Aurora / AI API

Endpoint: GET/POST /api/assistant.php

Auth: Session + CSRF

Chat with Aurora

Send Message

POST /api/assistant.php
Content-Type: application/json

{
  "message": "What files do I have?",
  "model": "claude-sonnet-4-6",
  "conversation_id": null,
  "history": [],
  "context": {},
  "image": null
}

Parameters:

Name	Type	Description
message	string	User's message
model	string	AI model identifier
conversation_id	integer/null	Existing conversation or null for new
history	array	Previous messages for context
context	object	Additional context (app state, etc.)
image	string/null	Base64 image for vision analysis

Response:

{
  "response": "Here are your files:\n\n- Documents/\n- Downloads/\n- Notes/\n...",
  "actions": [
    {
      "type": "open_app",
      "data": { "slug": "files" }
    }
  ]
}

Actions

The actions array can contain UI operations triggered by Aurora:

Action Type	Description
open_app	Open an app in the desktop
set_wallpaper	Change the wallpaper
refresh_apps	Rebuild the dock
reload_app	Reload an app iframe

Conversation Management

List Conversations

GET /api/assistant.php?action=conversations

Get Messages

GET /api/assistant.php?action=messages&conversation_id=5

Delete Conversation

POST /api/assistant.php
Content-Type: application/json

{
  "action": "delete_conversation",
  "conversation_id": 5
}

Processing Pipeline

Aurora uses a multi-phase pipeline when an agent model is configured:

Phase 1: Chat Model
  ├── Understands user intent
  ├── Delegates tasks to agents
  └── Formats final response

Phase 2a: Agent Model (tools)
  ├── Receives task description
  ├── Executes tools via function calling
  └── Returns results

Phase 2b: Vision Model (images)
  ├── Receives image + query
  └── Returns analysis

Phase 3: Chat Model
  └── Combines all results into response

Legacy Mode

For models without function calling support, a single-model tool loop is used with XML-based tool format. The system automatically selects the right mode based on model capabilities.

Tool Execution

When Aurora calls tools, the execution happens server-side:

1. AI returns tool call(s) in its response
2. tool-executor.php validates and executes each tool
3. Results are fed back to the AI
4. Loop continues (max 5 iterations) until AI provides a final response

Safety

• File operations are sandboxed to user's home directory
• Command execution (run_command) has a blocklist of dangerous commands
• Path traversal is prevented via sanitizePath()
• SSRF validation on URL fetching