The Sage server exposes a REST API used by the client and the agent to manage the full proposal lifecycle — from sponsored creation and risk scoring to autonomous execution, deep analysis, and policy configuration.Documentation Index
Fetch the complete documentation index at: https://sage-f6b5014e.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
| Environment | URL |
|---|---|
| Local | http://localhost:3001 |
| Production | https://api.trysage.xyz |
Authentication
Routes are guarded by a singleauth middleware that accepts either:
- Agent / server-to-server —
Authorization: Bearer $AGENT_SECRET(the shared secret) - End user —
Authorization: Bearer <privy-jwt>(verified against the Privy app)
/portfolio, /tokens, /events) are public; the rest require a bearer token.
Endpoints
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST | /sponsor/create | ✓ | Create (or resolve) the user’s multisig + vault, server-paid |
POST | /sponsor/send | ✓ | Add the server fee-payer signature and broadcast a user-signed tx |
POST | /sponsor/close | ✓ | Reclaim rent from completed proposal accounts |
POST | /queue | ✓ | Register a proposal, run risk analysis, return the verdict |
POST | /execute | ✓ | Server co-signs and broadcasts vaultTransactionExecute |
GET | /transactions | ✓ | List proposals for a vault |
GET | /transactions/:id | ✓ | Fetch one proposal (score, verdict, status) |
PATCH | /transactions/:id | ✓ | Reject or mark a proposal for review |
GET | /analyze/:id | ✓ | Deep security analysis (GoPlus, Rugcheck, threat intel) |
GET | /status | ✓ | Screening mode, Telegram config, learned patterns |
PATCH | /status | ✓ | Update screening mode and policy limits |
GET | /rules | ✓ | List custom policy rules |
POST PATCH DELETE | /rules/:id | ✓ | Manage custom policy rules |
GET | /portfolio | — | Live portfolio via Zerion |
GET | /tokens | — | Token metadata |
GET | /events | — | Behavioral event log |
POST | /notify-resolve | ✓ | Update a Telegram notification after approve/reject |
POST | /bot-ping | — | Link a Telegram chat to a vault on /start |
POST | /telegram-webhook | — | Telegram message webhook |
GET | /health | — | Health check |
The server self-calls
/execute and /sponsor/close over localhost using AGENT_SECRET, so the same secret powers both the agent and internal server-to-server flows.