Documentation - Dooor OS

Harbor - AI Governance

Harbor is the AI governance layer (powered by CortexDB) built into Dooor OS. Every app you deploy gets full observability, guardrails and an immutable audit trail for free - no SDK setup, no extra config. You just read two env vars that are already in your container.

How it works (zero-config)

Harbor is provisioned automatically the first time your app is deployed. The platform creates a private CortexDB database, mints an API key, and injects two environment variables into your container:

Name	Type	Required	Description
CORTEXDB_CONNECTION	string	optional	Full connection string in the form cortexdb://<api_key>@<host>/<database>. This is the credential your app code uses to talk to Harbor.
HARBOR_PROJECT	string	optional	The App ID, used by the Dooor AI toolkit and the Harbor proxy to tag every trace, eval and guard block to your app.

Lifecycle

bash

git push                            # you push code
  -> Build (Kaniko / Cloud Build)
  -> Deployment event fires
  -> Harbor listener auto-provisions:
       * creates CortexDB database
       * mints scoped API key
       * sets CORTEXDB_CONNECTION + HARBOR_PROJECT
  -> Your container starts with both env vars already set
  -> Every AI call you make is traced, evaluated and guard-checked.

No manual step. You never have to call the provision endpoint by hand. It runs on every deploy and is idempotent - re-deploys keep the same database and rotate the key only if it's missing.

Use Harbor in your app

Pick the path that matches your stack. Both ship identical traces, evals and guard blocks to Harbor.

LangChain users — createAutoLlm wraps any LangChain chat model with one line. Reads CORTEXDB_CONNECTION and HARBOR_PROJECT from env, pulls the per-database guards/evals config from Harbor on boot, and instruments every .invoke() / .stream(). This is the only truly zero-config path.
Everyone else (OpenAI SDK, Anthropic SDK, Gemini SDK, raw HTTP) — configureCortexDBFromConnectionString once at boot (still reads the env var), then call logTrace(...) after each LLM call. Two lines of plumbing, then a normal trace object per call.

bash

// Not using LangChain (OpenAI SDK, Anthropic SDK, Gemini SDK, raw HTTP)?
//   npm install @dooor-ai/toolkit
//
// configureCortexDBFromConnectionString once at boot (reads the env var).
// Then wrap each LLM call with logTrace. No proxy URL to remember —
// the toolkit handles routing to the right CortexDB database.

import {
  configureCortexDBFromConnectionString,
  logTrace,
} from "@dooor-ai/toolkit"
import OpenAI from "openai"

configureCortexDBFromConnectionString(process.env.CORTEXDB_CONNECTION!)
const openai = new OpenAI()

const start = Date.now()
const res = await openai.chat.completions.create({
  model: "gpt-4o-mini",
  messages: [{ role: "user", content: "Hello" }],
})

await logTrace(
  {
    traceId: crypto.randomUUID(),
    input: "Hello",
    output: res.choices[0].message.content ?? "",
    model: "gpt-4o-mini",
    latency: Date.now() - start,
    tokens: {
      prompt: res.usage?.prompt_tokens ?? 0,
      completion: res.usage?.completion_tokens ?? 0,
      total: res.usage?.total_tokens ?? 0,
    },
    timestamp: new Date(),
  },
  { project: process.env.HARBOR_PROJECT },
)

What you get for free

Every call routed through Harbor is automatically:

Traced - request, response, model, tokens, latency, cost - queryable via the Harbor dashboard or the Traces API below.
Evaluated - relevance, safety, policy compliance scores attached to the trace.
Guard-checked - PII detection, prompt injection, toxicity and custom guards run pre and post-call. Blocked calls show up under Guard Blocks.
Audit-logged - immutable trail of every prompt, response and guard decision, scoped to your workspace.

Programmatic access

The endpoints below are for dashboards, internal tooling and admin scripts - not for the request path of your app. Use a workspace API key (dor_sk_*). App-scoped Harbor endpoints live under /workspaces/{workspaceId}/harbor/apps/{appId}/. Global guard-template endpoints live under /harbor/guard-templates.

Analytics Summary

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/summary

Returns aggregate analytics for all AI calls made through Harbor for a given time range.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range. Default: 7 days ago.
end	string (ISO 8601)	optional	End of the time range. Default: now.

