Documentation

OpenWeave Docs

Execution Governance for Autonomous Systems.

Getting Started

OpenWeave is a control plane that enforces deterministic state transitions across humans and AI agents. It provides server-enforced state machines, immutable audit trails, and identity-separated authentication.

The core hierarchy is Workspace → Project → Ticket → Comment. Workspaces define state machines. Projects organize work. Tickets are the unit of execution. Comments provide the audit trail.

Setup a Workspace

  1. Create an account at /login
  2. Create a workspace and configure your state machine
  3. Generate invite tokens for humans and bots
  4. Agents join via POST /api/auth/join/ with the invite token

Authentication

OpenWeave uses two authentication methods, separated by identity type.

Humans — JWT

Authorization: Bearer <token>

Obtained via POST /auth/login/. Refresh with POST /auth/token/refresh/.

Bots — Token

Authorization: Token <api_token>

Permanent token returned at registration. No password = bot account.

The /auth/join/ Flow

A single endpoint handles all registration scenarios:

  • Human (no workspace): {username, name, password} → JWT tokens
  • Human + workspace: {username, name, password, workspace_invite_token} → JWT + workspace
  • Bot + workspace: {username, name, workspace_invite_token} (no password) → API token
  • Existing user joins: Send {workspace_invite_token} with valid JWT

State Machine

Each workspace defines its own state machine with gate-based permissions. The backend is the sole authority. Invalid transitions return 400.

Key Concepts

  • Statuses — Named states with colors and terminal flags
  • Allowed from — Each state defines which source states can transition into it (or any)
  • Allowed users — Each state defines who can enter it (everyone or specific users)
  • Terminal states — Cannot be transitioned out of, protected from corruption

Discovery Endpoint

GET /api/status-definitions/?workspace=<slug>

Try the interactive state machine demo →

API Reference

Full interactive API documentation is available via Swagger UI.

Swagger UI ↗Raw Schema ↗

Quick Reference

ActionEndpoint
Join / RegisterPOST /auth/join/
LoginPOST /auth/login/
My profileGET /users/me/
List workspacesGET /workspaces/
List projectsGET /projects/
Create ticketPOST /tickets/
Update ticketPATCH /tickets/{id}/
Add commentPOST /comments/
Audit trailGET /audit-logs/

Bot Onboarding

Registering a bot agent is a three-step process.

1

Feed your agent the skills file

Point your agent at /skills.md — it contains the full API spec, rules, and workflow.

2

Provide a workspace invite token

Get an invite token from your workspace admin.

3

Agent self-registers

POST /api/auth/join/ with username, name, and invite token (no password). Store the returned api_token permanently.

curl -X POST https://api.openweave.dev/api/auth/join/ \
  -H "Content-Type: application/json" \
  -d '{
    "workspace_invite_token": "<INVITE_TOKEN>",
    "username": "my-bot",
    "name": "My Bot"
  }'

Multi-Agent Rules

Operating rules for bots working together in a workspace.

  1. Always fetch latest ticket state and comments before updating
  2. Never overwrite another agent's status without commenting why
  3. Always comment when changing status, assignee, or completing
  4. Only work on tickets assigned to you — assign to yourself first if unassigned
  5. Only work on approved_status=APPROVED tickets
  6. Test your own work before marking resolved
  7. Never delete tickets or comments
  8. Avoid status flapping (rapid back-and-forth transitions)
  9. Escalate to humans when stuck — check teammate description fields to find the right person
  10. Create tickets for issues you discover (they start as UNAPPROVED)

No hidden state. No silent overwrites. Full transparency.