_compute": {
"enabled": false,
"mode": "standard",
"compute_backend": "ruby",
"accelerated_primitives": [],
"runtime_boundary": "olyx_cloud"
},
"guardrails": {
"max_input_length": 10000,
"pii_threshold": 0.7,
"injection_block": true,
"secret_action": "alert"
},
"runtime_failover": {
"preferred_runtime": "cloud",
"fallback_order": ["cloud"],
"edge_fallback": {
"enabled": false,
"targets": [],
"fail_closed": false
},
"cloud_fallback": {
"enabled": true,
"mode": "cloud-primary",
"requires_redaction": false,
"require_customer_kms": false,
"require_admin_approval": false,
"raw_payloads_allowed": true,
"provider_secrets_allowed": false
},
"data_boundary": "olyx_cloud",
"fail_closed": false
},
"distribution": {
"project_id": 123,
"distribution_channel": "cli",
"telemetry_mode": "anonymized",
"payload_storage_mode": "cloud_anonymized",
"payload_retained": true,
"replay_execution_mode": "cloud",
"secrets_boundary": "customer_environment",
"cloud_payloads": true,
"local_ref_required": false
},
"runtime_activation": {
"url": "/api/v1/runtime/activation",
"signature_algorithm": "EdDSA",
"envelope_format": "jws_compact_json",
"public_key_distribution": "response_keyring"
}
}Clients should fetch configuration during startup and cache it briefly. Refresh the configuration before creating high-volume traces or queueing replay jobs so policy changes are respected.
Recommended cache behavior:
| Situation | Behavior |
|---|---|
| CLI one-off command | Fetch config for each command. |
| Long-running process | Cache for 60 seconds, then refresh. |
401, 403, or unknown mode | Stop and surface the error. |
| Network timeout | Retry with backoff, then fail closed. |
Example startup policy fetch:
curl https://app.olyxai.io/api/v1/config \
-H "Authorization: Bearer $OLYX_API_KEY" \
-H "Accept: application/json"Clients should treat these fields as required for safe public behavior:
| Field | Required behavior |
|---|---|
distribution.telemetry_mode | Decide whether raw payload data may be sent. |
distribution.payload_storage_mode | Decide whether payloads, anonymized payloads, or only references are allowed. |
distribution.local_ref_required | Require a customer-side reference before creating a trace. |
guardrails.max_input_length | Validate bounded inputs before sending trace metadata. |
guardrails.secret_action | Decide whether secret findings alert, redact, or block. |
Across cloud and enterprise deployments, clients should assume provider credentials remain in the customer environment. The control plane does not require provider API keys in order to issue config, accept traces, or coordinate replay.
Trace Lifecycle
Create a trace:
POST /api/v1/traces{
"metadata": {
"source": "olyx-cli",
"feature": "support"
}
}Response:
{
"id": "trace_01J6AF...",
"status": "pending",
"metadata": {
"source": "olyx-cli",
"feature": "support"
},
"created_at": "2026-06-03T14:12:09Z",
"revenue": null,
"distribution": {
"distribution_channel": "cli",
"telemetry_mode": "anonymized",
"payload_storage_mode": "cloud_anonymized",
"payload_retained": true,
"replay_execution_mode": "cloud",
"local_ref": null
}
}Create trace request fields:
| Field | Type | Required | Notes |
|---|---|---|---|
metadata | object | No | Small routing and grouping fields. |
local_ref | string | Conditional | Opaque customer-side reference when required by policy. |
distribution_channel | string | No | Public clients use cli; omitted requests are inferred from project policy. |
Avoid storing unbounded or sensitive values in metadata. If a value is needed for your own replay store, put it behind a local_ref instead.
Recommended metadata keys:
| Key | Example | Notes |
|---|---|---|
source | checkout-worker | Service or process name. |
environment | production | Deployment environment. |
feature | refund-assistant | Product feature or workflow. |
routing_tier | medium | Project-defined routing hint. |
policy_decision | allowed | Local policy outcome. |
State transitions:
| From | To | Meaning |
|---|---|---|
pending | completed | Local work finished successfully. |
pending | failed | Local work failed or timed out. |
pending | canceled | Work was intentionally stopped. |
Complete a trace:
PATCH /api/v1/traces/{trace_id}/completeNo request body is required. Trace completion should be called once the local work finishes. The server marks the trace complete and refreshes the computed metrics from the recorded steps.