Response

json

{
  "appId": "app_01hx...",
  "period": {
    "start": "2025-01-13T00:00:00Z",
    "end": "2025-01-20T00:00:00Z"
  },
  "totalCalls": 1842,
  "totalTokens": 4250000,
  "avgLatencyMs": 620,
  "totalCostUsd": 12.75,
  "blockedByGuard": 14,
  "errorRate": 0.008
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/summary?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Analytics Timeseries

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/timeseries

Returns a timeseries for a specific metric, bucketed by the given interval. Useful for rendering charts.

Query Parameters

Name	Type	Required	Description
metric	string	optional	Metric name: total_calls \| total_tokens \| avg_latency \| total_cost \| error_rate.
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.
interval	string	optional	Bucket size: 1h \| 6h \| 1d \| 7d. Default: 1h.

Response

json

{
  "metric": "total_calls",
  "interval": "1h",
  "labels": [
    "2025-01-20T00:00:00Z",
    "2025-01-20T01:00:00Z",
    "2025-01-20T02:00:00Z"
  ],
  "values": [84, 112, 97]
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/timeseries?metric=total_calls&interval=1h&start=2025-01-20T00:00:00Z&end=2025-01-20T23:59:59Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Token Usage

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/token-usage

Returns a breakdown of prompt, completion, and total token consumption for the given time range.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.

Response

json

{
  "promptTokens": 2800000,
  "completionTokens": 1450000,
  "totalTokens": 4250000
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/token-usage?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Eval Score Distribution

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/eval-distribution

Returns the score distribution across all evals run for an app in the given time range. Useful for histograms of latency/quality scores.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/eval-distribution?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Traces

GET/workspaces/{workspaceId}/harbor/apps/{appId}/traces

Returns a paginated list of AI traces recorded by Harbor for the app. Each trace represents a single AI call with full request and response detail, latency, token usage, and guard evaluation results.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Traces per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
project	string	optional	Filter by CortexDB project name.
session_id	string	optional	Filter traces by session ID.

Response

json

{
  "data": [
    {
      "traceId": "trc_01hx...",
      "sessionId": "sess_01hx...",
      "model": "gemini-3-flash-preview",
      "promptTokens": 320,
      "completionTokens": 148,
      "totalTokens": 468,
      "latencyMs": 512,
      "guardBlocked": false,
      "evalScore": 0.92,
      "createdAt": "2025-01-20T09:05:30Z"
    }
  ],
  "total": 1842,
  "limit": 20,
  "offset": 0
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/traces?limit=20&offset=0" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Get Trace

GET/workspaces/{workspaceId}/harbor/apps/{appId}/traces/{traceId}

Returns the full detail for a single trace, including the raw prompt, response, guard evaluation breakdown, and any eval scores.

Response

json

{
  "traceId": "trc_01hx...",
  "sessionId": "sess_01hx...",
  "model": "gemini-3-flash-preview",
  "prompt": "Summarize the following contract clause...",
  "response": "The clause states that...",
  "promptTokens": 320,
  "completionTokens": 148,
  "totalTokens": 468,
  "latencyMs": 512,
  "guardBlocked": false,
  "guardEvaluations": [
    {
      "guardType": "pii_detection",
      "result": "pass",
      "confidence": 0.99
    }
  ],
  "evalScore": 0.92,
  "createdAt": "2025-01-20T09:05:30Z"
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/traces/{traceId}" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Evals

GET/workspaces/{workspaceId}/harbor/apps/{appId}/evals

Returns evaluation results attached to AI traces. Evals measure output quality, safety, and policy compliance using automated scoring.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Evaluations per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
trace_id	string	optional	Filter evals for a specific trace.

Response

json

[
  {
    "id": "eval_01hx...",
    "traceId": "trc_01hx...",
    "evalType": "relevance",
    "score": 0.92,
    "passed": true,
    "details": "Response is highly relevant to the user prompt.",
    "createdAt": "2025-01-20T09:05:31Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/evals?limit=20" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Guard Blocks

GET/workspaces/{workspaceId}/harbor/apps/{appId}/guard-blocks

Returns a list of guard block instances - AI calls that were intercepted and blocked by a Harbor guard rule. Each record includes the guard type that triggered the block and the matched content.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Records per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
guard_type	string	optional	Filter by guard type: pii_detection \| prompt_injection \| toxicity \| off_topic.

