Canister API
Call Kinic Wiki from ICP CLI
Use icp canister call when you need the raw Candid API on the mainnet canister. Query methods include --query; write methods are update calls and omit it.
1. Smoke Check
Confirm that ICP CLI can reach the Kinic Wiki canister on mainnet.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai canister_health '()' --query -n ic -o candid2. List Anonymous-Readable DBs
Use --identity anonymous to find DBs readable by principal 2vxsx-fae.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai list_databases '()' \
--query -n ic --identity anonymous -o candid3. Query Database SQL
Call a readable DB with the current ICP CLI identity. Private DBs require a member identity.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai query_database_sql_json \
'("<database-id>", "SELECT json_object('\''path'\'', path, '\''updated_at'\'', updated_at) FROM fs_nodes ORDER BY updated_at DESC LIMIT 20", 20 : nat32)' \
--query -n ic -o candid4. Anonymous SQL Read
Read the example DB anonymously. This is not an auth bypass; the DB grants Reader to 2vxsx-fae.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai query_database_sql_json \
'("<public-database-id>", "SELECT json_object('\''path'\'', path) FROM fs_nodes LIMIT 20", 20 : nat32)' \
--query -n ic --identity anonymous -o candid5. Anonymous Node Read
Use a path returned by SQL or search, then call read_node against the same anonymous-readable DB.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai read_node \
'("<public-database-id>", "/Sources")' \
--query -n ic --identity anonymous -o candid6. Write Preflight
Check writer access and DB cycles before sending an update call. Anonymous identity is rejected.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai check_database_write_cycles \
'("<database-id>")' \
--query -n ic -o candid7. Write Nodes
Call write_nodes as a database writer or owner. This is an update call, so it has no --query flag.
icp canister call 6emaw-iyaaa-aaaay-aacka-cai write_nodes \
'(record {
database_id = "<database-id>";
nodes = vec {
record {
path = "/Knowledge/example.md";
kind = variant { File };
content = "# Example";
metadata_json = "{}";
expected_etag = null;
};
};
})' \
-n ic -o candidAccess Model
- The mainnet canister ID is the endpoint target. Access is still enforced per database.
- Anonymous read means calls use --identity anonymous and caller principal 2vxsx-fae.
- Only DBs that granted Reader to 2vxsx-fae are readable anonymously.
- Private DB calls use the current ICP CLI identity and require that identity to be a DB member.
- This page documents raw Candid calls, not kinic-vfs CLI commands.
Parameters
- database_id: text
- Readable wiki database ID. Private DBs require a member identity; anonymous-readable DBs can use anonymous.
- sql: text
- Restricted JSON SELECT over fs_nodes or fs_links.
- limit: nat32
- Maximum rows returned by the canister response envelope.
- path: text
- Exact VFS path, for example /Knowledge/index.md or a path returned by query_database_sql_json.
- nodes: vec WriteNodeItem
- Batch of File, Source, or Folder writes. Each item has path, kind, content, metadata_json, and optional expected_etag.
- expected_etag: opt text
- Use null for create or unchecked replace; use opt "<etag>" to reject stale overwrites.
Query Endpoints
- canister_health()
- Smoke check for the target canister.
- list_databases()
- List databases readable by the caller identity.
- check_database_write_cycles(database_id)
- Preflight write access and cycles state for writer or owner identities.
- read_node(database_id, path)
- Read one file or folder node by exact path.
- query_database_sql_json(database_id, sql, limit)
- Run a restricted JSON SELECT against one readable wiki database.
- search_nodes(request)
- Search wiki content and paths with lightweight previews.
- search_node_paths(request)
- Search paths only.
- list_children(request)
- List direct children under one folder path.
- read_node_context(request)
- Read a node with nearby link context.
- query_context(request)
- Recall task-scoped memory from role pages, search, and linked nodes.
- source_evidence(request)
- Resolve source evidence for a knowledge node.
- memory_manifest(request)
- Inspect the workspace four-store layout and recall limits.
Write Endpoints
- write_node(request)
- Write or replace one file/source node, or create one folder.
- write_nodes(request)
- Write or replace multiple file/source nodes, or create folders, in one batch.
- append_node(request)
- Append content to one node with an optional etag guard.
- edit_node(request)
- Replace text inside one node with an optional etag guard.
- delete_node(request)
- Delete one node. Use etag guards for destructive edits.
- mkdir_node(request)
- Create a folder node.
- move_node(request)
- Move or rename one node.
- Write calls are update calls. Do not pass --query.
- The caller must be a writer or owner of the target database.
- The database must have enough cycles for writes.
- check_database_write_cycles is a query preflight; it rejects anonymous callers and underfunded DBs.
- Use expected_etag when replacing existing content to avoid overwriting concurrent edits.
- Use expected_etag = null only for a create or intentionally unchecked replace.
- write_node and write_nodes accept File, Source, and Folder items; folder writes are create-only and idempotent.
- Anonymous identity can read only anonymous-readable DBs; it cannot write.
SQL Rules
- SQL must be one SELECT, <=4096 bytes, from exactly fs_nodes or fs_links.
- LIMIT 1..100 is required in SQL; pass the same upper bound as the nat32 argument.
- Return exactly one non-null JSON object TEXT column, usually with json_object(...).
- Each row is capped at 64 KiB; the total row payload is capped at 256 KiB.
- Joins, subqueries, grouping, window functions, aggregate functions, comments, semicolons, OFFSET, and mutating/admin tokens are rejected.
- Index DB tables, metrics, sessions, marketplace orders, and billing tables are not exposed.