> ## Documentation Index
> Fetch the complete documentation index at: https://docs.echozero.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Approve developer agent for beta

> Transitions agent from pending-review to beta. Creates a review record.



## OpenAPI

````yaml https://mcp.echozero.app/api/docs-json post /api/admin/developer-agents/{id}/approve
openapi: 3.0.0
info:
  title: EchoZero MCP API
  description: >-
    EchoZero MCP Server - Developer API for agent management, trading,
    marketplace, and AI chat.


    **Rate Limiting:** All endpoints enforce per-API-key rate limits. Tiers:
    free (60 req/min), standard (300 req/min), premium (1000 req/min). Every
    response includes `X-RateLimit-Limit`, `X-RateLimit-Remaining`,
    `X-RateLimit-Reset` headers. Exceeding the limit returns `429 Too Many
    Requests` with a `Retry-After` header.
  version: '1.0'
  contact: {}
servers:
  - url: https://mcp.echozero.app
    description: Production
security: []
tags:
  - name: MCP Protocol
    description: >-
      Model Context Protocol (Streamable HTTP): `/mcp`, `/mcp/sse` — not under
      `/api`; same API key as REST
  - name: Health
    description: Server health check
  - name: API Keys
    description: API key generation, listing, and revocation
  - name: User
    description: >-
      User profile, sessions, social, onboarding, internal agent subscriptions,
      and bot activations (v1: /v1/users/me)
  - name: Token
    description: Token data and trending
  - name: Trade
    description: Trade execution and history
  - name: Strategy
    description: Strategy (trading bot) configuration and control
  - name: Agent
    description: Agent registration and management
  - name: AI
    description: AI chat, intent, and insights
  - name: Wallet
    description: Wallet operations, deposits, and withdrawals
  - name: Notification
    description: Notification management and settings
  - name: Auth
    description: >-
      Public authentication: signup / login lookup, code verification, Google
      OAuth, refresh, and sign-out. Returns `accessToken` / `refreshToken` in
      the JSON body.
  - name: OAuth
    description: >-
      OAuth 2.1 authorization-code + PKCE for AI assistant clients:
      `/oauth/authorize`, `/oauth/token`, `/oauth/introspect`, `/status`.
  - name: Activity
    description: User trade activity list and search
  - name: Feed
    description: Social activity feed timeline
  - name: Earn
    description: Leaderboard, rewards, and referrals
  - name: Statics
    description: Countries, languages, and static data
  - name: Misc
    description: File uploads and utility endpoints
  - name: Developer
    description: Developer registration and profile
  - name: Developer dashboard
    description: >-
      Per-agent dashboard: subscribers (anonymized), performance detail, signal
      history (v1)
  - name: Developer Agent
    description: Developer agent listings and management
  - name: Developer Agents (Marketplace)
    description: Public browse, search, and subscribe to external developer-listed agents
  - name: Admin
    description: Admin-only endpoints for review, approval, and platform management
  - name: Webhooks
    description: >-
      Inbound provider webhooks (no API key). Telegram signal-bot uses
      `X-Telegram-Bot-Api-Secret-Token` when configured.
paths:
  /api/admin/developer-agents/{id}/approve:
    post:
      tags:
        - Admin
      summary: Approve developer agent for beta
      description: Transitions agent from pending-review to beta. Creates a review record.
      operationId: AdminDeveloperAgentController_approve
      parameters:
        - name: id
          required: true
          in: path
          schema:
            type: string
        - name: x-signature
          in: header
          required: false
          description: >-
            HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD +
            path + body). Optional -- when omitted, HMAC verification is
            skipped.
          schema:
            type: string
        - name: x-timestamp
          in: header
          required: false
          description: >-
            Request timestamp in epoch milliseconds. Required when x-signature
            is provided. Rejected if drift exceeds 5 minutes.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApproveDeveloperAgentDto'
            examples:
              minimal:
                summary: No notes
                value: {}
              fullAllFields:
                summary: Notes + safety score
                value:
                  notes: Approved for limited beta; monitor webhook volume.
                  safetyScore: 88
      responses:
        '201':
          description: Agent approved for beta.
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/McpSuccessResponseDto'
                  - properties:
                      data:
                        $ref: '#/components/schemas/DeveloperAgentResponseDto'
        '400':
          description: Agent not in pending-review status.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
        '401':
          description: Missing or invalid API key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
        '403':
          description: Admin scope required.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
        '404':
          description: Agent not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/McpErrorResponseDto'
      security:
        - bearer-jwt: []
        - api-key: []
components:
  schemas:
    ApproveDeveloperAgentDto:
      type: object
      properties:
        notes:
          type: string
          description: Review notes
        safetyScore:
          type: number
          description: Safety score (0-100)
    McpSuccessResponseDto:
      type: object
      properties:
        success:
          type: boolean
          example: true
        data:
          type: object
          description: Endpoint-specific payload
          additionalProperties: true
      required:
        - success
        - data
    DeveloperAgentResponseDto:
      type: object
      properties:
        id:
          type: string
        developerId:
          type: string
        name:
          type: string
        description:
          type: string
        strategyDescription:
          type: string
        avatarUrl:
          type: string
        tags:
          description: Marketplace / discovery tags
          type: array
          items:
            type: string
        pricingModel:
          type: string
          enum:
            - subscription
            - success-fee
            - both
            - free
        monthlyPrice:
          type: number
        successFeePercent:
          type: number
        betaStatus:
          type: string
        betaStartDate:
          type: string
          format: date-time
        maxBetaUsers:
          type: number
        riskLevel:
          type: string
          enum:
            - low
            - medium
            - high
        performanceStats:
          type: object
