> ## Documentation Index > Fetch the complete documentation index at: https://docs.neo.projectdiscovery.io/llms.txt > Use this file to discover all available pages before exploring further. # Create task (stream/json) > Create a new task or continue an existing one. Returns SSE by default, or JSON acknowledgement when requested. **Response Modes:** - default (`response_format` omitted): streaming SSE response (`text/event-stream`) - `response_format=json`: synchronous acknowledgement (`202` + task id/status JSON) - if `response_format` is omitted and `Accept: application/json` is sent, JSON acknowledgement is returned. **Mode Options:** - `agent` (default): Full agent mode with all tools, execution capabilities, and memory - `chat`: Conversational mode with limited tools (web search, knowledge search) **Direct Agent Execution:** - Use `agent_id` to bypass AgentSwarm and route to a specific agent **Secrets (Opt-In):** - Use `secrets` to pass only selected secret names into task runtime - If omitted, no user/project secrets are exposed by default ## OpenAPI ````yaml https://neo.api.projectdiscovery.io/api/openapi.json post /api/v1/tasks openapi: 3.1.0 info: contact: name: ProjectDiscovery url: https://neo.projectdiscovery.io description: Neo API Server - Security agent orchestration platform license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0 title: Neo API version: 1.0.0 servers: - description: Production url: https://neo.api.projectdiscovery.io - description: Local development url: http://localhost:8080 security: [] tags: - description: Task execution and management name: Tasks - description: Agent listing and management name: Agents - description: Public agent directory name: Agent Directory - description: User file storage management name: Files - description: User working memory management name: Memory - description: Scheduled and recurring task management name: Schedules - description: Knowledge base and semantic search name: Knowledge - description: Encrypted user credentials and API keys name: Secrets - description: Neo API key management for programmatic access name: API Keys - description: User profile and account information name: User - description: Task and LLM usage tracking name: Usage - description: Bring Your Own Key provider management name: BYOK - description: Model discovery and capabilities name: Models - description: Third-party integrations name: Integrations - description: Skill knowledge documents for agent prompts name: Skills - description: Team management and member invitations name: Teams - description: Prompt library management and discovery name: Prompts - description: Slack bot integration for workspace installation and OAuth name: Slack - description: GitHub integration for PR reviews and repository management name: GitHub - description: Vulnerability issue tracking and management name: Issues - description: Subscription billing and plans name: Billing - description: Project management and member assignments name: Projects - description: SSH key pair generation and management for remote server access name: SSH Keys - description: Codebase structural analysis and mapping name: Codemaps - description: AI-generated codebase documentation and security analysis name: CodeWiki - description: Captured HTTP traffic query and replay name: Network Events paths: /api/v1/tasks: post: tags: - Tasks summary: Create task (stream/json) description: > Create a new task or continue an existing one. Returns SSE by default, or JSON acknowledgement when requested. **Response Modes:** - default (`response_format` omitted): streaming SSE response (`text/event-stream`) - `response_format=json`: synchronous acknowledgement (`202` + task id/status JSON) - if `response_format` is omitted and `Accept: application/json` is sent, JSON acknowledgement is returned. **Mode Options:** - `agent` (default): Full agent mode with all tools, execution capabilities, and memory - `chat`: Conversational mode with limited tools (web search, knowledge search) **Direct Agent Execution:** - Use `agent_id` to bypass AgentSwarm and route to a specific agent **Secrets (Opt-In):** - Use `secrets` to pass only selected secret names into task runtime - If omitted, no user/project secrets are exposed by default operationId: post-v1-tasks requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateTaskRequest' required: true responses: '200': content: text/event-stream: schema: type: string description: Streaming SSE response '202': content: application/json: schema: $ref: '#/components/schemas/CreateTaskAcceptedResponse' description: Task accepted (JSON acknowledgement mode) '400': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Bad request '401': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Unauthorized '500': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Internal server error security: - BearerAuth: [] - ApiKeyAuth: [] components: schemas: CreateTaskRequest: properties: agent_id: description: Bypass AgentSwarm and route to specific agent type: string agent_ids: description: Array of agent IDs for multi-agent orchestration items: type: string type: array ask_question: default: false description: >- Enable the ask_question tool for the planner with durable DB-backed suspension. When false (default), the tool and its prompt sections are removed entirely so the planner must proceed without asking the user clarifying questions. type: boolean auto_execute: default: false description: >- When mode=plan, auto-execute the plan without waiting for user approval type: boolean completion_delivery: description: > Optional. When set, controls how task results are handed off on completion. webhook — POST the completion artifact to the team webhook URL when configured. artifact — persist the completion artifact for GET /api/v1/tasks/{id}/artifacts. When omitted, no completion handoff runs. enum: - webhook - artifact type: string file_keys: description: Optional file references items: type: string type: array id: description: Optional task ID. If omitted or invalid, server generates one. format: uuid type: string isolated: default: false description: Run task in an ephemeral sandbox with no prior user context type: boolean max_iterations: description: >- Max execution-verification loop iterations. When omitted, defaults to 0 for agent mode (no verification) and 1 for plan mode (single execute + verify cycle). 