Response

json

[
  {
    "id": "blk_01hx...",
    "traceId": "trc_01hx...",
    "guardType": "pii_detection",
    "blockedContent": "User sent a message containing a credit card number",
    "confidence": 0.98,
    "action": "block",
    "createdAt": "2025-01-20T10:15:00Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/guard-blocks?guard_type=pii_detection" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Guard Templates

Guard templates define reusable guard rule configurations that can be applied to any Harbor-provisioned app. Manage templates independently of apps using the following endpoints.

GET/harbor/guard-templates

Returns all guard templates available in the platform.

Response

json

[
  {
    "id": "gtpl_01hx...",
    "name": "PII Shield",
    "description": "Blocks prompts and responses containing personally identifiable information",
    "guardType": "pii_detection",
    "config": {
      "sensitivity": "high",
      "action": "block"
    },
    "createdAt": "2025-01-10T08:00:00Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/harbor/guard-templates" \
  -H "Authorization: Bearer dor_sk_your_key_here"

POST/harbor/guard-templates

Creates a new guard template.

Request Body

Name	Type	Required	Description
name	string	required	Human-readable name for the template.
description	string	optional	Description of what the guard does.
guardType	string	required	Guard type: pii_detection \| prompt_injection \| toxicity \| off_topic \| custom.
config	object	optional	Guard-specific configuration (sensitivity, action, allowlist, etc.).

bash

curl -X POST "https://os-develop.dooor.ai/api/v1/harbor/guard-templates" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Shield",
    "description": "Blocks PII in prompts and responses",
    "guardType": "pii_detection",
    "config": { "sensitivity": "high", "action": "block" }
  }'

PUT/harbor/guard-templates/{id}

Fully replaces a guard template. All fields must be provided.

bash

curl -X PUT "https://os-develop.dooor.ai/api/v1/harbor/guard-templates/{id}" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Shield v2",
    "description": "Updated PII detection with medium sensitivity",
    "guardType": "pii_detection",
    "config": { "sensitivity": "medium", "action": "redact" }
  }'

DELETE/harbor/guard-templates/{id}

Permanently deletes a guard template. Apps currently using the template will retain the last applied configuration until re-configured. Returns 204 No Content.

bash

curl -X DELETE "https://os-develop.dooor.ai/api/v1/harbor/guard-templates/{id}" \
  -H "Authorization: Bearer dor_sk_your_key_here"

# Returns 204 No Content

Observability Config

Per-app guards/evals configuration. The Dooor AI toolkit fetches this at boot to materialize guards and evals — so any change applies on the next Pod restart.

GET/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config

Returns the current guards + evals config for the app.

Response

json

{
  "guards": {
    "prompt_injection": { "enabled": true, "threshold": 0.8 },
    "sensitive_data":   { "enabled": true, "threshold": 0.7 },
    "custom_templates": [
      {
        "template_id":   "gtpl_01hx...",
        "template_name": "PII Shield",
        "enabled":       true,
        "threshold":     0.7
      }
    ]
  },
  "evals": {
    "latency": { "enabled": true, "threshold_ms": 3000, "target_ms": 800, "max_ms": 5000 }
  }
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config" \
  -H "Authorization: Bearer dor_sk_your_key_here"

PUT/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config

Partial update. Send only the fields you want to change. Both top-level keys (guards, evals) are optional, as is every nested guard/eval.

Request Body

Name	Type	Required	Description
guards	object	optional	Optional. Each guard accepts { enabled?: boolean, threshold?: number }. Recognised keys: prompt_injection, sensitive_data. To enable custom guard templates, pass guards.custom_templates as an array of { template_id, template_name, enabled, threshold }.
evals	object	optional	Optional. evals.latency accepts { enabled?, threshold_ms?, target_ms?, max_ms? }.

bash

curl -X PUT "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "guards": {
      "prompt_injection": { "enabled": true, "threshold": 0.9 }
    },
    "evals": {
      "latency": { "threshold_ms": 2000 }
    }
  }'

Re-provision Harbor (rare)

POST/workspaces/{workspaceId}/harbor/apps/{appId}/provision

Harbor is provisioned automatically on the first deploy of every app, so you should rarely need this. Call this endpoint only to force a fresh CortexDB database for an app that lost its CORTEXDB_CONNECTION env var or to recover from a partially failed deploy.

