Appearance

Sibyl API Reference

Sibyl provides a dual-interface API: an eleven-tool MCP interface for assistant clients and automation, plus a full REST API for applications and integrations. Both surfaces are served by the same daemon (sibyld) and share one SurrealDB-native runtime for graph, content, and auth.

Architecture Overview 

Sibyl Combined App (Starlette, port 3334)
|-- /api/*    --> FastAPI REST endpoints (26 routers)
|-- /mcp      --> MCP streamable-http transport (11 tools, 2 resources)
|-- /ws       --> WebSocket for real-time updates
'-- Lifespan  --> Coordination runtime + session management

The coordination runtime is in-process by default. Set SIBYL_COORDINATION_BACKEND=redis for multi-process or distributed worker deployments.

Base URL

EnvironmentBase URL
Local Developmenthttp://localhost:3334
Productionhttps://api.your-domain.com

API Interfaces

MCP Tools (for Assistant Clients)

The MCP interface exposes eleven tools that cover discovery, context, capture, synthesis, and administration. Tools are registered in apps/api/src/sibyl/server.py.

ToolPurposeDocumentation
searchSemantic search across knowledge graph and documentsmcp-search.md
contextCompile a structured context pack for an agent goalmcp-context.md
synthesis_planPlan a source-grounded synthesis outlinemcp-synthesis.md
synthesis_draftDraft, verify, and optionally remember a synthesis artifactmcp-synthesis.md
synthesis_verifyVerify citation, freshness, hidden-context, and gap coveragemcp-synthesis.md
exploreNavigate and browse graph structuremcp-explore.md
addCreate new knowledge entitiesmcp-add.md
rememberCapture durable memory with verbatim raw provenancemcp-remember.md
reflectReflect raw notes into reviewable memory candidatesmcp-reflect.md
manageLifecycle operations and administrationmcp-manage.md
logsRecent server logs (OWNER role)mcp-logs.md

MCP Endpoint: POST /mcp (streamable-http transport)

The MCP server also exposes two resources: sibyl://health (connectivity and entity counts) and sibyl://stats (knowledge graph statistics).

REST API (for Applications)

The REST API spans 26 routers. The pages below cover the most commonly used surfaces; the full contract is in the OpenAPI schema.

CategoryEndpointsDocumentation
Entities/api/entities/*rest-entities.md
Tasks/api/tasks/*rest-tasks.md
Projects/api/entities?entity_type=projectrest-projects.md
Search/api/search, /api/search/explorerest-search.md
Memory/api/memory/*, /api/context/*rest-memory.md
Synthesis/api/synthesis/*rest-synthesis.md

Additional routers not covered by dedicated pages include auth, users, epics, graph, crawler, rag, resolve, jobs, backups, settings, metrics, admin, logs, orgs, org_members, org_invitations, project_members, session, and setup. All are described in the OpenAPI schema.

OpenAPI Spec: Available at /api/docs (Swagger UI) and /api/openapi.json

Authentication & Authorization

Sibyl supports multiple authentication methods and role-based access control:

TopicDescriptionDocumentation
JWT SessionsWeb clients, browser-based appsauth-jwt.md
API KeysProgrammatic access, CI/CDauth-api-keys.md
OAuth (GitHub)Social loginauth-jwt.md
AuthorizationRoles, permissions, RLSauth-authorization.md

Quick Start

For REST API:

bash
# Using JWT token (from login)
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
  https://api.example.com/api/entities

# Using API key
curl -H "Authorization: Bearer sk_live_abc123..." \
  https://api.example.com/api/entities

For MCP:

bash
# API key with mcp scope
curl -X POST https://api.example.com/mcp \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "search", "arguments": {"query": "OAuth patterns"}}}'

Multi-Tenancy

Sibyl is multi-tenant by design, with separate isolation models for graph memory and shared runtime tables. Each organization gets a dedicated graph namespace (org_<uuid_hex>). Content and auth records live in shared SurrealDB namespaces and are scoped by organization_id, table permissions, and the API policy layer.

  • Isolated SurrealDB graph namespace per organization
  • Org-scoped content and auth records in shared namespaces
  • Scoped API and MCP access

Organization Context:

  • JWT tokens include org claim with organization ID
  • API keys are scoped to specific organizations
  • Graph queries route to the resolved organization namespace
  • Content and auth queries carry explicit organization predicates

Rate Limiting

REST endpoints are rate-limited using SlowAPI:

TierLimit
Default100 requests/minute
Search30 requests/minute
Auth5 requests/minute
Crawl10 requests/minute

Rate limit headers are included in responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704067200

WebSocket Events

Real-time updates are available via WebSocket at /ws:

javascript
const ws = new WebSocket("wss://api.example.com/ws?token=YOUR_TOKEN");

ws.onmessage = (event) => {
  const data = JSON.parse(event.data);
  // Event types: entity_created, entity_updated, entity_deleted,
  // crawl_started, crawl_progress, crawl_complete, etc.
};

Error Responses

All errors follow a consistent format:

json
{
  "detail": "Human-readable error message"
}
Status CodeMeaning
400Bad Request - Invalid parameters
401Unauthorized - Missing or invalid credentials
403Forbidden - Insufficient permissions
404Not Found - Resource doesn't exist
409Conflict - Resource locked or concurrent update
422Validation Error - Request body validation failed
429Too Many Requests - Rate limit exceeded
500Internal Server Error

Configuration

Required Environment Variables

bash
SIBYL_OPENAI_API_KEY=sk-...       # For embeddings
SIBYL_JWT_SECRET=...              # For authentication

Optional Configuration

bash
SIBYL_LOG_LEVEL=INFO
SIBYL_EMBEDDING_MODEL=text-embedding-3-small
SIBYL_MCP_AUTH_MODE=auto  # auto, on, or off

Next Steps

Released under the Apache-2.0 License.

Copyright © 2024-2026 Stefanie Jane