CHASM

CHASM Assistants

View as Markdown

CHASM is Chaser’s assistant runtime layer. It lets you create managed AI assistants that can execute code, browse the web, and interact with users through external messaging channels — all backed by Chaser’s session infrastructure.

How it works

A CHASM assistant is a managed entity with:

  • A configuration that defines its model, tools, memory policy, and alert thresholds
  • Channel bindings that connect it to external messaging platforms (Telegram, Discord)
  • Credentials stored securely in Chaser’s vault for API keys and tokens the assistant needs
  • Runtime state that persists across interactions
  • A dedicated workspace for durable file storage and code execution

Assistants use the same terminal and browser MCP tools as any other Chaser integration. The difference is that Chaser handles authentication on behalf of signed-in product users, so the assistant does not need a separate API key.

Assistant lifecycle

$# Create an assistant
$curl -sS "$CHASER_API_URL/v1/assistants" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "name": "my-assistant",
>    "config": {
>      "model": {"provider": "anthropic", "model_id": "claude-sonnet-4-20250514"},
>      "system_prompt": "You are a helpful coding assistant.",
>      "tools": {"sandbox": true, "browser": true}
>    }
>  }' | jq
$
$# List assistants
$curl -sS "$CHASER_API_URL/v1/assistants" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq
$
$# Pause/resume
$curl -sS -X POST "$CHASER_API_URL/v1/assistants/<id>/pause" \
>  -H "Authorization: Bearer $CHASER_API_KEY"
$curl -sS -X POST "$CHASER_API_URL/v1/assistants/<id>/resume" \
>  -H "Authorization: Bearer $CHASER_API_KEY"

Channel bindings

Connect an assistant to external messaging platforms so it can receive and respond to messages.

$# Bind to a Telegram channel
$curl -sS "$CHASER_API_URL/v1/assistants/<id>/channels" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "channel_type": "telegram",
>    "channel_id": "<telegram_chat_id>",
>    "config": {}
>  }' | jq
$
$# Remove a channel binding
$curl -sS -X DELETE "$CHASER_API_URL/v1/assistants/<id>/channels/<binding_id>" \
>  -H "Authorization: Bearer $CHASER_API_KEY"

Supported channel types: Telegram and Discord.

Credentials vault

Store secrets the assistant needs (API keys, tokens) securely:

$# Store a credential
$curl -sS "$CHASER_API_URL/v1/assistants/credentials" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "key": "OPENAI_API_KEY",
>    "secret_value": "sk-..."
>  }' | jq
$
$# Resolve a credential (returns metadata, not the secret)
$curl -sS "$CHASER_API_URL/v1/assistants/resolve-credential" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{"key": "OPENAI_API_KEY"}' | jq

Credentials are encrypted at rest and only accessible to the assistant runtime.

Config updates

CHASM now hard-cuts to V2 typed config-intents for approval-gated assistant configuration changes. Legacy V1 config-change-requests endpoints are no longer exposed.

CHASM V2 keeps the same approval model, but exposes typed intent-first endpoints under /v2:

$# Create a typed config intent request
$curl -sS "$CHASER_API_URL/v2/assistants/<id>/config-intents" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "requested_by": "user",
>    "reason": "enable integration",
>    "intents": [
>      {"type": "install_integration", "integration_id": "github"}
>    ]
>  }' | jq
$
$# List + review + approve
$curl -sS "$CHASER_API_URL/v2/assistants/<id>/config-intents" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq
$curl -sS -X POST "$CHASER_API_URL/v2/assistants/<id>/config-intents/<request_id>/approve" \
>  -H "Authorization: Bearer $CHASER_API_KEY"

Runtime state

Assistants maintain persistent runtime state that survives across interactions:

$# Get runtime state
$curl -sS "$CHASER_API_URL/v1/assistants/<id>/runtime-state" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq
$
$# Update runtime state
$curl -sS "$CHASER_API_URL/v1/assistants/<id>/runtime-state" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -X PUT \
>  -d '{"state": {"last_task": "deploy", "context": {}}}' | jq

Usage tracking

Monitor assistant resource consumption:

$# Get usage events
$curl -sS "$CHASER_API_URL/v1/assistants/<id>/usage-events" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq

Usage events track token consumption, tool invocations, and session usage. Alert policies in the assistant config can trigger webhooks when thresholds are exceeded.

