{ "generated": "2026-05-20", "source": "src/router.js", "sources": [ "src/router.js", "src/oauth.js", "src/ab-routes.js", "src/account-ui-routes.js", "src/airgap-routes.js", "src/audit-routes.js", "src/federated-consortium-routes.js", "src/govern-routes.js", "src/intoto-receipt-routes.js", "src/k8s-routes.js", "src/lingual-routes.js", "src/marketplace-routes.js", "src/mcp-gateway-routes.js", "src/meta-routes.js", "src/multimodal-pipeline-routes.js", "src/pipeline-routes.js", "src/reg-routes.js", "src/savings-routes.js", "src/transparency-log-routes.js", "src/website-status-routes.js" ], "total_routes": 929, "group_count": 214, "groups": [ { "key": "ab", "label": "Ab", "routes": [ { "method": "POST", "path": "/v1/ab/configure", "line": 97, "source": "src/ab-routes.js", "short": "Body: { namespace, version_a, version_b, split?, idempotency_key? }", "comments": [ "Body: { namespace, version_a, version_b, split?, idempotency_key? }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/ab/feedback", "line": 150, "source": "src/ab-routes.js", "short": "thumb:'up'|'down'?, comment?, ab_test_id? }", "comments": [ "thumb:'up'|'down'?, comment?, ab_test_id? }", "Persists a row to the event-store under workflow_id=AB_FEEDBACK_WORKFLOW", "so ab-metrics.aggregate() can read it. Also fans the row to the W720", "self-improvement queue when deps.selfImprovement.enqueue is wired." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/ab/metrics", "line": 354, "source": "src/ab-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/ab/promote", "line": 253, "source": "src/ab-routes.js", "short": "Body: { namespace, force?:boolean, thresholds?:{...} }", "comments": [ "Body: { namespace, force?:boolean, thresholds?:{...} }", "When `force=true` we bypass the decide() gate and promote variant_b", "immediately. Otherwise we run the full evaluate() pipeline and only", "promote when decide() returns 'promote'." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/ab/status", "line": 114, "source": "src/ab-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "ab-tests", "label": "Ab Tests", "routes": [ { "method": "GET", "path": "/v1/ab-tests", "line": 27754, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/ab-tests/:id", "line": 27771, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/ab-tests/:id/assignments", "line": 27861, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/ab-tests/:id/promote", "line": 27814, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/ab-tests/:id/rollback", "line": 27839, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/ab-tests/:id/stop", "line": 27790, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/ab-tests/create", "line": 27728, "source": "src/router.js", "short": "Returns: {ok, ab_test_id, request_hash, arm, frozen, reason, version}", "comments": [ "Returns: {ok, ab_test_id, request_hash, arm, frozen, reason, version}", "Auth-gated via req.tenant_record. Tenant fence forced from session, never", "from request body. Distinct prefix /v1/ab-tests/* so parallel agents on", "cannot collide on these route paths." ], "stub": false, "expanded_from": null } ] }, { "key": "account", "label": "Account", "routes": [ { "method": "GET", "path": "/v1/account", "line": 9799, "source": "src/router.js", "short": "Account", "comments": [ "Account" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/api-control-center", "line": 17735, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/account/api-control-center/adapter-manifests/validate", "line": 15827, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/account/api-control-center/events", "line": 15822, "source": "src/router.js", "short": "Enterprise control-center intake alias. This exposes the advertised", "comments": [ "Enterprise control-center intake alias. This exposes the advertised", "canonical event envelope directly from the account surface." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/api-control-center/exports", "line": 15840, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/account/api-control-center/exports", "line": 15865, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/api-control-center/exports/:id", "line": 15852, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/audit-log", "line": 10751, "source": "src/router.js", "short": "/v1/account/audit-log surfaces the audit ledger for the calling", "comments": [ "/v1/account/audit-log surfaces the audit ledger for the calling", "tenant. The audit-log.html page renders {entries:[{at,actor,op,payload}]}.", "added ?format=csv (defaults to json) so the page's export button", "and `kolm audit --format csv` CLI verb hit the same route. Also added", "?since= filter so the CLI can scope to a recent window." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/audit-log/verify", "line": 8910, "source": "src/router.js", "short": "tenant's audit ledger (no body). Returns { ok, verified, chain_length,", "comments": [ "tenant's audit ledger (no body). Returns { ok, verified, chain_length,", "broken_at? } so the audit-log page can render a green/red state." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/audit/retention", "line": 11060, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/billing", "line": 12797, "source": "src/router.js", "short": "Billing summary the account-billing page reads: plan, status, period, credit", "comments": [ "Billing summary the account-billing page reads: plan, status, period, credit", "balance, tax fields, Full Readiness entitlements, continuous subscription,", "recent invoices, dunning state, and whether the portal can be opened." ], "stub": false, "expanded_from": null }, { "method": "PATCH", "path": "/v1/account/billing", "line": 12849, "source": "src/router.js", "short": "M13 - capture VAT number / tax id (+ optional company + country) for the", "comments": [ "M13 - capture VAT number / tax id (+ optional company + country) for the", "invoice header and Stripe automatic_tax. Tenant-fenced + audited." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/billing/portal", "line": 12765, "source": "src/router.js", "short": "M9 - open a Stripe Billing Portal session so the customer can self-serve", "comments": [ "M9 - open a Stripe Billing Portal session so the customer can self-serve", "payment-method updates, cancellation/downgrade, and receipt downloads. 503", "when no Stripe secret key is configured; 409 when the tenant has no Stripe", "customer yet (no paid subscription has ever been created for them)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/cancel", "line": 13491, "source": "src/router.js", "short": "Self-serve cancel / downgrade-to-free. Any paid tenant can drop to the", "comments": [ "Self-serve cancel / downgrade-to-free. Any paid tenant can drop to the", "free tier without contacting anyone." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/change-plan", "line": 12666, "source": "src/router.js", "short": "Self-serve plan changes. Free is applied instantly (this is also the", "comments": [ "Self-serve plan changes. Free is applied instantly (this is also the", "downgrade / cancel path). Paid plans return a Stripe Payment Link with", "`client_reference_id=`; the plan is flipped only when the", "webhook receives `checkout.session.completed`. This guarantees the", "tenant cannot get paid features without paying." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/compiler-overview", "line": 17656, "source": "src/router.js", "short": "Compiler overview - a backend-owned application contract for the main", "comments": [ "Compiler overview - a backend-owned application contract for the main", "product surface. The UI can render this instead of hard-coding an audit", "dashboard as the first-run experience." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/compliance-package", "line": 13584, "source": "src/router.js", "short": "can read end-to-end. Tenant metadata + signed receipts + audit log +", "comments": [ "can read end-to-end. Tenant metadata + signed receipts + audit log +", "BAA-ready org details + control mapping snapshot. JSON only (no PHI ever", "transits this endpoint - receipts are payload-free by design). Auditors", "who want a literal ZIP can pipe `curl ... | jq -r .b64_zip | base64 -d`,", "but the JSON shape is the canonical artifact." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/delete", "line": 13683, "source": "src/router.js", "short": "Self-serve account delete. Soft-delete the tenant; receipts and artifacts", "comments": [ "Self-serve account delete. Soft-delete the tenant; receipts and artifacts", "already shipped to users keep verifying since the cloud signing key is", "unchanged. The tenant can no longer authenticate. If they had an active", "Stripe subscription we ask Stripe to cancel it so they aren't charged", "again - best-effort, never blocks deletion." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/export", "line": 13537, "source": "src/router.js", "short": "Self-serve data export (/privacy promises this). Returns a JSON bundle", "comments": [ "Self-serve data export (/privacy promises this). Returns a JSON bundle", "of the tenant's row plus every concept, compile job, observation, and", "invocation we have on file for them. We strip secrets (api_key_hash,", "stripe_customer_id keeps existing for portability, billing tokens drop).", "Content-Disposition nudges browsers to save the file." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/invoices", "line": 12788, "source": "src/router.js", "short": "M11 - list the tenant's invoices / receipts (newest first). Reads the local", "comments": [ "M11 - list the tenant's invoices / receipts (newest first). Reads the local", "ledger populated by the invoice.payment_succeeded webhook." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/keys", "line": 10630, "source": "src/router.js", "short": "Account API key list - returns the tenant primary key metadata without the raw secret.", "comments": [ "Account API key list - returns the tenant primary key metadata without the raw secret." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/keys", "line": 10646, "source": "src/router.js", "short": "Account API key create - rotates the tenant primary key and audits the requested label.", "comments": [ "Account API key create - rotates the tenant primary key and audits the requested label." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/account/keys/:prefix", "line": 10733, "source": "src/router.js", "short": "Account API key revoke - rotates away a key prefix and returns the replacement secret.", "comments": [ "Account API key revoke - rotates away a key prefix and returns the replacement secret." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/next-actions", "line": 17050, "source": "src/router.js", "short": "Next-actions list - returns the top-5 ranked proactive actions for the tenant.", "comments": [ "Next-actions list - returns the top-5 ranked proactive actions for the tenant." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/next-actions/snooze", "line": 17755, "source": "src/router.js", "short": "Next-actions snooze - silences the matching dismiss_key for N days (default 14).", "comments": [ "Next-actions snooze - silences the matching dismiss_key for N days (default 14)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/provider-keys", "line": 10664, "source": "src/router.js", "short": "Provider-key vault: per-employee / per-team upstream provider keys", "comments": [ "Provider-key vault: per-employee / per-team upstream provider keys", "The core of \"every employee's AI use, in one place you control\": a member", "stores their OpenAI/Anthropic/etc. key here; the gateway routes their", "traffic under it (see dispatch) and the call lands in the team lake", "attributed to them. Responses are always redacted (never the raw secret)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/provider-keys", "line": 10676, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/account/provider-keys/:id", "line": 10699, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/account/receipt-secret/prune", "line": 12642, "source": "src/router.js", "short": "Drop a specific previous key from the verification ring. Receipts signed", "comments": [ "Drop a specific previous key from the verification ring. Receipts signed", "with that key will no longer verify against this tenant after this call.", "The current key cannot be pruned - rotate first to retire it." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/receipt-secrets", "line": 12629, "source": "src/router.js", "short": "List receipt-signing key metadata for the calling tenant. Secrets are", "comments": [ "List receipt-signing key metadata for the calling tenant. Secrets are", "never returned - only the key_id, status, and rotation timestamps." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/rotate-key", "line": 9876, "source": "src/router.js", "short": "Account API key rotation - rotates the tenant's primary API key and returns the new secret.", "comments": [ "Account API key rotation - rotates the tenant's primary API key and returns the new secret." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/rotate-receipt-secret", "line": 12610, "source": "src/router.js", "short": "Rotate the per-tenant receipt-signing secret. Previous secret is", "comments": [ "Rotate the per-tenant receipt-signing secret. Previous secret is", "preserved so older signed artifacts and audit rows still verify." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/saml/acs", "line": 11779, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/saml/metadata", "line": 11487, "source": "src/router.js", "short": "SP metadata is a static document an IdP fetches at federation-config", "comments": [ "SP metadata is a static document an IdP fetches at federation-config", "time. It does NOT depend on entitlement (publishing the SP entity ID", "is fine even for tenants who can't yet bind to it)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/scoped-keys", "line": 10714, "source": "src/router.js", "short": "Scoped member API keys (multi-key, least-privilege)", "comments": [ "Scoped member API keys (multi-key, least-privilege)", "Mint keys with a subset of scopes (e.g. capture:read, lake:export,", "namespace:, or *) so a teammate or a CI job gets only what it needs.", "Non-breaking: the tenant-primary key (rotate via /v1/account/keys) is full." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/scoped-keys", "line": 10718, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/account/scoped-keys/:id", "line": 10727, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/settings", "line": 10834, "source": "src/router.js", "short": "Account settings read - returns tenant settings merged with current defaults.", "comments": [ "Account settings read - returns tenant settings merged with current defaults." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/account/settings", "line": 10845, "source": "src/router.js", "short": "Account settings update - persists whitelisted tenant settings and audits changed fields.", "comments": [ "Account settings update - persists whitelisted tenant settings and audits changed fields." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/account/sso/configure", "line": 11342, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/account/sso/scim-token", "line": 11447, "source": "src/router.js", "short": "Generate (or rotate) the per-tenant SCIM bearer token an IdP uses to drive", "comments": [ "Generate (or rotate) the per-tenant SCIM bearer token an IdP uses to drive", "SCIM 2.0 provisioning. Returned in plaintext exactly ONCE (on generation);", "only the hash is persisted. Rotating invalidates the previous token. The", "token is never written to logs or the audit payload." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/account/sso/status", "line": 11317, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/account/state", "line": 9895, "source": "src/router.js", "short": "/account/overview \"What's next\" engine reads. Returns artifact + capture", "comments": [ "/account/overview \"What's next\" engine reads. Returns artifact + capture", "+ namespace counts, the age of the last artifact, age of the primary api", "key, plus a flat `signals` array each rule in whats-next.js matches on.", "Auth-gated (NOT in PUBLIC_API) - cross-tenant state leaks were what made", "/v1/intent/next add tenant_id scoping in W432." ], "stub": false, "expanded_from": null } ] }, { "key": "active-learning", "label": "Active Learning", "routes": [ { "method": "GET", "path": "/v1/active-learning/summary", "line": 23254, "source": "src/router.js", "short": "Plain empty-state: if active-learning-queue.js isn't on disk yet", "comments": [ "Honest empty-state: if active-learning-queue.js isn't on disk yet", "(sibling agent still building, or this is a fresh deploy), return", "ok:true with module_missing:true so the dashboard can render a", "useful empty state instead of a 500." ], "stub": false, "expanded_from": null } ] }, { "key": "admin", "label": "Admin", "routes": [ { "method": "GET", "path": "/v1/admin/audit", "line": 12990, "source": "src/router.js", "short": "Admin audit feed - newest audit events with tenant and operation metadata.", "comments": [ "Admin audit feed - newest audit events with tenant and operation metadata." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/compile-jobs", "line": 13010, "source": "src/router.js", "short": "Admin compile job feed - newest compile jobs with tenant, task, status, and score.", "comments": [ "Admin compile job feed - newest compile jobs with tenant, task, status, and score." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/control-files", "line": 14486, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/control-files/:key", "line": 14522, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/diagnostics", "line": 14426, "source": "src/router.js", "short": "Admin diagnostics - checks data/artifact directories and selected runtime env flags.", "comments": [ "Admin diagnostics - checks data/artifact directories and selected runtime env flags." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/health", "line": 13030, "source": "src/router.js", "short": "Admin health snapshot - process, store, memory, region, and integration flags.", "comments": [ "Admin health snapshot - process, store, memory, region, and integration flags." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/admin/refund", "line": 12886, "source": "src/router.js", "short": "M13 - admin-issued refund. Owner/admin only (req.is_admin). Issues a Stripe", "comments": [ "M13 - admin-issued refund. Owner/admin only (req.is_admin). Issues a Stripe", "refund against a charge, records a credit-memo in the tenant ledger, audits", "the action, and notifies the tenant. 503 when Stripe is not configured." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/stats", "line": 12962, "source": "src/router.js", "short": "Admin stats - aggregate tenants, usage, compile jobs, and audit-event counts.", "comments": [ "Admin stats - aggregate tenants, usage, compile jobs, and audit-event counts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/submissions", "line": 15210, "source": "src/router.js", "short": "Admin submissions list - returns all submitted project/contact records.", "comments": [ "Admin submissions list - returns all submitted project/contact records." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/admin/tenant", "line": 14415, "source": "src/router.js", "short": "Admin tenant provision - creates a tenant with quota and returns its API key.", "comments": [ "Admin tenant provision - creates a tenant with quota and returns its API key." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/tenants", "line": 12934, "source": "src/router.js", "short": "Admin tenant list - scrubbed cross-tenant view with q/limit filters.", "comments": [ "Admin tenant list - scrubbed cross-tenant view with q/limit filters." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/admin/waitlist", "line": 15205, "source": "src/router.js", "short": "Admin waitlist list - returns all waitlist rows for admin triage.", "comments": [ "Admin waitlist list - returns all waitlist rows for admin triage." ], "stub": false, "expanded_from": null } ] }, { "key": "agents", "label": "Agents", "routes": [ { "method": "GET", "path": "/v1/agents", "line": 21419, "source": "src/router.js", "short": "agent telemetry routes fence on req.tenant_record and forward", "comments": [ "agent telemetry routes fence on req.tenant_record and forward", "req.tenant_record.id as tenant_id into the helper so cross-tenant rows", "never appear in the rollup. _tenantScope() returns null for admin", "(cross-tenant reads allowed) and the canonical tenant_id otherwise." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/agents/failing", "line": 21473, "source": "src/router.js", "short": "Top failing agent sessions for the caller's tenant.", "comments": [ "Top failing agent sessions for the caller's tenant." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/agents/recommend", "line": 21458, "source": "src/router.js", "short": "Agent model recommendation for a tenant-scoped application and task hint.", "comments": [ "Agent model recommendation for a tenant-scoped application and task hint." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/agents/sessions", "line": 21432, "source": "src/router.js", "short": "Agent sessions list for the caller's tenant.", "comments": [ "Agent sessions list for the caller's tenant." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/agents/sessions/:id", "line": 21446, "source": "src/router.js", "short": "Agent session detail scoped to the caller's tenant.", "comments": [ "Agent session detail scoped to the caller's tenant." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/agents/stats", "line": 21487, "source": "src/router.js", "short": "Agent telemetry aggregate stats for the caller's tenant.", "comments": [ "Agent telemetry aggregate stats for the caller's tenant." ], "stub": false, "expanded_from": null } ] }, { "key": "airgap", "label": "Airgap", "routes": [ { "method": "POST", "path": "/v1/airgap/bakeoff", "line": 184, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/airgap/distill/run", "line": 93, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/airgap/distill/status/:id", "line": 116, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/airgap/doctor", "line": 206, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/airgap/jobs", "line": 28643, "source": "src/router.js", "short": "/v1/airgap/jobs - bare collection GET that lists tenant air-gapped", "comments": [ "/v1/airgap/jobs - bare collection GET that lists tenant air-gapped", "distill + sneakernet jobs. Each W831 job is keyed by run_id; the actual", "status route is /v1/airgap/distill/status/:id. This bare GET returns an", "empty envelope until a wave wires the per-tenant job index." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/airgap/sneakernet/bundle", "line": 136, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/airgap/sneakernet/verify", "line": 160, "source": "src/airgap-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/airgap/status", "line": 27602, "source": "src/router.js", "short": "All four auth-gate on req.tenant_record. W411 defense-in-depth: every", "comments": [ "All four auth-gate on req.tenant_record. W411 defense-in-depth: every", "route binds tenant into the args so a future schema change cannot leak", "across tenants." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/airgap/test", "line": 27617, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "anon", "label": "Anonymous bootstrap", "routes": [ { "method": "POST", "path": "/v1/anon/bootstrap", "line": 2818, "source": "src/router.js", "short": "Anonymous CLI auth (robots / agents)", "comments": [ "Anonymous CLI auth (robots / agents)", "Bootstrap: returns an anon_token that the CLI stores locally. 30-day TTL.", "No email, no signup. Designed for agents that need to start working in <1 second." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/anon/claim", "line": 2837, "source": "src/router.js", "short": "Claim: convert an anonymous workspace into a permanent account.", "comments": [ "Claim: convert an anonymous workspace into a permanent account.", "if email matches an existing real tenant: merge the anon's recipes into it, return existing key", "else: upgrade the anon tenant in-place to a real tenant, rotate to ks_*, return new key", "WC14 - share the bootstrap limiter (50/24h/ip) so brute-forcing kao_ tokens", "through this endpoint is bounded." ], "stub": false, "expanded_from": null } ] }, { "key": "approvals", "label": "Approvals", "routes": [ { "method": "GET", "path": "/v1/approvals", "line": 28055, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/approvals/:id", "line": 28075, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/approvals/:id/approve", "line": 28094, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/approvals/:id/notify", "line": 28138, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/approvals/:id/reject", "line": 28116, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/approvals/request", "line": 28031, "source": "src/router.js", "short": "Tenant fence: tenant_id forced from req.tenant_record.id. Status", "comments": [ "Tenant fence: tenant_id forced from req.tenant_record.id. Status", "transitions return honest invalid_transition envelopes - never silently", "re-write state. version stamp matches /^w782-/." ], "stub": false, "expanded_from": null } ] }, { "key": "artifact", "label": "Artifact", "routes": [ { "method": "POST", "path": "/v1/artifact/diff", "line": 7543, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/artifact/lineage", "line": 7519, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/artifact/verify-manifest", "line": 13982, "source": "src/router.js", "short": "for callers that have the manifest hashes block in hand (e.g. a CLI", "comments": [ "for callers that have the manifest hashes block in hand (e.g. a CLI", "that just downloaded the artifact and parsed its manifest.json). No auth", "required - the check is pure: recompute CID from hashes, compare to the", "claimed CID. Returns `manifest_hash_mismatch` envelope on disagreement,", "`verified:true` + recomputed cid on match." ], "stub": false, "expanded_from": null } ] }, { "key": "artifacts", "label": "Artifacts", "routes": [ { "method": "GET", "path": "/v1/artifacts", "line": 8718, "source": "src/router.js", "short": "Artifact list - exposes completed compile jobs as artifact records with hashes and downloads.", "comments": [ "Artifact list - exposes completed compile jobs as artifact records with hashes and downloads." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/artifacts/:id", "line": 8724, "source": "src/router.js", "short": "Artifact detail - returns one tenant-scoped compile artifact by job id.", "comments": [ "Artifact detail - returns one tenant-scoped compile artifact by job id." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/artifacts/:id/download", "line": 8731, "source": "src/router.js", "short": "Artifact download - streams the completed artifact zip by id with readiness/expiry errors.", "comments": [ "Artifact download - streams the completed artifact zip by id with readiness/expiry errors." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/artifacts/:id/evidence-trace", "line": 9082, "source": "src/router.js", "short": "for an artifact. Returns 404 when the artifact has no evidence DAG on", "comments": [ "for an artifact. Returns 404 when the artifact has no evidence DAG on", "disk. The shape is { ok, artifact_id, dag: {nodes, edges} } so the", "caller can re-build the DAG client-side and walk it." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/artifacts/:id/lifecycle", "line": 8759, "source": "src/router.js", "short": "R-2 - artifact lifecycle introspection.", "comments": [ "R-2 - artifact lifecycle introspection." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/artifacts/:id/lifecycle/transition", "line": 8786, "source": "src/router.js", "short": "Body: {to_state, reason, evidence_id?, successor_id?}.", "comments": [ "Body: {to_state, reason, evidence_id?, successor_id?}." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/artifacts/dependency-graph", "line": 2427, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "assistant", "label": "Assistant", "routes": [ { "method": "POST", "path": "/v1/assistant", "line": 9678, "source": "src/router.js", "short": "Natural-language assistant", "comments": [ "Natural-language assistant", "Scoped to req.tenant_record; never calls an external LLM; deterministic." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/assistant/chat", "line": 10519, "source": "src/router.js", "short": "chat widget on every authed /account page. Routes through the W888-P", "comments": [ "chat widget on every authed /account page. Routes through the W888-P", "AssistantClient three-layer fallback (local GGUF -> kolm.ai -> gateway", "frontier). Tier-gated to paid plans; rate-limited to 60 calls/hour/tenant.", "Returns the W888-P envelope verbatim plus the canonical aliases", "(provider_used / latency_ms) the widget consumes." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/assistant/chat-docs", "line": 10108, "source": "src/router.js", "short": "(formatted as a docs-anchored system prompt). The response surfaces the", "comments": [ "(formatted as a docs-anchored system prompt). The response surfaces the", "sources back to the client so the UI renders the same URLs it sent in.", "KOLM_ASSISTANT_TEST_SHIM=1 wires deterministic shims for tests; this same", "env var is used by tests/wave888p-cli-nl-routing.test.js." ], "stub": false, "expanded_from": null } ] }, { "key": "assurance", "label": "Assurance", "routes": [ { "method": "GET", "path": "/v1/assurance/artifact/:id", "line": 9109, "source": "src/router.js", "short": "Same shape, workspace-level - the artifact-derived claims are omitted", "comments": [ "Same shape, workspace-level - the artifact-derived claims are omitted", "and only the vault-derived jurisdiction claim + the 8 required control", "rows remain." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/assurance/workspace/:id", "line": 9151, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "audio", "label": "Audio", "routes": [ { "method": "POST", "path": "/v1/audio/bakeoff", "line": 26002, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/audio/capture-detect", "line": 25978, "source": "src/router.js", "short": "stamped by captureAudioMessage (NEVER the raw audio bytes).", "comments": [ "stamped by captureAudioMessage (NEVER the raw audio bytes).", "All three are tenant-fenced via req.tenant_record.id (W411). Honest", "envelopes on bad input - no silent passthrough." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audio/captures", "line": 26036, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/audio/speech", "line": 5519, "source": "src/router.js", "short": "audio routes. Real proxy when configured; fixture returns deterministic", "comments": [ "audio routes. Real proxy when configured; fixture returns deterministic", "bodies; otherwise honest 501 with a structured \"not yet supported\" envelope so", "SDKs see something better than 404. These concrete audio endpoints use", "the OpenAI connector when a key is present." ], "stub": false, "expanded_from": "p" }, { "method": "POST", "path": "/v1/audio/tokenize", "line": 27045, "source": "src/router.js", "short": "Auth-gated. Returns the worker doctor envelope - reports python3", "comments": [ "Auth-gated. Returns the worker doctor envelope - reports python3", "presence + transformers/torch/librosa/soundfile availability +", "which tokenizer command is wired." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audio/tokenize/doctor", "line": 27082, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/audio/transcriptions", "line": 5519, "source": "src/router.js", "short": "audio routes. Real proxy when configured; fixture returns deterministic", "comments": [ "audio routes. Real proxy when configured; fixture returns deterministic", "bodies; otherwise honest 501 with a structured \"not yet supported\" envelope so", "SDKs see something better than 404. These concrete audio endpoints use", "the OpenAI connector when a key is present." ], "stub": false, "expanded_from": "p" }, { "method": "POST", "path": "/v1/audio/translations", "line": 5519, "source": "src/router.js", "short": "audio routes. Real proxy when configured; fixture returns deterministic", "comments": [ "audio routes. Real proxy when configured; fixture returns deterministic", "bodies; otherwise honest 501 with a structured \"not yet supported\" envelope so", "SDKs see something better than 404. These concrete audio endpoints use", "the OpenAI connector when a key is present." ], "stub": false, "expanded_from": "p" } ] }, { "key": "audit", "label": "Audit", "routes": [ { "method": "GET", "path": "/v1/audit/*", "line": 1860, "source": "src/audit-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/:id/oscal", "line": 884, "source": "src/audit-routes.js", "short": "OSCAL assessment-results JSON; ?format=poam returns the POA&M-style", "comments": [ "OSCAL assessment-results JSON; ?format=poam returns the POA&M-style", "remediation table. kolm MAPS to standards; this is an assessment-results", "export, never a certification. Read-only view over the SAME signed report.", "Tiers: Full Readiness ($15,000) and Continuous-Plus ($3,500/mo)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/:id/retest", "line": 977, "source": "src/audit-routes.js", "short": "foreign / unknown id is 404, never another tenant's data. No re-sign here;", "comments": [ "foreign / unknown id is 404, never another tenant's data. No re-sign here;", "runFixRetest is pure + never throws (the diff is computeAuditDelta).", "Tier: a Continuous ($299/$999 per month) on-demand tick, or a follow-on $750", "Signed Readiness Report that embeds result.delta." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/continuous/checkout", "line": 1353, "source": "src/audit-routes.js", "short": "body: { plan: \"starter\" | \"growth\" }.", "comments": [ "body: { plan: \"starter\" | \"growth\" }." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/continuous/deploy-hook", "line": 1576, "source": "src/audit-routes.js", "short": "immediate re-attestation for the caller's active subscription(s). Auth-gated", "comments": [ "immediate re-attestation for the caller's active subscription(s). Auth-gated", "by the tenant's own API key (call it from CI after a deploy)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/continuous/tick", "line": 1551, "source": "src/audit-routes.js", "short": "every Continuous subscription whose re-attestation is due. Driven by an", "comments": [ "every Continuous subscription whose re-attestation is due. Driven by an", "EXTERNAL scheduler hitting this with x-kolm-cron-secret (containers restart,", "so no in-process timer). Idempotent: claim-then-run, never double-signs." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/export", "line": 25509, "source": "src/router.js", "short": "preview without offering a backdoor full dump.", "comments": [ "preview without offering a backdoor full dump.", "All three routes auth-gate on req.tenant_record. Honest envelope on bad", "format / missing tenant - no silent passthrough." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/export/formats", "line": 25537, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/export/preview", "line": 25547, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/import", "line": 1413, "source": "src/audit-routes.js", "short": "Tier-A bridge: source 'kolm-capture' skips the inline/url transport and", "comments": [ "Tier-A bridge: source 'kolm-capture' skips the inline/url transport and", "audits the CALLING tenant's own stored gateway captures (grade A). The", "label is reserved - source_label may never claim it for vendor logs." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/issuer-key", "line": 1221, "source": "src/audit-routes.js", "short": "server signs evidence reports with, so a buyer (or the /verify page's", "comments": [ "server signs evidence reports with, so a buyer (or the /verify page's", "trusted-issuer keyring) can pin against the authoritative source instead of", "trusting whatever key a report embeds. Returns ONLY the public half; the", "private key never leaves the signer. Never throws." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/issuer-key/:fp/revoke", "line": 1270, "source": "src/audit-routes.js", "short": "reason:'issuer_key_revoked' for any report signed by that key, and the", "comments": [ "reason:'issuer_key_revoked' for any report signed by that key, and the", "public status endpoint reports valid:false. Gated by ADMIN_KEY (Bearer", "ADMIN_KEY via authMiddleware -> req.is_admin, or an x-admin-key header).", "body: { reason? }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/issuer-key/:fp/status", "line": 1245, "source": "src/audit-routes.js", "short": "issuer key fingerprint: 'live' | 'rotated' | 'revoked' + valid flag, so a", "comments": [ "issuer key fingerprint: 'live' | 'rotated' | 'revoked' + valid flag, so a", "buyer's verifier can confirm the key that signed a report is still trusted", "RIGHT NOW (a signature that verifies against a REVOKED key must be refused).", "Pure read over the persisted key-revocation store; never throws." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/log", "line": 15043, "source": "src/router.js", "short": "write path with HMAC-chained signatures); this implementation gives the", "comments": [ "write path with HMAC-chained signatures); this implementation gives the", "dashboard real entries from day one without that wiring.", "Probe-safe: when unauth'd, returns the same 200 envelope with entries=[]", "rather than 401/503 so frontend probes don't fall over." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/package/checkout", "line": 1381, "source": "src/audit-routes.js", "short": "plus -> $3,500/mo Continuous-Plus (flows through the existing subscription", "comments": [ "plus -> $3,500/mo Continuous-Plus (flows through the existing subscription", "path; activated by activateSubscription with product_key 'plus').", "Env-gated 503 degrade: when the product is not wired, createAsrCheckout", "throws BillingNotConfiguredError (statusCode 503) listing the exact env vars." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/report/checkout", "line": 1327, "source": "src/audit-routes.js", "short": "Signed Readiness Report for a specific audit. body: { audit_id }.", "comments": [ "Signed Readiness Report for a specific audit. body: { audit_id }.", "The audit must belong to the caller and already have a (watermarked) report." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/report/verify", "line": 1181, "source": "src/audit-routes.js", "short": "issuer.recognized - tier 2: that key is one this product publishes (the", "comments": [ "issuer.recognized - tier 2: that key is one this product publishes (the", "live signer or a key in public/keys/kolm-issuers.json).", "trusted - verify.ok AND issuer.recognized. A consumer that only checks", "verify.ok would accept a rogue-signed forgery; check trusted." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/reports", "line": 1299, "source": "src/audit-routes.js", "short": "audit/report this tenant owns (scan previews + paid reports) plus which ASR", "comments": [ "audit/report this tenant owns (scan previews + paid reports) plus which ASR", "products are currently purchasable. Powers public/dashboard.html." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/scan", "line": 1063, "source": "src/audit-routes.js", "short": "tenant's own stored gateway captures/receipts instead of a vendor export.", "comments": [ "tenant's own stored gateway captures/receipts instead of a vendor export.", "The resulting report carries evidence grade A (first-party capture). The", "source value is reserved: supplying it WITH logs is a clean 400, so vendor", "logs can never masquerade as gateway captures." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/sessions", "line": 631, "source": "src/audit-routes.js", "short": "body: { subject?, source?, retention_days? }", "comments": [ "body: { subject?, source?, retention_days? }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/sessions/:id", "line": 786, "source": "src/audit-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/sessions/:id/delta", "line": 931, "source": "src/audit-routes.js", "short": "by session id (audses_*) OR report id (asrr_*). BOTH ids must resolve to a", "comments": [ "by session id (audses_*) OR report id (asrr_*). BOTH ids must resolve to a", "report owned by this tenant - a foreign / unknown id is {ok:false} (404/403),", "never another tenant's data. No re-sign; computeAuditDelta is pure + never", "throws. The :id is \"current\"; ?against= is the prior baseline." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/sessions/:id/export", "line": 864, "source": "src/audit-routes.js", "short": "The signed report reshaped into a procurement-ingestible artifact. Auth", "comments": [ "The signed report reshaped into a procurement-ingestible artifact. Auth", "gated + tenant-fenced exactly like the sibling /report route (the export is", "a view over the SAME signed envelope - it carries the key fingerprint +", "verify URL so an importer can always trace it back to the signed source)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/sessions/:id/ingest", "line": 670, "source": "src/audit-routes.js", "short": "body: { logs } (JSONL text, JSON array, or array of records)", "comments": [ "body: { logs } (JSONL text, JSON array, or array of records)" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/sessions/:id/questionnaire", "line": 1838, "source": "src/audit-routes.js", "short": "(AUTH, tenant-fenced) - the openable GET alias of the POST above, so a", "comments": [ "(AUTH, tenant-fenced) - the openable GET alias of the POST above, so a", "seller can pull their session's autofilled questionnaire from a browser / a", "simple link. Identical auth + tenant fence + pure-view semantics; query-only", "(no body). The POST form stays for callers that prefer to send { template }." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/sessions/:id/questionnaire", "line": 1815, "source": "src/audit-routes.js", "short": "(AUTH, tenant-fenced) - the SELLER pre-fills a questionnaire from their own", "comments": [ "(AUTH, tenant-fenced) - the SELLER pre-fills a questionnaire from their own", "session's signed report (e.g. to attach to an RFP response before sharing).", "Tenant-fenced exactly like the sibling /report + /export routes. body may", "carry { template, format } as an alternative to the query string." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/sessions/:id/report", "line": 814, "source": "src/audit-routes.js", "short": "Returns the bare signed envelope (json), rendered HTML, or a PDF stream", "comments": [ "Returns the bare signed envelope (json), rendered HTML, or a PDF stream", "each is a downloadable deliverable, not an {ok}-wrapped API envelope." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/audit/sessions/:id/run", "line": 714, "source": "src/audit-routes.js", "short": "body: { subject?, source?, retention_days?, sign? }", "comments": [ "body: { subject?, source?, retention_days?, sign? }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/audit/verify", "line": 15177, "source": "src/router.js", "short": "Verify the HMAC chain over this tenant's audit_events rows. Returns", "comments": [ "Verify the HMAC chain over this tenant's audit_events rows. Returns", "ok=true when every row hashes to its declared event_hash given the", "previous row's hash, ok=false with the list of breaks otherwise." ], "stub": false, "expanded_from": null } ] }, { "key": "auth", "label": "Auth", "routes": [ { "method": "GET", "path": "/v1/auth/github", "line": 2806, "source": "src/router.js", "short": "4 - short OAuth aliases: GET /v1/auth/github redirects to the", "comments": [ "4 - short OAuth aliases: GET /v1/auth/github redirects to the", "canonical /v1/oauth/github/start (preserving any ?redirect= query). Same", "for /v1/auth/github/callback (forwards code+state to the canonical", "callback). When env vars are missing, the canonical route returns the", "operator-facing 503 oauth_not_configured envelope." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/auth/github/callback", "line": 2810, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/auth/login", "line": 2862, "source": "src/router.js", "short": "API key (ks_*/kao_*) + OAuth; there is no password endpoint. We add live", "comments": [ "API key (ks_*/kao_*) + OAuth; there is no password endpoint. We add live", "deprecation aliases that 410 Gone with redirect hints so the routes are", "not \"dead\" - the deprecated-endpoint lock-in in W890-9 expects every", "routed path to have a handler. Both alias handlers carry the canonical", "{ok:false, error:''} envelope so W890-9 lock-in 9 stays green." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/auth/signup", "line": 2872, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "automations", "label": "Automations", "routes": [ { "method": "GET", "path": "/v1/automations", "line": 315, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/automations", "line": 293, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/automations/:id", "line": 336, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PATCH", "path": "/v1/automations/:id", "line": 323, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/automations/:id/run", "line": 348, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/automations/tick", "line": 365, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "autopilot", "label": "Autopilot", "routes": [ { "method": "POST", "path": "/v1/autopilot/analyze", "line": 26899, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/autopilot/disable", "line": 26755, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/autopilot/enable", "line": 26731, "source": "src/router.js", "short": "All five are tenant-fenced via req.tenant_record.id (W411 law). The", "comments": [ "All five are tenant-fenced via req.tenant_record.id (W411 law). The", "route layer ALWAYS forces tenant_id from auth - body.tenant_id is", "ignored even if the client tries to pass one." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/autopilot/plan", "line": 26875, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/autopilot/savings", "line": 26798, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/autopilot/simulate", "line": 26923, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/autopilot/status", "line": 26777, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/autopilot/temporal", "line": 26968, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/autopilot/tick", "line": 26821, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/autopilot/tick", "line": 26993, "source": "src/router.js", "short": "NEW full-lifecycle tick. The GET /v1/autopilot/tick route above stays", "comments": [ "NEW full-lifecycle tick. The GET /v1/autopilot/tick route above stays", "the heartbeat (tests/wave775-autopilot.test.js asserts action:'disabled');", "this POST handler runs the full lifecycle via tickAutopilotFull." ], "stub": false, "expanded_from": null } ] }, { "key": "bakeoff", "label": "Bakeoff", "routes": [ { "method": "POST", "path": "/v1/bakeoff/run", "line": 21962, "source": "src/router.js", "short": "Bakeoff run - evaluates a set of contestant models against a dataset and", "comments": [ "Bakeoff run - evaluates a set of contestant models against a dataset and", "returns ranked rows + winner. Body: { dataset_id (required), contestants,", "opts }. Used by /account/bakeoffs and `kolm bakeoff run`." ], "stub": false, "expanded_from": null } ] }, { "key": "bakeoffs", "label": "Bakeoffs", "routes": [ { "method": "GET", "path": "/v1/bakeoffs", "line": 23473, "source": "src/router.js", "short": "/v1/bakeoffs - list + run alias for /v1/bakeoff/run. The bakeoff module", "comments": [ "/v1/bakeoffs - list + run alias for /v1/bakeoff/run. The bakeoff module", "does not persist runs to a registry (each call returns a fresh result),", "so GET returns an empty array; the page already handles that shape via", "`{bakeoffs: []}` in its .catch fallback." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/bakeoffs", "line": 23479, "source": "src/router.js", "short": "Bakeoffs run alias - SDK-friendly synonym for /v1/bakeoff/run with the", "comments": [ "Bakeoffs run alias - SDK-friendly synonym for /v1/bakeoff/run with the", "added W411 tenant fence at the dataset boundary (cross-tenant dataset_id", "returns 404). Same body: { dataset_id, contestants, opts }." ], "stub": false, "expanded_from": null } ] }, { "key": "bench", "label": "Bench", "routes": [ { "method": "POST", "path": "/v1/bench/humaneval", "line": 23749, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/bench/inference", "line": 11960, "source": "src/router.js", "short": "W-INTEG-3: signed inference-economics benchmark", "comments": [ "W-INTEG-3: signed inference-economics benchmark" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/bench/inference/run", "line": 11967, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/bench/mmlu", "line": 23720, "source": "src/router.js", "short": "envelope when called without a tester-supplied DI seam.", "comments": [ "envelope when called without a tester-supplied DI seam.", "The routes import lazily so the bench modules don't pay startup", "cost on cold daemons that never call them." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/bench/mtbench", "line": 23774, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "billing", "label": "Billing", "routes": [ { "method": "GET", "path": "/v1/billing/breakdown", "line": 23095, "source": "src/router.js", "short": "it walks the team's member tenants and rolls up.", "comments": [ "it walks the team's member tenants and rolls up.", "Tenant fence: tenant_id is forced from req.tenant_record.id - never read", "from the request body or query string. Team caller is forced to be a", "member of the named team (non-members get 403 forbidden)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/billing/checkout", "line": 11980, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/billing/meters", "line": 23020, "source": "src/router.js", "short": "Returns the static catalog of legacy W384 meters merged with the W409y", "comments": [ "Returns the static catalog of legacy W384 meters merged with the W409y", "billing-unit catalog (10 units the auditor signed off on). The W409y", "entries carry tier_soft + tier_hard limits resolved from the caller's", "tenant plan when an authenticated key is present." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/billing/ready", "line": 11976, "source": "src/router.js", "short": "W-INTEG-3: Stripe billing activation (operator sets price-id env vars)", "comments": [ "W-INTEG-3: Stripe billing activation (operator sets price-id env vars)" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/billing/tiers", "line": 2775, "source": "src/router.js", "short": "P0-3 closure: /v1/billing/tiers as a public alias of /v1/plans so the", "comments": [ "P0-3 closure: /v1/billing/tiers as a public alias of /v1/plans so the", "CLI `kolm billing tiers` (+ alias `plans`) returns useful data without", "requiring auth. Includes a billing_configured flag tied to the actual", "STRIPE_PAYMENT_LINK_* env presence so the UI can demote when unwired." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/billing/usage", "line": 23064, "source": "src/router.js", "short": "Returns the current-period usage map for the caller's tenant. The", "comments": [ "Returns the current-period usage map for the caller's tenant. The", "dashboard at /account/billing reads this endpoint; the CLI", "`kolm billing usage [--period]` hits it directly." ], "stub": false, "expanded_from": null } ] }, { "key": "bridges", "label": "Bridges", "routes": [ { "method": "POST", "path": "/v1/bridges/auto-synthesize", "line": 15952, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/bridges/observations", "line": 15893, "source": "src/router.js", "short": "Filters: ?namespace= (optional), ?limit= (default 50, max 200), ?include_discarded=1.", "comments": [ "Filters: ?namespace= (optional), ?limit= (default 50, max 200), ?include_discarded=1." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/bridges/observations/:id", "line": 15939, "source": "src/router.js", "short": "Body: { discarded: true } | { kept: true } | { discarded: false }. Tenant-scoped.", "comments": [ "Body: { discarded: true } | { kept: true } | { discarded: false }. Tenant-scoped." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/bridges/observe", "line": 15816, "source": "src/router.js", "short": "After ≥4 calls with the same template signature we surface a synthesis suggestion.", "comments": [ "After ≥4 calls with the same template signature we surface a synthesis suggestion.", "1: persists via insertCapture (durable contract). 