0 = explicitly skip verification. 1+ = run that many execute+verify cycles. maximum: 5 minimum: 0 type: integer max_steps: description: >- Max LLM steps for execution mode only. Does not affect plan or verification phases. Defaults to 45 (direct) or 60 (swarm). maximum: 200 minimum: 4 type: integer message: $ref: '#/components/schemas/MessageInput' mode: default: agent description: >- agent = full tools, chat = limited tools, plan = info-gathering + strategic planning enum: - agent - chat - plan type: string model: $ref: '#/components/schemas/ModelType' description: >- Optional model. If omitted/empty, server resolves default via user/team/tag policy. project_id: description: Project ID to scope task to. If omitted, task is user-scoped. format: uuid type: string response_format: description: > Optional response mode. - sse: stream response events - json: immediate acknowledgement with task id/status When omitted, server falls back to Accept header and defaults to sse. enum: - sse - json type: string sandbox_id: description: | Optional sandbox to run this task on. Use the id returned by GET /api/v1/sandboxes. When omitted, your default sandbox is used. format: uuid type: string schedule: $ref: '#/components/schemas/ScheduleConfigInput' secrets: description: | Optional secret names to expose at runtime (opt-in). Only listed names are resolved and made available to tools. If omitted or empty, no user/project secrets are exposed. items: type: string type: array task: description: >- Optional shorthand user input. Used only when message.parts is absent. type: string visibility: description: Task visibility. Defaults to private when omitted/empty. enum: - public - private - unlisted - team type: string type: object CreateTaskAcceptedResponse: properties: status: description: Request acknowledgement status. enum: - accepted type: string task_id: description: Task ID accepted for execution. format: uuid type: string warnings: description: > Non-fatal warnings attached to a successful task acceptance. Only emitted in JSON-mode; SSE callers should poll GET /api/v1/user for the same signal. items: $ref: '#/components/schemas/TaskWarning' type: array required: - task_id - status type: object ErrorResponse: properties: code: description: > Stable machine-readable error code — branch on this rather than matching the human `error`/`message` strings. Domain codes include `user_spending_cap_reached`, `project_spending_cap_reached`, and `insufficient_neo_credits`; otherwise it mirrors the error kind (e.g. `forbidden`, `invalid_request`, `not_exists`, `already_exists`). example: user_spending_cap_reached type: string error: example: Bad request type: string error_id: description: Correlation id for a specific error instance, when present. type: string kind: description: Coarse error category (e.g. "forbidden request", "invalid request"). example: forbidden request type: string message: description: | Human-readable detail (the kind prefixed to the error). For display, not for branching. type: string required: - error type: object MessageInput: properties: id: description: Optional message ID. If omitted or invalid, server generates one. format: uuid type: string parts: description: >- Message parts. If absent/empty and task is provided, task is mapped to a text part. items: $ref: '#/components/schemas/MessagePartInputV2' type: array role: description: Optional role. Defaults to user when omitted. enum: - user type: string type: object ModelType: description: | LLM model identifier. "auto" defers model selection to the agent, which picks per-request based on task complexity, cost, and security context. enum: - auto - opus-4.8 - opus-4.7 - opus-4.6 - sonnet-4.6 - haiku-4.5 - gpt-5.5-high - gpt-5.4-xhigh - gpt-5.4-high - gpt-5.3-codex-high - gemini-3-pro - gemini-3-flash - grok-4.3-high - grok-4.3-fast - kimi-k2.6 - glm-5 - glm-5.1 - glm-5.2 - deepseek-v4-pro-high type: string ScheduleConfigInput: properties: name: description: Human-readable schedule name type: string scan_frequency: enum: - hourly - daily - weekly - monthly type: string schedule_type: enum: - recurring - one_time type: string start_time: description: Start time in HH:MM format (24h) type: string required: - schedule_type type: object TaskWarning: properties: code: enum: - spending_cap_approaching - project_spending_cap_approaching type: string message: type: string required: - code - message type: object MessagePartInputV2: properties: media_type: description: MIME type (for type=file) type: string name: description: File name (for type=file) type: string text: description: Text content (for type=text) type: string type: enum: - text - file type: string url: description: File URL (for type=file) format: uri type: string required: - type type: object securitySchemes: BearerAuth: bearerFormat: JWT description: JWT authentication token scheme: bearer type: http ApiKeyAuth: description: Neo API key (neo_sk_* prefix) in: header name: X-Api-Key type: apiKey ````