Ingestion API¶

The Ingestion API analyzes agent source code to automatically detect tools, model providers, secrets, outbound destinations, and dependencies. This powers the deploy wizard's auto-wiring feature and can be used standalone for code analysis.

Analyze Source Files¶

POST /analyze

Analyze source files to detect tools, models, secrets, and dependencies. Results are cached for 1 hour.

Request Body¶

curl -X POST https://api.runagents.io/analyze \
  -H "Authorization: Bearer $RUNAGENTS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "files": {
      "agent.py": "import openai\nimport requests\n\nclient = openai.OpenAI()\n\ndef run():\n    # Call Stripe API\n    resp = requests.get(\"https://api.stripe.com/v1/charges\",\n        headers={\"Authorization\": \"Bearer sk_live_abc123\"})\n    \n    # Get LLM response\n    completion = client.chat.completions.create(\n        model=\"gpt-4o\",\n        messages=[{\"role\": \"user\", \"content\": \"Summarize charges\"}]\n    )\n    return completion.choices[0].message.content\n"
    }
  }'

import requests

with open("agent.py") as f:
    code = f.read()

resp = requests.post(
    "https://api.runagents.io/analyze",
    headers={"Authorization": f"Bearer {api_key}"},
    json={"files": {"agent.py": code}},
)
analysis = resp.json()
print(f"Detected tools: {[t['name'] for t in analysis['tools']]}")
print(f"Detected models: {[m['model'] for m in analysis['model_providers']]}")
print(f"Secrets found: {len(analysis['secrets'])}")

Response (201 Created)¶

{
  "id": "analysis-a1b2c3d4",
  "tools": [
    {
      "name": "stripe-api",
      "base_url": "https://api.stripe.com",
      "file": "agent.py",
      "line": 8
    }
  ],
  "model_providers": [
    {
      "provider": "openai",
      "model": "gpt-4o"
    }
  ],
  "model_usages": [
    {
      "role": "default",
      "variable_name": "client",
      "file": "agent.py",
      "line": 3
    }
  ],
  "secrets": [
    {
      "type": "api_key",
      "file": "agent.py",
      "line": 9,
      "severity": "high"
    }
  ],
  "outbound_destinations": [
    "api.stripe.com",
    "api.openai.com"
  ],
  "detected_requirements": [
    "openai>=1.0",
    "requests"
  ],
  "entry_point": "agent.py",
  "system_prompt_suggestion": "You are a payment data analyst that summarizes charge information."
}

Response Fields¶

Tool Detection¶

Model Usage Detection¶

Secret Detection¶

Retrieve Cached Analysis¶

GET /analysis/:id

Retrieve a previously computed analysis result. Results are cached for 1 hour.

Path Parameters¶

curl https://api.runagents.io/analysis/analysis-a1b2c3d4 \
  -H "Authorization: Bearer $RUNAGENTS_API_KEY"

Response (200 OK)¶

Returns the same analysis result object as the POST response.

Errors¶

Detect Requirements¶

POST /requirements

Detect Python package requirements and entry point from source files. This is a lightweight endpoint that skips full analysis.

Request Body¶

curl -X POST https://api.runagents.io/requirements \
  -H "Authorization: Bearer $RUNAGENTS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "files": {
      "agent.py": "from langchain.chat_models import ChatOpenAI\nfrom langchain.agents import initialize_agent\nimport requests\n",
      "utils.py": "import pandas as pd\nimport numpy as np\n"
    }
  }'

Response (200 OK)¶

{
  "requirements": [
    "langchain",
    "openai>=1.0",
    "requests",
    "pandas",
    "numpy"
  ],
  "entry_point": "agent.py"
}

Detected Frameworks¶

The ingestion engine detects 9+ SDK frameworks and adapts its analysis accordingly:

Two-Layer Analysis¶

1. Base layer (always runs): AST parsing + regex pattern matching. Detects imports, URLs, API keys, and framework-specific patterns.
2. LLM enrichment (optional): When enabled, uses an LLM to provide deeper analysis -- understanding intent, suggesting system prompts, and identifying non-obvious tool usage.