Response

json

{
  "appId": "app_01hx...",
  "harborDatabase": "doos_ws01_my_app",
  "connectionString": "cortexdb://k_***@harbor.dooor.ai/doos_ws01_my_app"
}

bash

curl -X POST "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/provision" \
  -H "Authorization: Bearer dor_sk_your_key_here"

De-provision Harbor

DELETE/workspaces/{workspaceId}/harbor/apps/{appId}/provision

Removes the Harbor integration for an app. The CortexDB project and all associated traces, evals, and guard blocks are permanently deleted. Returns 204 No Content on success.

Warning: De-provisioning is irreversible. All Harbor data for the app (traces, evals, analytics, guard blocks) will be permanently deleted. Re-provisioning will start fresh with no historical data.

bash

curl -X DELETE "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/provision" \
  -H "Authorization: Bearer dor_sk_your_key_here"

# Returns 204 No Content

Harbor - AI Governance

How it works (zero-config)

Harbor is provisioned automatically the first time your app is deployed. The platform creates a private CortexDB database, mints an API key, and injects two environment variables into your container:

Name	Type	Required	Description
CORTEXDB_CONNECTION	string	optional	Full connection string in the form cortexdb://<api_key>@<host>/<database>. This is the credential your app code uses to talk to Harbor.
HARBOR_PROJECT	string	optional	The App ID, used by the Dooor AI toolkit and the Harbor proxy to tag every trace, eval and guard block to your app.

Lifecycle

bash

git push                            # you push code
  -> Build (Kaniko / Cloud Build)
  -> Deployment event fires
  -> Harbor listener auto-provisions:
       * creates CortexDB database
       * mints scoped API key
       * sets CORTEXDB_CONNECTION + HARBOR_PROJECT
  -> Your container starts with both env vars already set
  -> Every AI call you make is traced, evaluated and guard-checked.

No manual step. You never have to call the provision endpoint by hand. It runs on every deploy and is idempotent - re-deploys keep the same database and rotate the key only if it's missing.

Use Harbor in your app

Pick the path that matches your stack. Both ship identical traces, evals and guard blocks to Harbor.

LangChain users — createAutoLlm wraps any LangChain chat model with one line. Reads CORTEXDB_CONNECTION and HARBOR_PROJECT from env, pulls the per-database guards/evals config from Harbor on boot, and instruments every .invoke() / .stream(). This is the only truly zero-config path.
Everyone else (OpenAI SDK, Anthropic SDK, Gemini SDK, raw HTTP) — configureCortexDBFromConnectionString once at boot (still reads the env var), then call logTrace(...) after each LLM call. Two lines of plumbing, then a normal trace object per call.

bash

// Not using LangChain (OpenAI SDK, Anthropic SDK, Gemini SDK, raw HTTP)?
//   npm install @dooor-ai/toolkit
//
// configureCortexDBFromConnectionString once at boot (reads the env var).
// Then wrap each LLM call with logTrace. No proxy URL to remember —
// the toolkit handles routing to the right CortexDB database.

import {
  configureCortexDBFromConnectionString,
  logTrace,
} from "@dooor-ai/toolkit"
import OpenAI from "openai"

configureCortexDBFromConnectionString(process.env.CORTEXDB_CONNECTION!)
const openai = new OpenAI()

const start = Date.now()
const res = await openai.chat.completions.create({
  model: "gpt-4o-mini",
  messages: [{ role: "user", content: "Hello" }],
})

await logTrace(
  {
    traceId: crypto.randomUUID(),
    input: "Hello",
    output: res.choices[0].message.content ?? "",
    model: "gpt-4o-mini",
    latency: Date.now() - start,
    tokens: {
      prompt: res.usage?.prompt_tokens ?? 0,
      completion: res.usage?.completion_tokens ?? 0,
      total: res.usage?.total_tokens ?? 0,
    },
    timestamp: new Date(),
  },
  { project: process.env.HARBOR_PROJECT },
)

What you get for free

Every call routed through Harbor is automatically:

Traced - request, response, model, tokens, latency, cost - queryable via the Harbor dashboard or the Traces API below.
Evaluated - relevance, safety, policy compliance scores attached to the trace.
Guard-checked - PII detection, prompt injection, toxicity and custom guards run pre and post-call. Blocked calls show up under Guard Blocks.
Audit-logged - immutable trail of every prompt, response and guard decision, scoped to your workspace.

