> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Agents

> List all machine agent identities for the authenticated tenant with filtering and pagination

# List Agents

`GET /v1/agents`

Returns a paginated list of all machine agent identities registered under the authenticated tenant. Results can be filtered by agent type, status, and trust level. Agents are returned in reverse chronological order (newest first).

### Authentication

Requires `X-API-Key` header or Bearer JWT token. Tenant-scoped via `X-Tenant-ID`.

### Query Parameters

<ParamField query="agent_type" type="string">
  Filter by agent type. One of: `"orchestrator"`, `"worker"`, `"inference"`,
  `"pipeline"`, `"service"`, `"bot"`, `"llm"`.
</ParamField>

<ParamField query="status" type="string">
  Filter by lifecycle status. One of: `"active"`, `"suspended"`, `"revoked"`.
</ParamField>

<ParamField query="trust_level" type="string">
  Filter by trust level. One of: `"platform_root"`, `"verified_org"`,
  `"verified_individual"`, `"authenticated"`, `"self_asserted"`, `"anonymous"`.
</ParamField>

<ParamField query="limit" type="integer">
  Maximum number of agents to return per page. Range: 1-200. Default: `50`.
</ParamField>

<ParamField query="offset" type="integer">
  Number of records to skip for pagination. Default: `0`.
</ParamField>

### Response

<ResponseField name="agents" type="object[]">
  Array of agent identity objects. Each object contains the full agent record
  including `agent_id`, `agent_type`, `display_name`, `status`, `trust_level`,
  `trust_score`, `scopes`, `public_key`, `key_id`, `metadata`,
  `delegation_depth`, `created_at`, and `updated_at`.
</ResponseField>

<ResponseField name="total" type="integer">
  Total count of agents matching the filter criteria, across all pages.
</ResponseField>

### Example

```bash theme={null}
curl -G https://api.truthlocks.com/v1/agents \
  -H "X-API-Key: tl_live_..." \
  -d "status=active" \
  -d "agent_type=llm" \
  -d "limit=10" \
  -d "offset=0"
```


## OpenAPI

````yaml mint-openapi.yaml GET /v1/agents
openapi: 3.0.3
info:
  title: Truthlocks API
  description: >
    Truthlocks is a universal verification infrastructure for documents,
    credentials, and digital assets.

    This specification defines the canonical API for interacting with Truthlocks
    services.


    ## Base URLs

    - **Production**: `https://api.truthlocks.com`

    - **Sandbox**: `https://sandbox-api.truthlocks.com`


    ## Authentication

    - **API Keys**: Use `X-API-Key` header for machine-to-machine operations

    - **Bearer Tokens**: Use `Authorization: Bearer <jwt>` for user-initiated
    operations


    ## Tenant Identity

    In production, tenant identity is derived from the authenticated context
    (API key or JWT).

    The `X-Tenant-ID` header is ignored in production to prevent spoofing.
  version: 1.0.0
  contact:
    name: Truthlocks Support
    url: https://truthlocks.com/support
    email: support@truthlocks.com
servers:
  - url: https://api.truthlocks.com
    description: Production API
  - url: https://sandbox-api.truthlocks.com
    description: Sandbox Environment
security:
  - APIKey: []
tags:
  - name: Authentication
    description: API key and token management
  - name: Issuers
    description: Issuer registration and trust management
  - name: Keys
    description: Cryptographic key management for issuers
  - name: Attestations
    description: Attestation lifecycle (mint, revoke, supersede)
  - name: Verification
    description: Attestation verification and proof bundles
  - name: Governance
    description: Issuer governance workflows (admin only)
  - name: Identity
    description: Organization, user, and role management
  - name: Audit
    description: Audit event queries
  - name: Platform
    description: Platform administration (super admin only)
  - name: Platform Review
    description: Staff review workflows for issuer applications
  - name: Tenant Console
    description: Tenant profile and lifecycle endpoints
  - name: Health
    description: Service health and readiness endpoints
  - name: Risk
    description: Risk signal ingestion and fraud detection
  - name: Risk Enforcement
    description: Risk enforcement actions — block, challenge, quarantine, and configuration
  - name: Billing
    description: Billing, subscription, and addon management
  - name: Machine Identity
    description: >-
      Machine Agent Identity Protocol (MAIP) — agent registration, sessions,
      trust, witness, compliance, orchestration, and observability
externalDocs:
  description: Transparency read-only API (separate service spec)
  url: >-
    https://github.com/truthlocks/truthlock/blob/main/docs/transparency/openapi.yaml
paths:
  /v1/agents:
    get:
      tags:
        - Machine Identity
      summary: List Agents
      description: >-
        Returns a paginated list of registered machine agents filtered by
        optional criteria.
      operationId: maip.agents.list
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
            default: 25
            minimum: 1
            maximum: 100
          description: Maximum number of agents to return
        - name: offset
          in: query
          schema:
            type: integer
            default: 0
            minimum: 0
          description: Number of agents to skip
        - name: status
          in: query
          schema:
            type: string
            enum:
              - active
              - suspended
              - revoked
          description: Filter by agent status
        - name: agent_type
          in: query
          schema:
            type: string
            enum:
              - orchestrator
              - worker
              - inference
              - pipeline
              - service
              - bot
              - llm
          description: Filter by agent type
      responses:
        '200':
          description: Paginated list of agents
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MaipAgentList'
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '429':
          description: Rate limit exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
      security:
        - APIKey: []
components:
  schemas:
    MaipAgentList:
      type: object
      properties:
        items:
          type: array
          items:
            $ref: '#/components/schemas/MaipAgent'
        total:
          type: integer
    ErrorEnvelope:
      type: object
      required:
        - code
        - message
        - http_status
      properties:
        code:
          type: string
          description: Machine-readable error code
          enum:
            - AUTH_REQUIRED
            - AUTH_INVALID
            - PERMISSION_DENIED
            - TENANT_IDENTITY_UNVERIFIED
            - NOT_FOUND
            - VALIDATION_ERROR
            - CONFLICT
            - PAYLOAD_TOO_LARGE
            - RATE_LIMIT_EXCEEDED
            - QUOTA_EXCEEDED
            - SERVICE_UNAVAILABLE
            - INTERNAL_ERROR
        message:
          type: string
          description: Human-readable error message
        http_status:
          type: integer
          description: HTTP status code
        retry_after_ms:
          type: integer
          description: Milliseconds to wait before retrying (for rate limits)
        details:
          type: object
          description: Additional error context
      example:
        code: AUTH_REQUIRED
        message: Authentication required
        http_status: 401
    MaipAgent:
      type: object
      properties:
        id:
          type: string
          format: uuid
        agent_type:
          type: string
          enum:
            - orchestrator
            - worker
            - inference
            - pipeline
            - service
            - bot
            - llm
        display_name:
          type: string
          maxLength: 256
        description:
          type: string
        status:
          type: string
          enum:
            - active
            - suspended
            - revoked
        scopes:
          type: array
          items:
            type: string
        metadata:
          type: object
          additionalProperties: true
        trust_score:
          type: number
          format: float
          minimum: 0
          maximum: 1
        public_key:
          type: string
          description: Base64-encoded public key
        session_count:
          type: integer
        keys:
          type: array
          items:
            type: object
            properties:
              kid:
                type: string
              algorithm:
                type: string
              public_key:
                type: string
              status:
                type: string
                enum:
                  - active
                  - disabled
                  - expired
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
  securitySchemes:
    APIKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: API key for machine-to-machine authentication

````