V2 runtime + session orchestration

chaser-api now exposes CHASM runtime/session endpoints under a dedicated /v2/chasm namespace and proxies to chasm-host, so clients integrate with a single API origin while keeping product surfaces isolated:

$# Runtime capability metadata
$curl -sS "$CHASER_API_URL/v2/chasm/runtime/capabilities" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq
$
$# Bootstrap a runtime session
$curl -sS "$CHASER_API_URL/v2/chasm/session/bootstrap" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "session_id": "sess_v2_example",
>    "assistant_id": "<assistant_id>",
>    "selected_model": {"provider": "openai", "model": "gpt-5.4"},
>    "transport": "realtime_websocket"
>  }' | jq
$
$# Fetch + complete
$curl -sS "$CHASER_API_URL/v2/chasm/session/sess_v2_example" \
>  -H "Authorization: Bearer $CHASER_API_KEY" | jq
$curl -sS -X POST "$CHASER_API_URL/v2/chasm/session/sess_v2_example/complete" \
>  -H "Authorization: Bearer $CHASER_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{"finish_reason":"stop"}' | jq

WebSocket stream endpoint:

  • GET /v2/chasm/session/{session_id}/ws

Codex login for CHASM

CHASM supports OpenAI Codex authentication for assistants that need access to OpenAI services. The login flow uses a localhost callback URL pattern:

  1. Call GET /auth/codex/login-url to get the authorization URL and PKCE verifier
  2. Open the URL in a browser and authenticate with OpenAI
  3. OpenAI redirects to a localhost callback URL
  4. Copy the full localhost redirect URL and submit it to complete the authentication

This localhost callback approach is intentional — OpenAI’s Codex OAuth does not support remote callback URLs, so the redirect must go to localhost and be manually submitted back to Chaser.

API reference

EndpointDescription
POST /v1/assistantsCreate assistant
GET /v1/assistantsList assistants
GET /v1/assistants/{id}Get assistant details
PATCH /v1/assistants/{id}Update assistant
POST /v1/assistants/{id}/pausePause execution
POST /v1/assistants/{id}/resumeResume execution
POST /v1/assistants/{id}/channelsAdd channel binding
DELETE /v1/assistants/{id}/channels/{binding_id}Remove channel binding
PUT /v1/assistants/credentialsStore credential
POST /v1/assistants/resolve-credentialResolve credential
POST /v1/assistants/resolve-channelResolve channel
GET /v1/assistants/{id}/runtime-stateGet runtime state
PUT /v1/assistants/{id}/runtime-stateUpdate runtime state
POST /v1/assistants/{id}/usage-eventsRecord usage event
GET /v1/assistants/{id}/usage-eventsList usage events
GET /v2/assistants/{id}/config-intentsList typed config-intent requests
POST /v2/assistants/{id}/config-intentsCreate typed config-intent request
GET /v2/assistants/{id}/config-intents/{rid}Get typed config-intent request
POST /v2/assistants/{id}/config-intents/{rid}/approveApprove typed config-intent request
POST /v2/assistants/{id}/config-intents/{rid}/denyDeny typed config-intent request
GET /v2/chasm/runtime/capabilitiesCHASM V2 runtime capability descriptor
GET /v2/chasm/runtime/probeRuntime health/probe metadata
POST /v2/chasm/session/bootstrapBootstrap CHASM V2 runtime session
GET /v2/chasm/session/{session_id}Get CHASM V2 runtime session state
POST /v2/chasm/session/{session_id}/completeMark CHASM V2 runtime session complete
GET /v2/chasm/session/{session_id}/wsStream CHASM V2 runtime events over WebSocket