Programmatic access

Analytics Summary

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/summary

Returns aggregate analytics for all AI calls made through Harbor for a given time range.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range. Default: 7 days ago.
end	string (ISO 8601)	optional	End of the time range. Default: now.

Response

json

{
  "appId": "app_01hx...",
  "period": {
    "start": "2025-01-13T00:00:00Z",
    "end": "2025-01-20T00:00:00Z"
  },
  "totalCalls": 1842,
  "totalTokens": 4250000,
  "avgLatencyMs": 620,
  "totalCostUsd": 12.75,
  "blockedByGuard": 14,
  "errorRate": 0.008
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/summary?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Analytics Timeseries

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/timeseries

Returns a timeseries for a specific metric, bucketed by the given interval. Useful for rendering charts.

Query Parameters

Name	Type	Required	Description
metric	string	optional	Metric name: total_calls \| total_tokens \| avg_latency \| total_cost \| error_rate.
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.
interval	string	optional	Bucket size: 1h \| 6h \| 1d \| 7d. Default: 1h.

Response

json

{
  "metric": "total_calls",
  "interval": "1h",
  "labels": [
    "2025-01-20T00:00:00Z",
    "2025-01-20T01:00:00Z",
    "2025-01-20T02:00:00Z"
  ],
  "values": [84, 112, 97]
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/timeseries?metric=total_calls&interval=1h&start=2025-01-20T00:00:00Z&end=2025-01-20T23:59:59Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Token Usage

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/token-usage

Returns a breakdown of prompt, completion, and total token consumption for the given time range.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.

Response

json

{
  "promptTokens": 2800000,
  "completionTokens": 1450000,
  "totalTokens": 4250000
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/token-usage?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Eval Score Distribution

GET/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/eval-distribution

Returns the score distribution across all evals run for an app in the given time range. Useful for histograms of latency/quality scores.

Query Parameters

Name	Type	Required	Description
start	string (ISO 8601)	optional	Start of the time range.
end	string (ISO 8601)	optional	End of the time range.

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/analytics/eval-distribution?start=2025-01-13T00:00:00Z&end=2025-01-20T00:00:00Z" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Traces

GET/workspaces/{workspaceId}/harbor/apps/{appId}/traces

Returns a paginated list of AI traces recorded by Harbor for the app. Each trace represents a single AI call with full request and response detail, latency, token usage, and guard evaluation results.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Traces per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
project	string	optional	Filter by CortexDB project name.
session_id	string	optional	Filter traces by session ID.

Response

json

{
  "data": [
    {
      "traceId": "trc_01hx...",
      "sessionId": "sess_01hx...",
      "model": "gemini-3-flash-preview",
      "promptTokens": 320,
      "completionTokens": 148,
      "totalTokens": 468,
      "latencyMs": 512,
      "guardBlocked": false,
      "evalScore": 0.92,
      "createdAt": "2025-01-20T09:05:30Z"
    }
  ],
  "total": 1842,
  "limit": 20,
  "offset": 0
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/traces?limit=20&offset=0" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Get Trace

GET/workspaces/{workspaceId}/harbor/apps/{appId}/traces/{traceId}

Returns the full detail for a single trace, including the raw prompt, response, guard evaluation breakdown, and any eval scores.

Response

json

{
  "traceId": "trc_01hx...",
  "sessionId": "sess_01hx...",
  "model": "gemini-3-flash-preview",
  "prompt": "Summarize the following contract clause...",
  "response": "The clause states that...",
  "promptTokens": 320,
  "completionTokens": 148,
  "totalTokens": 468,
  "latencyMs": 512,
  "guardBlocked": false,
  "guardEvaluations": [
    {
      "guardType": "pii_detection",
      "result": "pass",
      "confidence": 0.99
    }
  ],
  "evalScore": 0.92,
  "createdAt": "2025-01-20T09:05:30Z"
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/traces/{traceId}" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Evals

GET/workspaces/{workspaceId}/harbor/apps/{appId}/evals

Returns evaluation results attached to AI traces. Evals measure output quality, safety, and policy compliance using automated scoring.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Evaluations per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
trace_id	string	optional	Filter evals for a specific trace.

