Update agent
Modify an agent’s configuration, such as tools, prompts, or model settings.
Authorizations
API Key authentication for programmatic access. Include your API key in the Authorization header as: Bearer your_api_key_here
Path Parameters
Unique identifier of the agent to update
Body
Request body for updating agent configuration (all fields optional)
Optional new name for the agent
Optional new description for the agent
Optional description for the agent version created by this update
Optional new system prompt for the agent
Optional new array of tool names for the agent
Optional new tool selection mode for the agent
manual, all_read_only Optional new array of CLI integration ids for the agent
Optional updated per-tool-action configuration for the agent
Configuration for a specific tool action
- Option 1
- Option 2
- Option 3
- Option 4
- Option 5
Optional new input configuration for the agent
Model alias must be a valid model from the registry
Optional new context documents for the agent
Optional reference to the Tines story import template (can be set to null to clear)
Optional new planning behavior for this agent
never, always, auto Optional updated structured output schema definition for this agent
Optional persistent workspace setting for this agent
Array of tags for categorizing the agent
A tag label for categorizing agents (normalized to lowercase)
1 - 100Optional set of skills to attach to this agent
Optional list of acceptance criteria evaluated for every run
201 - 500Response
Successful response
- Option 1
- Option 2
The updated agent with modified configuration
Unique identifier for the agent
Unique identifier of the organization that owns this agent
Human-readable name of the agent
Description of what the agent does and its purpose
The agent's live system prompt (version history lives in agent_versions)
Timestamp when the agent was created
Timestamp when the agent was last updated
Timestamp when the agent was soft-deleted, or null if not deleted
Array of tool names that this agent can use during execution
How this agent resolves tools at runtime
manual, all_read_only Per-tool-action configuration for this agent
Configuration for a specific tool action
- Option 1
- Option 2
- Option 3
- Option 4
- Option 5
Array of input configurations defining what inputs the agent expects
Model alias specifying which LLM model to use for this agent
Planning behavior mode for the agent
auto, never, always Type of agent: response (standard) or detection (security detection)
response, detection Who created this agent: user or orchestrator
user, orchestrator Whether this agent is built in to the system (true for built-in (system-managed) agents)
Type of built-in agent (e.g., threat-validation, threat-hunt)
threat-relevancy, threat-research, autonomous-hunt, test-agent Optional array of CLI integration ids that this agent can use during execution
Optional array of context documents (e.g., Google Docs, Notion pages) to provide to the agent
Optional reference to the Tines story import template used to create this agent
Optional array of triggers configured for this agent
Optional JSON schema describing the structured output the agent should emit (may include x-cotool metadata for preset UX; metadata is stripped before sending to the LLM)
Whether this agent may use persistent workspace
Array of tags for categorizing the agent
A tag label for categorizing agents (normalized to lowercase)
1 - 100Array of reusable skills attached to this agent
Optional list of acceptance criteria evaluated for every run
20A user-configured acceptance criterion that must be satisfied for an agent run
1 - 500Stable logical key for the agent (slug, immutable, unique per org)
Sync backend managing this agent (e.g. "github"); null/absent when UI-managed
Path of the source YAML file for a GitOps-managed agent
Which agent_sync_config (repo source) materialized this managed agent; null when UI-managed
Category of detection (only for detection agents)
baseline_anomaly, first_occurrence, sequence_pattern, privilege_escalation, custom, null The SIEM query for the detection (only for detection agents)
The SIEM platform type (e.g., splunk, elastic) for the detection (only for detection agents)
Whether this detection is a suggestion (only for detection agents)
Timestamp of when this detection was last run (only for detection agents)