Every framework-backed page in Space Agent boots throughDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/agent0ai/space-agent/llms.txt
Use this file to discover all available pages before exploring further.
/mod/_core/framework/js/initFw.js, which calls initializeRuntime() and publishes a shared runtime on globalThis.space. This object is the stable contract between modules — it provides authenticated backend calls, per-user encryption, browser-window control, Markdown and YAML utilities, and cross-feature namespaces. The runtime is window-local and must never be published into parent, top, or sibling frames.
space.api — Backend API Helpers
space.api is the canonical frontend client for authenticated backend calls. Same-tick fileRead calls are automatically coalesced into one /api/file_read request and re-sliced back to each caller. Identical in-flight extensions_load, file_read, file_info, file_list, file_paths, and user_self_info requests are deduplicated by request shape.
Identity
Returns the current authenticated user’s identity snapshot.
sessionId, userCryptoKeyId, and userCryptoState are returned at runtime even though they do not appear in the base SpaceUserSelfInfo TypeScript type. Use them when binding the userCrypto session or checking encryption state.File Operations
Read one file by logical path. Accepts a plain string, an object
{ path, encoding? }, or a batch form { files: [...] }. Same-tick calls coalesce automatically.List files at a logical path. The options object supports filtering by access level.
Returns a same-origin attachment URL for a permission-checked ZIP download of a folder. Use this instead of fetching the archive blob into browser memory.
Git History Helpers
These helpers are available whenCUSTOMWARE_GIT_HISTORY=true (the default). They wrap the server-owned writable-layer history endpoints.
Paginated commit listing for a writable owner root.
File diff for a specific commit.
Preview affected files before a travel or revert operation, with an optional per-file patch.
Move HEAD to a past commit. Preserves newer commits in backend-owned refs so forward-travel still works.
Create a new commit that undoes a past commit without resetting HEAD.
space.utils — Utilities
Markdown
Renders Markdown text into a DOM element, replacing the target’s contents with a
.markdown root.Parses Markdown frontmatter and returns the separated
frontmatter object and body string.User Crypto
space.utils.userCrypto provides session-scoped encryption for browser-owned secrets (API keys, personal settings, etc.). It restores the unlocked key from per-tab sessionStorage first, then from an encrypted localStorage blob via /api/user_crypto_session_key. In SINGLE_USER_APP=true mode, all operations short-circuit to plaintext pass-through.
Encrypts a string. Returns a
userCrypto:-prefixed ciphertext string.Decrypts a
userCrypto:-prefixed ciphertext string back to plaintext.Encrypts a binary buffer.
Decrypts an encrypted binary buffer.
Returns the current encryption status — whether the browser key is unlocked, locked, or unavailable.
Clears the in-tab
sessionStorage key and the localStorage encrypted blob together. Called on logout or when the local blob cannot be decrypted for the current session.In
SINGLE_USER_APP=true, encryptText and decryptText are pass-throughs. Legacy userCrypto:-prefixed values stored from a multi-user session will surface as locked placeholders until the user replaces them.YAML
Parses a YAML string using the project-owned
yaml-lite.js utility, which the server also imports directly for consistent behavior.Serializes a JavaScript object to YAML. Supports nested maps, lists, block scalars, and standard YAML quoting.
space.browser — Web Browsing Runtime
space.browser controls all registered browser surfaces: popup windows opened via the Browser menu action, and inline <x-browser src="..."> elements in widgets or other app DOM. The public API uses numeric IDs (1, 2, …) even though the internal store tracks them as browser-1, browser-2, etc. Popup windows persist their URL, size, position, minimized state, and stacking data across page reloads.
Discovery and Management
Navigation
Content Inspection
Returns a human-readable typed-ref snapshot of the page. Non-visible content (
hidden, aria-hidden, display:none, visibility:hidden, opacity:0, etc.) is omitted. Pass { selector } or { selectors: [...] } in options to scope the read to a CSS selector. Output uses compact typed-ref boxes:Raw DOM snapshot for debugging. Both
content and dom accept either { selector } or { selectors: [...] } in the options object for scoped reads.Richer state metadata for a single referenced node — the preferred low-token path for inspecting one destination or DOM target before acting on it.
Reference-Targeted Actions
All ref-targeted actions return{ action, state } where action.status carries visible-effect flags (SpaceBrowserActionStatus) and state is the settled SpaceBrowserWindowState snapshot.
Raw Bridge and Evaluate
Send a raw bridge message to the in-page runtime. Use for custom extensions or advanced cases.
Last-resort escape hatch — executes JavaScript inside the browser page and returns the result. Use only when no ref-targeted action covers the need.
Diagnostics
error. Raising it adds browser-bridge diagnostic noise to the console without affecting production behavior.
Other Runtime Namespaces
space.config
Frontend-exposed runtime parameters injected by the server into <meta name="space-config"> tags. Read with space.config.<paramName>. Only parameters explicitly marked frontend_exposed in the server runtime are available here.
space.fw
Registers an Alpine store with
init(), mount(refs), and unmount() lifecycle hooks.space.proxy and space.fetchExternal
Returns a same-origin proxied URL string. Use sparingly — prefer direct
fetch() or space.fetchExternal() first.Cross-origin fetch with automatic proxy fallback. If a direct request fails and the
/api/proxy retry succeeds, the runtime caches that origin in memory and routes future requests for it through the backend immediately. Never hardcode third-party CORS proxy services.space.download
File download helpers. Use for triggering browser-native downloads of content already in memory.
space.router
Hash router helpers for the authenticated app. Available on routed pages as both space.router and Alpine $router.
space.onscreenAgent
Controls the floating overlay agent.
space.current and space.spaces
space.current exposes the active space’s widgets and metadata for widget authoring. space.spaces provides persisted space CRUD, widget upsert/patch/remove, layout helpers, and space duplication.
space.chat
The current prepared chat context, published by agent surfaces during an active turn.
Metadata list for all prompt contributors in the current turn: system prompt blocks, transient sections, history messages, and trimmed items.
Read a trimmed prompt contributor by its
id. Accepts { id, from?, to? } for range-limited reads.Mutable registry for non-persisted transient context blocks. Use
set(key, section), upsert(key, section), get(key), list(), delete(key), and clear().space.visual
Small shared UI helpers exposed by _core/visual modules.
space.skills
Load a skill by its ID into the current agent session’s context.
space.extend
Wraps a function to expose
/start and /end JS extension hook points. The wrapped function becomes async. Use from module entry points, not from feature components.