Response

json

[
  {
    "id": "eval_01hx...",
    "traceId": "trc_01hx...",
    "evalType": "relevance",
    "score": 0.92,
    "passed": true,
    "details": "Response is highly relevant to the user prompt.",
    "createdAt": "2025-01-20T09:05:31Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/evals?limit=20" \
  -H "Authorization: Bearer dor_sk_your_key_here"

List Guard Blocks

GET/workspaces/{workspaceId}/harbor/apps/{appId}/guard-blocks

Returns a list of guard block instances - AI calls that were intercepted and blocked by a Harbor guard rule. Each record includes the guard type that triggered the block and the matched content.

Query Parameters

Name	Type	Required	Description
limit	integer	optional	Records per page. Default: 20.
offset	integer	optional	Offset for pagination. Default: 0.
guard_type	string	optional	Filter by guard type: pii_detection \| prompt_injection \| toxicity \| off_topic.

Response

json

[
  {
    "id": "blk_01hx...",
    "traceId": "trc_01hx...",
    "guardType": "pii_detection",
    "blockedContent": "User sent a message containing a credit card number",
    "confidence": 0.98,
    "action": "block",
    "createdAt": "2025-01-20T10:15:00Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/guard-blocks?guard_type=pii_detection" \
  -H "Authorization: Bearer dor_sk_your_key_here"

Guard Templates

Guard templates define reusable guard rule configurations that can be applied to any Harbor-provisioned app. Manage templates independently of apps using the following endpoints.

GET/harbor/guard-templates

Returns all guard templates available in the platform.

Response

json

[
  {
    "id": "gtpl_01hx...",
    "name": "PII Shield",
    "description": "Blocks prompts and responses containing personally identifiable information",
    "guardType": "pii_detection",
    "config": {
      "sensitivity": "high",
      "action": "block"
    },
    "createdAt": "2025-01-10T08:00:00Z"
  }
]

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/harbor/guard-templates" \
  -H "Authorization: Bearer dor_sk_your_key_here"

POST/harbor/guard-templates

Creates a new guard template.

Request Body

Name	Type	Required	Description
name	string	required	Human-readable name for the template.
description	string	optional	Description of what the guard does.
guardType	string	required	Guard type: pii_detection \| prompt_injection \| toxicity \| off_topic \| custom.
config	object	optional	Guard-specific configuration (sensitivity, action, allowlist, etc.).

bash

curl -X POST "https://os-develop.dooor.ai/api/v1/harbor/guard-templates" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Shield",
    "description": "Blocks PII in prompts and responses",
    "guardType": "pii_detection",
    "config": { "sensitivity": "high", "action": "block" }
  }'

PUT/harbor/guard-templates/{id}

Fully replaces a guard template. All fields must be provided.

bash

curl -X PUT "https://os-develop.dooor.ai/api/v1/harbor/guard-templates/{id}" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Shield v2",
    "description": "Updated PII detection with medium sensitivity",
    "guardType": "pii_detection",
    "config": { "sensitivity": "medium", "action": "redact" }
  }'

DELETE/harbor/guard-templates/{id}

Permanently deletes a guard template. Apps currently using the template will retain the last applied configuration until re-configured. Returns 204 No Content.

bash

curl -X DELETE "https://os-develop.dooor.ai/api/v1/harbor/guard-templates/{id}" \
  -H "Authorization: Bearer dor_sk_your_key_here"

# Returns 204 No Content

Observability Config

Per-app guards/evals configuration. The Dooor AI toolkit fetches this at boot to materialize guards and evals — so any change applies on the next Pod restart.

GET/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config

Returns the current guards + evals config for the app.