          additionalProperties: true
        webhookUrl:
          type: string
        inboundSignalsHttpUrl:
          type: string
          description: >-
            Public POST URL for signed inbound webhook signals when mcp-main has
            a resolved public HTTP base (`MCP_HTTP_PUBLIC_URL` or
            `MCP_ENDPOINT`).
        inboundWebhookSigningSecretReveal:
          type: string
          description: >-
            Present once after create (webhook ingress) or after
            `rotateInboundWebhookSigningSecret`. Store securely.
        signalSourceKind:
          type: string
          enum:
            - webhook
            - signal_group
        connectedChannels:
          type: array
          items:
            $ref: '#/components/schemas/ConnectedChannelResponseDto'
        signalDetectionRule:
          $ref: '#/components/schemas/SignalDetectionRuleResponseDto'
        signalExecutionDefaults:
          $ref: '#/components/schemas/SignalGroupExecutionDefaultsDto'
        parserAiMode:
          type: string
          enum:
            - inherit
            - 'off'
            - shadow
            - fallback
          description: Per-agent hybrid parser mode.
        membershipGated:
          type: boolean
          description: Require channel membership for subscribers (signal group).
        externalSignupUrl:
          type: string
          description: Invite / signup URL when membership gating is enabled.
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
      required:
        - id
        - developerId
        - name
        - pricingModel
        - betaStatus
        - riskLevel
        - performanceStats
        - createdAt
        - updatedAt
    McpErrorResponseDto:
      type: object
      properties:
        success:
          type: boolean
          example: false
        error:
          $ref: '#/components/schemas/McpErrorBodyDto'
      required:
        - success
        - error
    ConnectedChannelResponseDto:
      type: object
      properties:
        platform:
          type: string
          enum:
            - telegram
            - discord
        channelId:
          type: string
        channelUsername:
          type: string
        channelName:
          type: string
        channelIconUrl:
          type: string
          description: Channel or Discord server profile image URL
        memberCount:
          type: number
          description: Member count snapshot from last channel verification
        inviteUrl:
          type: string
          description: Subscriber join URL (Discord server invite or Telegram link)
        botStatus:
          type: string
          enum:
            - pending
            - active
            - disconnected
            - bot_removed
        verifiedAt:
          type: string
          format: date-time
        linkedChatInput:
          type: string
        lastVerificationError:
          type: string
        lastVerificationErrorCode:
          type: string
      required:
        - platform
        - channelId
        - botStatus
    SignalDetectionRuleResponseDto:
      type: object
      properties:
        buyKeywords:
          type: array
          items:
            type: string
        sellKeywords:
          type: array
          items:
            type: string
        longKeywords:
          type: array
          items:
            type: string
        shortKeywords:
          type: array
          items:
            type: string
        tpKeywords:
          type: array
          items:
            type: string
        slKeywords:
          type: array
          items:
            type: string
        leverageKeywords:
          type: array
          items:
            type: string
        tokenPatterns:
          type: array
          items:
            type: string
        strategyPrefix:
          type: string
        cancelKeywords:
          type: array
          items:
            type: string
        breakevenKeywords:
          type: array
          items:
            type: string
        partialCloseKeywords:
          type: array
          items:
            type: string
        breakoutAboveKeywords:
          type: array
          items:
            type: string
        breakoutBelowKeywords:
          type: array
          items:
            type: string
        entryZoneKeywords:
          type: array
          items:
            type: string
    SignalGroupExecutionDefaultsDto:
      type: object
      properties:
        marketType:
          type: string
          enum:
            - spot
            - perpetual
            - both
        leverageMode:
          type: string
          enum:
            - fixed
            - signal-defined
            - disabled
        leverageMax:
          type: number
          minimum: 1
          maximum: 125
        tradeSizeMode:
          type: string
          enum:
            - fixed
            - percent
            - signal-defined
        tradeSizeValue:
          type: number
        stopLossMode:
          type: string
        stopLossValue:
          type: number
        stopLossAboveEntry:
          type: boolean
        takeProfitMode:
          type: string
        takeProfitValue:
          type: number
        takeProfitTiers:
          type: array
          items:
            $ref: '#/components/schemas/SignalExecutionTakeProfitTierDto'
        signalOverridesDefaults:
          type: boolean
        timeInForce:
          type: string
          enum:
            - IOC
            - GTC
        maxPositionMode:
          type: string
        maxPositionPct:
          type: number
        maxOpenPositions:
          type: number
        maxDailyLossMode:
          type: string
        maxDailyLossPct:
          type: number
        cooldownSeconds:
          type: number
        maxTradesPerDay:
          type: number
        trailingStop:
          type: boolean
        slippageMode:
          type: string
        slippageTolerance:
          type: number
        tokenWhitelist:
          type: array
          items:
            type: string
        tokenBlacklist:
          type: array
          items:
            type: string
    McpErrorBodyDto:
      type: object
      properties:
        code:
          type: string
          example: NOT_FOUND
        message:
          type: string
          example: Resource not found
      required:
        - code
        - message
    SignalExecutionTakeProfitTierDto:
      type: object
      properties:
        closePercent:
          type: number
        whenPositionPercent:
          type: number
        action:
          type: string
          enum:
            - close-part
            - alert
  securitySchemes:
    bearer-jwt:
      scheme: bearer
      bearerFormat: JWT
      type: http
      description: >-
        User JWT access token issued by `POST /api/auth/verify` or `POST
        /api/auth/social/verify`. Routes that accept both auth modes declare
        `api-key` *and* `bearer-jwt` security schemes.
    api-key:
      type: apiKey
      in: header
      name: x-api-key

````