Trigger a manual fetch-and-ingest from an external transport
Lists every object matching the supplied transport coordinates (SFTP today) and streams each into the trusted-content ingestion pipeline (dedup + outbox + match-trigger), returning a per-file outcome in fetch order. The tenant is resolved from the JWT and the context/source from the path — NEVER from the body. The body carries connection coordinates plus an OPAQUE credential reference, never a secret. A transport-level fetch failure (the external endpoint is unreachable or rejects the credential) returns 503; per-file intake failures are reported in the response body without failing the batch.
Authorizations
Bearer token authentication (format: "Bearer {token}")
Body
Opaque stored-credential reference (not a secret)
1"cred-handle-123"
Remote endpoint hostname or IP
1"sftp.bank.example"
Remote directory to list/fetch from
1"outbound/returns"
Remote endpoint port
1 <= x <= 6553522
Optional non-secret transport tuning (e.g. known_hosts, user, timeout_seconds)
Fallback content-format hint applied when a fetched object declares none. Accepts the namespaced FormatDescriptor key (region/family/variant) or the legacy flat aliases (cnab240, cielo_edi, ...); both resolve through the same parser registry
"br/cnab240/febraban-base"
Optional glob filter; empty fetches all
"*.ret"
Transport kind selecting the adapter
sftp, https, s3, imap "sftp"
Response
Accepted
Per-file outcomes of the fetch-and-ingest batch, in fetch order

