Create a pack from an existing OCI image

POST

/packs

curl --request POST \
  --url https://your-org.evershell.ai/v1/packs \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "image_ref": "registry.example.com/team/pack:1.2.0", "visibility": "org" }'

• Hosted tenant

Permissions: caps:write.

The image must already exist in a registry the CP can pull. All pack metadata (name, version, capabilities) is read from pack.yaml inside the image. Use POST /packs/upload to push an image directly.

Authorizations

• bearerAuth

Request Body ^required

Media type application/json

object

image_ref

required

string

Example

registry.example.com/team/pack:1.2.0

visibility

string

default: org

Allowed values: org community

Responses

201

Created

Media type application/json

object

id

required

string

org_id

Owning org id. Redacted to absent on packs the caller doesn’t own (platform-shipped + foreign community packs) — use owned to distinguish.

string

name

required

string

display_name

required

string

description

string

version

required

string

tier

required

string

Allowed values: recommended verified community

visibility

required

string

Allowed values: org community

category

string

capabilities

Caps.yaml fragment shipped by the pack

string

suggested_packs

Comma-separated names of related packs (display hint).

string

image_origin

Where the image was pushed from (upload, image_ref, clone).

string

image_ref

string

image_digest

string

size_bytes

integer

created_at

string format: date-time

updated_at

string format: date-time

owned

required

True when the pack is org-scoped to the caller’s org.

boolean

Example

{
  "id": "pack_01HZ",
  "version": "1.2.0",
  "tier": "recommended",
  "visibility": "org"
}

400

Validation failure

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

409

State conflict (in-use cascade guard, last-owner, etc.)

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

423

Tenant is past_due, decommissioning, or trial-expired

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}