Manage files on a running computer. All paths are restricted to /workspace, /home, /root, /tmp, /opt, and /srv.
Base path: /api/v1/computers/{id}/files
Upload a File
POST /api/v1/computers/{id}/files/upload
Uploads a file to the computer via multipart form data.
Request
Content-Type: multipart/form-data
| Field | Type | Required | Description |
|---|---|---|---|
file | file | Yes | File to upload |
path | string | No | Remote path. If ends with /, filename is appended. Default: /workspace/ |
Response - 201 Created
{
"success": true,
"file": {
"path": "/workspace/script.py",
"filename": "script.py",
"size_bytes": 1234
}
}Errors
| Status | Code | Description |
|---|---|---|
| 400 | MISSING_FILE | No file field in request |
| 403 | FORBIDDEN_PATH | Path outside allowed directories |
| 413 | FILE_TOO_LARGE | File exceeds 10 MB limit |
| 502 | AGENT_UNAVAILABLE | In-VM agent unreachable |
curl -X POST https://api.miosa.ai/api/v1/computers/{id}/files/upload
-H "Authorization: Bearer $MIOSA_API_KEY"
-F "file=@./script.py"
-F "path=/workspace/scripts/"List Directory
GET /api/v1/computers/{id}/files
Lists files and directories at a given path.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Directory to list. Default: /workspace |
Response - 200 OK
{
"files": [
{
"name": "Documents",
"type": "directory",
"size_bytes": 4096,
"modified_at": "2026-04-11T10:30:00Z"
},
{
"name": "script.py",
"type": "file",
"size_bytes": 1234,
"modified_at": "2026-04-11T10:25:00Z"
}
],
"path": "/workspace"
}File Entry Fields
| Field | Type | Description |
|---|---|---|
name | string | File or directory name |
type | string | "file" or "directory" |
size_bytes | integer | Size in bytes |
modified_at | ISO 8601 | Last modification time |
curl "https://api.miosa.ai/api/v1/computers/{id}/files?path=/workspace"
-H "Authorization: Bearer $MIOSA_API_KEY"Download a File
GET /api/v1/computers/{id}/files/download
Downloads a file from the computer as binary data.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | Yes | Full path to the file |
Response - 200 OK
Binary file content. Content-Type is inferred from the file extension. The Content-Disposition header is set for download.
Errors
| Status | Code | Description |
|---|---|---|
| 400 | MISSING_PATH | No path parameter |
| 403 | FORBIDDEN_PATH | Path outside allowed directories |
| 502 | AGENT_UNAVAILABLE | In-VM agent unreachable |
curl "https://api.miosa.ai/api/v1/computers/{id}/files/download?path=/workspace/output.txt"
-H "Authorization: Bearer $MIOSA_API_KEY"
--output output.txtExport a File
POST /api/v1/computers/{id}/files/export
Returns file metadata and base64-encoded content in a single response.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
path | string | Yes | Full path to the file |
Response - 200 OK
{
"success": true,
"file": {
"path": "/workspace/data.json",
"filename": "data.json",
"size_bytes": 5678,
"content_type": "application/json",
"modified_at": "2026-04-11T10:30:00Z"
},
"content_base64": "eyJrZXkiOiAidmFsdWUifQ=="
}Errors
| Status | Code | Description |
|---|---|---|
| 400 | MISSING_PATH | No path in request body |
| 403 | FORBIDDEN_PATH | Path outside allowed directories |
| 404 | FILE_NOT_FOUND | File does not exist or is empty |
curl -X POST https://api.miosa.ai/api/v1/computers/{id}/files/export
-H "Authorization: Bearer $MIOSA_API_KEY"
-H "Content-Type: application/json"
-d '{"path": "/workspace/data.json"}'Delete a File
DELETE /api/v1/computers/{id}/files
Removes a file from the computer.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
path | string | Yes | Full path to the file to delete |
Response - 200 OK
{
"success": true,
"path": "/workspace/old-file.txt"
}Errors
| Status | Code | Description |
|---|---|---|
| 400 | MISSING_PATH | No path in request body |
| 403 | FORBIDDEN_PATH | Path outside allowed directories |
| 502 | AGENT_UNAVAILABLE | In-VM agent unreachable |
curl -X DELETE https://api.miosa.ai/api/v1/computers/{id}/files
-H "Authorization: Bearer $MIOSA_API_KEY"
-H "Content-Type: application/json"
-d '{"path": "/workspace/old-file.txt"}'Path Security
All paths are validated before execution:
- Expansion -
Path.expandresolves..,~, and symlinks - Prefix check - Expanded path must start with
/workspace,/home,/root,/tmp,/opt, or/srv - Rejection - Paths outside these prefixes return
403 FORBIDDEN_PATH
This prevents path traversal attacks. For example, /workspace/../../etc/passwd expands to /etc/passwd and is rejected.