Skip to main content

Overview

Per-user; requires Authorization: Bearer nv_sk_…. Naïve owns the cluster and the cloud credentials — your agents never hold an AWS key. A workload has one of three types: service (long-running, optional public URL, scale-to-zero), job (run-to-completion), or schedule (cron/rate — runs the image on a cadence). Routes are available both company-scoped (/v1/compute/..., acting as the operator’s default user) and per-user (/v1/users/:user_id/compute/...). Gated by the compute primitive in the user’s AccountKit. Billed by running time (vCPU-seconds + GB-seconds) in credits; a stopped service accrues ~nothing.
POST /v1/compute (create) and POST /v1/compute/:id/exec + POST /v1/compute/:id/shell are approval-gated by default. An agent (API-key) call may return 202 { "status": "pending_approval", "approval_id" }; a human approves it via Approvals and the action runs on replay.

Endpoints

MethodPathDescription
GET/v1/computeList the user’s workloads
POST/v1/computeCreate a workload (type: service | job | schedule) — sensitive
GET/v1/compute/:idGet a workload (status, public URL, recent runs, secret keys)
DELETE/v1/compute/:idDelete a workload + stop in-flight runs
POST/v1/compute/:id/startWake a scaled-to-zero service
POST/v1/compute/:id/stopScale a service to zero
POST/v1/compute/:id/scaleSet the replica count ({ count })
POST/v1/compute/:id/runTrigger a job/schedule run now
GET/v1/compute/:id/runsList runs (status, exit code, credits)
GET/v1/compute/:id/runs/:runId/logsCloudWatch logs for a run
GET/v1/compute/:id/logsLogs for the latest run / live service task
POST/v1/compute/:id/execOne-off command in a running task (ECS Exec) — sensitive
POST/v1/compute/:id/shellBroker an interactive shell session (SSM) — sensitive
GET/v1/compute/:id/secretsList secret keys
POST/v1/compute/:id/secretsSet an encrypted env var (auto-redeploys)
DELETE/v1/compute/:id/secrets/:keyDelete a secret
GET/v1/compute/:id/secrets/:key/revealReveal a secret value

Create body

{
  "name": "bot",
  "type": "service",
  "image": "ghcr.io/me/bot:latest",
  "command": ["node", "server.js"],
  "cpu": 256,
  "memory": 512,
  "port": 8080,
  "env": { "LOG_LEVEL": "info" },
  "schedule_expr": "cron(0 9 * * ? *)"
}
port (services) exposes a public URL when an ALB is configured; otherwise the service runs headless. schedule_expr is required for type: "schedule". The image must contain /bin/sh to support exec/shell.

Shell sessions

POST /v1/compute/:id/shell returns a short-lived, task-scoped SSM session — { session: { sessionId, streamUrl, tokenValue }, region }. The client connects the WebSocket directly to streamUrl with tokenValue (the CLI’s naive compute ssh does this via the AWS session-manager-plugin). No AWS credentials are returned to the client. Sessions are transcript-logged. See the Compute guide and the SDK sub-client.