Response

json

{
  "guards": {
    "prompt_injection": { "enabled": true, "threshold": 0.8 },
    "sensitive_data":   { "enabled": true, "threshold": 0.7 },
    "custom_templates": [
      {
        "template_id":   "gtpl_01hx...",
        "template_name": "PII Shield",
        "enabled":       true,
        "threshold":     0.7
      }
    ]
  },
  "evals": {
    "latency": { "enabled": true, "threshold_ms": 3000, "target_ms": 800, "max_ms": 5000 }
  }
}

bash

curl -X GET "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config" \
  -H "Authorization: Bearer dor_sk_your_key_here"

PUT/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config

Partial update. Send only the fields you want to change. Both top-level keys (guards, evals) are optional, as is every nested guard/eval.

Request Body

Name	Type	Required	Description
guards	object	optional	Optional. Each guard accepts { enabled?: boolean, threshold?: number }. Recognised keys: prompt_injection, sensitive_data. To enable custom guard templates, pass guards.custom_templates as an array of { template_id, template_name, enabled, threshold }.
evals	object	optional	Optional. evals.latency accepts { enabled?, threshold_ms?, target_ms?, max_ms? }.

bash

curl -X PUT "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/observability-config" \
  -H "Authorization: Bearer dor_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "guards": {
      "prompt_injection": { "enabled": true, "threshold": 0.9 }
    },
    "evals": {
      "latency": { "threshold_ms": 2000 }
    }
  }'

Re-provision Harbor (rare)

POST/workspaces/{workspaceId}/harbor/apps/{appId}/provision

Response

json

{
  "appId": "app_01hx...",
  "harborDatabase": "doos_ws01_my_app",
  "connectionString": "cortexdb://k_***@harbor.dooor.ai/doos_ws01_my_app"
}

bash

curl -X POST "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/provision" \
  -H "Authorization: Bearer dor_sk_your_key_here"

De-provision Harbor

DELETE/workspaces/{workspaceId}/harbor/apps/{appId}/provision

Removes the Harbor integration for an app. The CortexDB project and all associated traces, evals, and guard blocks are permanently deleted. Returns 204 No Content on success.

bash

curl -X DELETE "https://os-develop.dooor.ai/api/v1/workspaces/{workspaceId}/harbor/apps/{appId}/provision" \
  -H "Authorization: Bearer dor_sk_your_key_here"

# Returns 204 No Content

Harbor - AI Governance#

How it works (zero-config)#

Lifecycle

Use Harbor in your app#

What you get for free#

Programmatic access#

Analytics Summary#

Query Parameters

Response

Analytics Timeseries#

Query Parameters

Response

Token Usage#

Query Parameters

Response

Eval Score Distribution#

Query Parameters

List Traces#

Query Parameters

Response

Get Trace#

Response

List Evals#

Query Parameters

Response

List Guard Blocks#

Query Parameters

Response

Guard Templates#

Response

Request Body

Observability Config#

Response

Request Body

Re-provision Harbor (rare)#

Response

De-provision Harbor#

Harbor - AI Governance#

How it works (zero-config)#

Lifecycle

Use Harbor in your app#

What you get for free#

Programmatic access#

Analytics Summary#

Query Parameters

Response

Analytics Timeseries#

Query Parameters

Response

Token Usage#

Query Parameters

Response

Eval Score Distribution#

Query Parameters

List Traces#

Query Parameters

Response

Get Trace#

Response

List Evals#

Query Parameters

Response

List Guard Blocks#

Query Parameters

Response

Guard Templates#

Response

Request Body

Observability Config#

Response

Request Body

Re-provision Harbor (rare)#

Response

De-provision Harbor#

Harbor - AI Governance

How it works (zero-config)

Use Harbor in your app

What you get for free

Programmatic access

Analytics Summary

Analytics Timeseries

Token Usage

Eval Score Distribution

List Traces

Get Trace

List Evals

List Guard Blocks

Guard Templates

Observability Config

Re-provision Harbor (rare)

De-provision Harbor

Harbor - AI Governance

How it works (zero-config)

Use Harbor in your app

What you get for free

Programmatic access

Analytics Summary

Analytics Timeseries

Token Usage

Eval Score Distribution

List Traces

Get Trace

List Evals

List Guard Blocks

Guard Templates

Observability Config

Re-provision Harbor (rare)

De-provision Harbor