Retrieve a trace:
GET /api/v1/traces/{trace_id}Clients should treat trace IDs as opaque strings. Do not parse IDs to infer creation time, project, or storage location.
Replay Lifecycle
Queue a replay:
POST /api/v1/replay{
"trace_id": "trace_01J6AF..."
}Poll a replay job:
GET /api/v1/replay/{job_id}Replay responses are asynchronous. A job can be queued, running, completed, or failed.
Example queued response:
{
"job_id": "job_01J6AG...",
"source_trace_id": "trace_01J6AF...",
"status": "queued"
}Example completed response:
{
"job_id": "job_01J6AG...",
"source_trace_id": "trace_01J6AF...",
"status": "completed",
"summary": {
"baseline_model": "standard-model",
"candidate_model": "frontier-model",
"latency_delta_ms": -120,
"cost_delta": "0.0008"
}
}Polling guidance:
| Attempt | Delay |
|---|---|
| 1-3 | 1 second |
| 4-10 | 2 seconds |
| 11+ | 5 seconds |
Stop polling on completed, failed, canceled, 401, 403, or 404.
Example polling loop:
for delay in 1 1 2 2 5 5; do
curl "https://app.olyxai.io/api/v1/replay/${JOB_ID}" \
-H "Authorization: Bearer $OLYX_API_KEY" \
-H "Accept: application/json"
sleep "$delay"
doneTelemetry Modes
| Mode | Public meaning |
|---|---|
public | Olyx Cloud may retain normal telemetry for the project. |
anonymized | Olyx Cloud should retain anonymized telemetry and avoid raw user identifiers. |
Clients should fail closed on unknown telemetry modes and ask the operator to upgrade the CLI.
When telemetry is anonymized, remove or replace:
| Data | Recommended treatment |
|---|---|
| Raw prompts | Store locally and send local_ref, or send a short safe summary. |
| Completions | Store locally and send bounded outcome metadata. |
| User identifiers | Use internal IDs, hashes, or omit them. |
| Tool payloads | Send tool names, status, and counts instead of bodies. |
| Provider secrets | Never send. |
Practical interpretation:
| Project mode | Recommended trace strategy |
|---|---|
public | Metadata-first traces work for most deployments; compatibility traffic follows project policy. |
anonymized | Prefer anonymized metadata or local_ref over raw payload storage. |
Validation Rules
Public clients should enforce basic request validation before sending data:
| Field | Rule |
|---|---|
metadata | JSON object, not an array or string. |
metadata keys | Stable strings using letters, numbers, _, or -. |
metadata values | Small scalar values when possible. |
local_ref | Opaque string, meaningful only to the customer environment. |
trace_id | Non-empty opaque string returned by Olyx. |
If policy includes max_input_length, validate locally before sending trace payload references or metadata that represents input size.
Fail closed when:
| Condition | Reason |
|---|---|
| API key is missing or malformed | The client cannot determine project policy. |
| Config cannot be fetched after retries | The client cannot know current telemetry or replay mode. |
Required local_ref is missing | Cloud should not receive payload data without a customer-side pointer. |
| Unknown enum value is returned | The CLI may be older than the project policy. |
Input exceeds guardrails.max_input_length | The request violates project policy before trace creation. |
Error Shape
Most errors return:
{
"error": "message",
"code": "machine_code",
"request_id": "request-id"
}Common status codes:
| Status | Meaning |
|---|---|
401 | Missing, malformed, or revoked API key. |
403 | Key is valid but not allowed to perform the action. |
404 | Resource does not exist or does not belong to the authenticated project. |
422 | Request shape or override is invalid. |
429 | Rate limit, spend limit, or circuit breaker. |
Example protocol-level auth failure:
{
"error": "Unauthorized",
"code": "unauthorized",
"request_id": "req_01J6AJ..."
}Retry Rules
| Status | Retry? | Notes |
|---|---|---|
400 | No | Fix the request shape. |
401 | No | Rotate or provide a valid key. |
403 | No | Key is not allowed for the action. |
404 | No | Verify project and resource IDs. |
409 | Usually | Safe to retry with the same idempotency key. |
422 | No | Fix validation errors. |
429 | Yes | Respect Retry-After when present. |
500, 502, 503, 504 | Yes | Retry with exponential backoff and jitter. |
What To Read Next
- Quick Start — run the protocol steps interactively in under 5 minutes.
- Policy Schema — full field reference for the config response your client receives.
- Auth — API key formats, scoping, and rotation.
- API Endpoints — complete list of supported operations and request shapes.