503 on store", "failure - same envelope as the capture proxy handlers." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/bridges/specialist-candidates", "line": 16611, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/bridges/suggestions", "line": 15868, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "build", "label": "Build", "routes": [ { "method": "POST", "path": "/v1/build/preview", "line": 4331, "source": "src/router.js", "short": "builder UI's results pane: returns k_score, first 3 train rows, first 3", "comments": [ "builder UI's results pane: returns k_score, first 3 train rows, first 3", "holdout rows, production_ready verdict + gate reasons, and the synth", "metadata. Public + rate-limited; no artifact write, no charge. Accepts", "{spec, seeds_jsonl_text}. Errors map to 400 (validation) or 500." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/build/strategy", "line": 16057, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/build/strategy", "line": 16079, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/build/strategy/catalog", "line": 16023, "source": "src/router.js", "short": "Build strategy brain - shared planner for capture, prompt/RAG/routing,", "comments": [ "Build strategy brain - shared planner for capture, prompt/RAG/routing,", "training, distillation, cloud compute, compilation, quantization, and", "local runtime. It never launches work and never returns secret values." ], "stub": false, "expanded_from": null } ] }, { "key": "builder", "label": "Builder", "routes": [ { "method": "POST", "path": "/v1/builder/compile", "line": 8618, "source": "src/router.js", "short": "{task, examples} payload into a real compile job. Validation matches", "comments": [ "{task, examples} payload into a real compile job. Validation matches", "/v1/builder/preview so a Preview→Compile flow that passes preview also", "passes here; the only added requirement is the API key (handled by", "authMiddleware mounted above this line). Recipe class and namespace are", "forced so builder-originated artifacts are distinguishable in audits." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/builder/preview", "line": 4245, "source": "src/router.js", "short": "Rate-limited; no auth. Inputs are validated tightly so this cannot be", "comments": [ "Rate-limited; no auth. Inputs are validated tightly so this cannot be", "used as a generic compute oracle. The 10 KB per-example cap matches the", "body limit on /v1/compile and keeps the synthesis cost bounded." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/builder/templates", "line": 4236, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "builds", "label": "Builds", "routes": [ { "method": "GET", "path": "/v1/builds", "line": 23414, "source": "src/router.js", "short": "/v1/builds - aliases the compile-job list for /account/builds.html.", "comments": [ "/v1/builds - aliases the compile-job list for /account/builds.html.", "builds.html expects {builds:[{job_id, status, ...}]}; the canonical", "/v1/compile/jobs returns {jobs:[...]}, so we adapt the shape here." ], "stub": false, "expanded_from": null } ] }, { "key": "bundle", "label": "Bundle", "routes": [ { "method": "POST", "path": "/v1/bundle/airgap", "line": 27648, "source": "src/router.js", "short": "an HTTP response would balloon memory, leak the server's checkout layout,", "comments": [ "an HTTP response would balloon memory, leak the server's checkout layout,", "and lock the route into one host's filesystem. The CLI is the supported", "path - `kolm bundle airgap --out `. The route still exists so", "surface discovery + docs can link to it and so a future CDN-backed", "implementation has a stable URL." ], "stub": false, "expanded_from": null } ] }, { "key": "buyer", "label": "Buyer", "routes": [ { "method": "GET", "path": "/v1/buyer/portfolio", "line": 1042, "source": "src/audit-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/buyer/watchlist", "line": 1029, "source": "src/audit-routes.js", "short": "owning tenant via req.tenant_record.id. A buyer seat lives under the EXISTING", "comments": [ "owning tenant via req.tenant_record.id. A buyer seat lives under the EXISTING", "Continuous $999/mo shape - no new price or tier.", "body: { slug, label? }" ], "stub": false, "expanded_from": null } ] }, { "key": "byoc", "label": "Bring-your-own-cloud", "routes": [ { "method": "POST", "path": "/v1/byoc/attestation", "line": 18757, "source": "src/router.js", "short": "Attestation callback - UNAUTH (no API key). Identifies via enroll_token,", "comments": [ "Attestation callback - UNAUTH (no API key). Identifies via enroll_token,", "which was minted by the deploy endpoint and embedded in the deploy script.", "The token is single-use-equivalent: if an attacker has the token they", "could spoof the public_url, but the deployment row is owned by a specific", "tenant_id and the URL is visible in their dashboard - they'll notice." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/byoc/deploy", "line": 18700, "source": "src/router.js", "short": "Customer deploys a .kolm artifact to their own Fly / AWS Nitro / GCP CVM", "comments": [ "Customer deploys a .kolm artifact to their own Fly / AWS Nitro / GCP CVM", "/ Azure CVM / Docker host. We issue a signed deploy manifest + a deploy", "script the customer runs. The deployed instance POSTs an attestation", "(image SHA, plus TEE measurement on confidential targets) back to", "/v1/byoc/attestation. kolm.ai never runs the artifact." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/byoc/deployments", "line": 18719, "source": "src/router.js", "short": "BYOC deployments list - returns tenant deployments, optionally team-scoped after membership check.", "comments": [ "BYOC deployments list - returns tenant deployments, optionally team-scoped after membership check." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/byoc/deployments/:id", "line": 18741, "source": "src/router.js", "short": "BYOC deployment teardown - marks an owned deployment torn down and hides it from listings.", "comments": [ "BYOC deployment teardown - marks an owned deployment torn down and hides it from listings." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/byoc/deployments/:id", "line": 18730, "source": "src/router.js", "short": "BYOC deployment detail - returns one deployment owned by the tenant or one of their teams.", "comments": [ "BYOC deployment detail - returns one deployment owned by the tenant or one of their teams." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/byoc/status", "line": 11013, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/byoc/targets", "line": 18766, "source": "src/router.js", "short": "BYOC targets - lists supported deploy targets for the public form and CLI.", "comments": [ "BYOC targets - lists supported deploy targets for the public form and CLI." ], "stub": false, "expanded_from": null } ] }, { "key": "capability", "label": "Capability", "routes": [ { "method": "POST", "path": "/v1/capability/build", "line": 19169, "source": "src/router.js", "short": "Capability build - constructs a capability descriptor block from an", "comments": [ "Capability build - constructs a capability descriptor block from an", "artifact manifest, declaring what the artifact can do (modalities,", "budgets, K-floor, attestation requirements). Pairs with /v1/lineage/build." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capability/validate", "line": 19177, "source": "src/router.js", "short": "Capability validate - checks a capability descriptor block for structural", "comments": [ "Capability validate - checks a capability descriptor block for structural", "consistency and that declared budgets/K-floor are internally coherent.", "Returns {ok:true, block} on success, {ok:false, error} otherwise." ], "stub": false, "expanded_from": null } ] }, { "key": "capture", "label": "Capture", "routes": [ { "method": "POST", "path": "/v1/capture/anthropic", "line": 17815, "source": "src/router.js", "short": "OPENAI_BASE_URL=https://kolm.ai/v1/capture/openai → POST .../v1/chat/completions", "comments": [ "OPENAI_BASE_URL=https://kolm.ai/v1/capture/openai → POST .../v1/chat/completions", "The suffix is discarded; the flat provider-specific capture endpoints use the same handler.", "Express's `?` makes the suffix optional, and the wildcard absorbs any depth.", "The body is the upstream Anthropic Messages payload, unmodified." ], "stub": false, "expanded_from": "regex-literal" }, { "method": "GET", "path": "/v1/capture/browse", "line": 8933, "source": "src/router.js", "short": "/v1/capture/browse / /v1/capture/bulk / /v1/capture/export - page", "comments": [ "/v1/capture/browse / /v1/capture/bulk / /v1/capture/export - page", "surface for the captures.html admin view. Browse paginates, bulk acts on", "a set of capture ids, export streams JSONL/CSV. Empty-tenant safe." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/bulk", "line": 8968, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/capture/export", "line": 8998, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/export", "line": 9023, "source": "src/router.js", "short": "POST shim so account/captures.html bulk-export button (sends", "comments": [ "POST shim so account/captures.html bulk-export button (sends", "{capture_ids:[...]} in body) doesn't 404. Filters to the listed ids and", "returns the rows inline as JSON so the page can blob-download client-side." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/gemini", "line": 5949, "source": "src/router.js", "short": "base_url=https://kolm.ai/v1/capture/gemini and keep using chat.completions.", "comments": [ "Gemini capture and OpenAI-compatible aliases. These route to Google's", "/v1beta/openai compatibility surface so OpenAI SDK clients can set", "base_url=https://kolm.ai/v1/capture/gemini and keep using chat.completions." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/gemini/chat/completions", "line": 5950, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/gemini/v1/chat/completions", "line": 5951, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/capture/health", "line": 16883, "source": "src/router.js", "short": "the next insertCapture call will persist beyond a single lambda. Used", "comments": [ "the next insertCapture call will persist beyond a single lambda. Used", "by the /captures + /security pages and the `kolm doctor` flow." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/log", "line": 16790, "source": "src/router.js", "short": "capture_store_unavailable when every item failed to persist (no swallow).", "comments": [ "capture_store_unavailable when every item failed to persist (no swallow)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/media", "line": 22946, "source": "src/router.js", "short": "Capture media - multipart upload endpoint for image/audio/video/blob", "comments": [ "Capture media - multipart upload endpoint for image/audio/video/blob", "captures. Streams parts through mediaStoreBlob and appends one event per", "blob to the tenant-scoped lake. Requires Content-Type: multipart/form-data." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/openai", "line": 17891, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": "regex-literal" }, { "method": "POST", "path": "/v1/capture/openrouter", "line": 5936, "source": "src/router.js", "short": "OpenRouter capture and base-URL aliases. The direct base-URL forms support", "comments": [ "OpenRouter capture and base-URL aliases. The direct base-URL forms support", "SDKs that point BASE_URL at https://kolm.ai/v1/openrouter." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/openrouter/chat/completions", "line": 5939, "source": "src/router.js", "short": "OpenRouter capture chat completions alias for clients whose base URL is", "comments": [ "OpenRouter capture chat completions alias for clients whose base URL is", "https://kolm.ai/v1/capture/openrouter and which append /chat/completions." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/openrouter/v1/chat/completions", "line": 5941, "source": "src/router.js", "short": "OpenRouter capture alias for SDKs that append the OpenAI chat-completions path.", "comments": [ "OpenRouter capture alias for SDKs that append the OpenAI chat-completions path." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/capture/rbac/evaluate", "line": 2415, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/capture/rbac/policy", "line": 2411, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/capture/snippet", "line": 1459, "source": "src/router.js", "short": "Fills tenant key when authed, placeholder otherwise.", "comments": [ "Fills tenant key when authed, placeholder otherwise." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/capture/stream", "line": 16911, "source": "src/router.js", "short": "Payload shape is the CLI/UI contract (W258-BE-6): capture_id /", "comments": [ "Payload shape is the CLI/UI contract (W258-BE-6): capture_id /", "captured_at / namespace / model / provider / latency_us / status /", "prompt_head / response_head / x_kolm_capture_durable. The raw store row", "is shimmed here so the dashboard and `kolm tail captures` see the", "same shape without one of them having to translate." ], "stub": false, "expanded_from": null } ] }, { "key": "captures", "label": "Captures", "routes": [ { "method": "GET", "path": "/v1/captures/:id/inspect", "line": 24632, "source": "src/router.js", "short": "W-G wrapper-completion - GET /v1/captures/:id/inspect", "comments": [ "W-G wrapper-completion - GET /v1/captures/:id/inspect", "Single-row inspection (full prompt + response + receipt + chain hash)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/captures/:id/review", "line": 24678, "source": "src/router.js", "short": "W-G wrapper-completion - POST /v1/captures/:id/review", "comments": [ "W-G wrapper-completion - POST /v1/captures/:id/review", "Approve / reject / quarantine a capture. Body: {action: 'approve'|'reject'|'quarantine', reason?}.", "Bulk variant: POST /v1/captures/review-bulk {ids:[...], action, reason?}." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/captures/forget", "line": 24914, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/captures/forgotten", "line": 24942, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/captures/list", "line": 24567, "source": "src/router.js", "short": "W-G wrapper-completion - GET /v1/captures/list", "comments": [ "W-G wrapper-completion - GET /v1/captures/list", "Paginated capture browser feed for /account/captures.html. Filters:", "?namespace, ?status (pending|approved|rejected|quarantined, multi-comma),", "?risk_min, ?risk_max (0..1), ?pii (multi-comma), ?from, ?to (ISO),", "?q (substring), ?limit (1-200), ?offset." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/captures/multi-turn", "line": 87, "source": "src/multimodal-pipeline-routes.js", "short": "Body shape:", "comments": [ "Body shape:", "{ namespace, conversation_id, conversation:[{role,content,tool_calls?,timestamp}], parent_message_id? }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/captures/multimodal", "line": 59, "source": "src/multimodal-pipeline-routes.js", "short": "Body shape:", "comments": [ "Body shape:", "{ namespace, kind, payload, hash?, redaction_receipt? }", "If hash is omitted we compute one from the canonical payload so the", "caller can be lazy. kind MUST be in MULTIMODAL_KINDS." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/captures/review-bulk", "line": 24705, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "carbon", "label": "Carbon", "routes": [ { "method": "GET", "path": "/v1/carbon/estimate", "line": 23149, "source": "src/router.js", "short": "→ savingsReport envelope comparing local run vs frontier baseline.", "comments": [ "→ savingsReport envelope comparing local run vs frontier baseline.", "Auth required (same pattern as billing/breakdown). Every envelope carries", "methodology='public-research-estimate' so a downstream consumer cannot", "mistake the estimate for a measured value. W786 honesty contract." ], "stub": false, "expanded_from": null } ] }, { "key": "cc", "label": "Cc", "routes": [ { "method": "GET", "path": "/v1/cc/kinds", "line": 19086, "source": "src/router.js", "short": "confidential compute", "comments": [ "confidential compute" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/cc/shape/:kind", "line": 19093, "source": "src/router.js", "short": "Confidential-compute shape - returns the expected JSON shape for an", "comments": [ "Confidential-compute shape - returns the expected JSON shape for an", "attestation report of the given kind (pccs, snp-report, nitro-attestation,", "nras). 404 if the kind is unknown. Lets callers validate before /v1/cc/verify." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/cc/verify", "line": 19104, "source": "src/router.js", "short": "Confidential-compute verify - validates an attestation report against its", "comments": [ "Confidential-compute verify - validates an attestation report against its", "declared kind. Returns {state:'shape_ok'|...,verified:false} until a tenant", "registers a real crypto verifier via registerAttestationVerifier. Body:", "{ kind, report, opts }." ], "stub": false, "expanded_from": null } ] }, { "key": "changelog", "label": "Changelog", "routes": [ { "method": "GET", "path": "/v1/changelog", "line": 3657, "source": "src/router.js", "short": "public changelog - marketing surface, no auth, no tenant scoping.", "comments": [ "public changelog - marketing surface, no auth, no tenant scoping.", "Source of truth lives in src/changelog.js (a single static WAVES array)." ], "stub": false, "expanded_from": null } ] }, { "key": "chargeback", "label": "Chargeback", "routes": [ { "method": "GET", "path": "/v1/chargeback", "line": 28251, "source": "src/router.js", "short": "-> stream body w/ per-format Content-Type", "comments": [ "-> stream body w/ per-format Content-Type", "Tenant fence: tenant_id forced from req.tenant_record.id; query/body", "never override. version stamp matches /^w783-/." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/chargeback/export", "line": 28273, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "chat", "label": "OpenAI-compatible chat", "routes": [ { "method": "POST", "path": "/v1/chat/completions", "line": 5351, "source": "src/router.js", "short": "the standard hosted-inference path with accelerated:false on the body", "comments": [ "the standard hosted-inference path with accelerated:false on the body", "so the caller can still get a real chat completion. Defense-in-depth", "tenant fence: any accelerated call without req.tenant_record is hard", "401-rejected - we never run the accelerated path anonymously, even on", "the local daemon, because the bench dashboard keys on tenant_id." ], "stub": false, "expanded_from": null } ] }, { "key": "cid", "label": "Cid", "routes": [ { "method": "GET", "path": "/v1/cid/:cid", "line": 9185, "source": "src/router.js", "short": "CID lookup - content-addressed resolution within the caller's tenant", "comments": [ "CID lookup - content-addressed resolution within the caller's tenant", "scope. Two compiles that produce the same bytes (same task spec, same", "recipes, same evals, same base model pointer) yield the same CID; this", "route is how downstream tools dedupe by content rather than job_id.", "CID format is strictly validated to keep the path safe from injection." ], "stub": false, "expanded_from": null } ] }, { "key": "client-error", "label": "Client Error", "routes": [ { "method": "POST", "path": "/v1/client-error", "line": 267, "source": "src/account-ui-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "cloud", "label": "Cloud", "routes": [ { "method": "POST", "path": "/v1/cloud/broker", "line": 2367, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/broker/catalog", "line": 2363, "source": "src/router.js", "short": "Constraint-first compute planner for local, SSH, rented GPU, managed", "comments": [ "Constraint-first compute planner for local, SSH, rented GPU, managed", "training, customer cloud, and edge runtime. This is a planning endpoint", "only: it never launches infrastructure and never returns secret values." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/cloud/deploy-plan", "line": 2395, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/deploy-targets", "line": 2391, "source": "src/router.js", "short": "Secret-safe deploy catalog for account UI, CLI, CI, and unauthenticated", "comments": [ "Secret-safe deploy catalog for account UI, CLI, CI, and unauthenticated", "evaluators. This does not create infrastructure and never returns secret", "values; it returns the concrete commands and env-secret references needed", "for BYOC, edge, GPU, and self-hosted deployments." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/distill", "line": 28339, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/cloud/distill/:job_id", "line": 28403, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/distill/:job_id", "line": 28384, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/distill/meter/:job_id", "line": 28365, "source": "src/router.js", "short": "NOTE: meter route registered BEFORE the ':job_id' route so the router", "comments": [ "NOTE: meter route registered BEFORE the ':job_id' route so the router", "matches /meter/:job_id literally and does not interpret 'meter' as a job_id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/cloud/distill/submit", "line": 28313, "source": "src/router.js", "short": "Tenant fence: tenant_id forced from req.tenant_record.id; body/path never", "comments": [ "Tenant fence: tenant_id forced from req.tenant_record.id; body/path never", "override. Backend honesty: when KOLM_CLOUD_DISTILL_ENDPOINT is unset, the", "submit response carries cloud_backend_status='no_pool_configured' so the", "caller knows the work is queued but not yet executing. version stamp /^w785-/." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/cloud/readiness", "line": 2348, "source": "src/router.js", "short": "Cloud readiness is exposed directly for account UI, CI, and self-hosted", "comments": [ "Cloud readiness is exposed directly for account UI, CI, and self-hosted", "operators. It reports configured categories and missing variable names,", "but never returns secret values." ], "stub": false, "expanded_from": null } ] }, { "key": "compile", "label": "Compile", "routes": [ { "method": "GET", "path": "/v1/compile", "line": 8495, "source": "src/router.js", "short": "Compile job list - returns the caller's recent tenant-scoped compile jobs.", "comments": [ "Compile job list - returns the caller's recent tenant-scoped compile jobs." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/compile", "line": 8275, "source": "src/router.js", "short": "Compile job creation - queues a tenant-scoped build and returns job_id, status, and poll URL.", "comments": [ "Compile job creation - queues a tenant-scoped build and returns job_id, status, and poll URL.", "Validates task/model/output options, bills usage, and writes the compile audit record." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compile/:id", "line": 8500, "source": "src/router.js", "short": "Compile job status - returns a safe tenant-scoped snapshot plus artifact_url when complete.", "comments": [ "Compile job status - returns a safe tenant-scoped snapshot plus artifact_url when complete." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compile/:id/.kolm", "line": 8514, "source": "src/router.js", "short": "Compile artifact download - streams the completed .kolm zip or reports readiness/expiry.", "comments": [ "Compile artifact download - streams the completed .kolm zip or reports readiness/expiry." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/compile/cloud", "line": 8529, "source": "src/router.js", "short": "Dispatches a compile to a partner GPU (modal/runpod/vast/lambda) using", "comments": [ "Dispatches a compile to a partner GPU (modal/runpod/vast/lambda) using", "server-side credentials (KOLM_RUNPOD_TOKEN / KOLM_MODAL_TOKEN in env).", "Body: { backend, namespace, spec?, confirm, budget_usd, base_model? }.", "Without confirm:true we return a quote so the caller sees the cost first." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compile/estimate", "line": 1359, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/compile/estimate", "line": 1358, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/compile/preview", "line": 1364, "source": "src/router.js", "short": "would call the LLM bridge; this returns a deterministic sample so the", "comments": [ "would call the LLM bridge; this returns a deterministic sample so the", "Describe-tab \"Generate preview\" button works without any keys." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/compile/start", "line": 1389, "source": "src/router.js", "short": "overlay opens an SSE stream against. Stubbed for the no-code path.", "comments": [ "overlay opens an SSE stream against. Stubbed for the no-code path." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compile/stream/:job", "line": 1405, "source": "src/router.js", "short": "overlay. Reload-safe via ?cursor. See src/compile-stream.js for the", "comments": [ "overlay. Reload-safe via ?cursor. See src/compile-stream.js for the", "event contract." ], "stub": false, "expanded_from": null } ] }, { "key": "compliance", "label": "Compliance", "routes": [ { "method": "POST", "path": "/v1/compliance/ai-act/export", "line": 25302, "source": "src/router.js", "short": "* /governance-report runs the loop body with a per-row tenant re-check", "comments": [ "* /governance-report runs the loop body with a per-row tenant re-check", "so a future schema bug cannot leak across tenants.", "Distinct from sibling W767-cert / W768-modelcard / W769-residency /", "audit-export routes - no path collision possible." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compliance/ai-act/governance-report", "line": 25367, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/compliance/ai-act/human-in-loop", "line": 25341, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/compliance/ai-act/risk-score", "line": 25326, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/compliance/certification-packet", "line": 1933, "source": "src/router.js", "short": "Compliance certification packet - local evidence exists, external auditor", "comments": [ "Compliance certification packet - local evidence exists, external auditor", "and legal certifications remain explicitly gated." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compliance/certification-packet/template", "line": 1975, "source": "src/router.js", "short": "Compliance certification manifest template - the exact evidence bundle a", "comments": [ "Compliance certification manifest template - the exact evidence bundle a", "live auditor/legal/certification claim must provide before Kolm can call", "compliance certifications complete." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/compliance/certification-packet/validate", "line": 2016, "source": "src/router.js", "short": "Compliance certification manifest validation - fails closed on missing", "comments": [ "Compliance certification manifest validation - fails closed on missing", "auditor/legal evidence, unsigned proof hashes, non-HTTPS evidence URLs,", "placeholder fields, and secret-looking values." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/compliance/status", "line": 11031, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "compose", "label": "Compose", "routes": [ { "method": "POST", "path": "/v1/compose", "line": 14306, "source": "src/router.js", "short": "Compose - dispatches one query across the top-k matching kolm artifacts and", "comments": [ "Compose - dispatches one query across the top-k matching kolm artifacts and", "returns each artifact's output. Billable per non-cache, non-error dispatch.", "Body: { query, input, k=5, strategy='attention', tag }." ], "stub": false, "expanded_from": null } ] }, { "key": "concepts", "label": "Concepts", "routes": [ { "method": "GET", "path": "/v1/concepts", "line": 14193, "source": "src/router.js", "short": "Layer 2: Registry", "comments": [ "Layer 2: Registry" ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/concepts/:id", "line": 14206, "source": "src/router.js", "short": "Concept delete - removes an owned concept and its versions; forbidden tenants receive 403.", "comments": [ "Concept delete - removes an owned concept and its versions; forbidden tenants receive 403." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/concepts/:id", "line": 14199, "source": "src/router.js", "short": "Concept detail - returns a readable concept with versions after tenant, team, or public visibility checks.", "comments": [ "Concept detail - returns a readable concept with versions after tenant, team, or public visibility checks." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/concepts/:id/lineage", "line": 14214, "source": "src/router.js", "short": "Concept lineage - returns upstream and downstream head-version lineage after visibility checks.", "comments": [ "Concept lineage - returns upstream and downstream head-version lineage after visibility checks." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/concepts/:id/stats", "line": 14221, "source": "src/router.js", "short": "Per-concept usage stats: invocation count, latency percentiles, cache hit rate.", "comments": [ "Per-concept usage stats: invocation count, latency percentiles, cache hit rate." ], "stub": false, "expanded_from": null } ] }, { "key": "connectors", "label": "Connectors", "routes": [ { "method": "GET", "path": "/v1/connectors", "line": 23333, "source": "src/router.js", "short": "Connectors - lists upstream provider connectors (openai, anthropic,", "comments": [ "Connectors - lists upstream provider connectors (openai, anthropic,", "openrouter, etc.) with per-provider config status (key present, base URL,", "last reachable check). Read by /docs/connectors and `kolm connectors`." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/connectors/notify", "line": 1419, "source": "src/router.js", "short": "connector tile on the Connect tab. Appends to", "comments": [ "connector tile on the Connect tab. Appends to", "data/connector-waitlist.jsonl. Best-effort: never breaks the UI." ], "stub": false, "expanded_from": null } ] }, { "key": "conversations", "label": "Conversations", "routes": [ { "method": "GET", "path": "/v1/conversations", "line": 29115, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/conversations", "line": 29103, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/conversations/:id", "line": 29143, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/conversations/:id", "line": 29131, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "copyright", "label": "Copyright", "routes": [ { "method": "GET", "path": "/v1/copyright/queue/:namespace", "line": 20947, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/copyright/scan", "line": 20893, "source": "src/router.js", "short": "heuristic (flag_reason starts with `copyright_heuristic:`).", "comments": [ "heuristic (flag_reason starts with `copyright_heuristic:`).", "Honest contract: this is HEURISTIC, not legal advice. The route stamps", "version:'w750-followup-vN.M' on every envelope so consumers can", "version-pin via regex (/^w750-followup-/)." ], "stub": false, "expanded_from": null } ] }, { "key": "credential", "label": "Credential", "routes": [ { "method": "POST", "path": "/v1/credential/verify", "line": 14154, "source": "src/router.js", "short": "Returns: { valid: boolean, reason?: string, spec, type }", "comments": [ "Returns: { valid: boolean, reason?: string, spec, type }", "This validates the HMAC signature using the server's receipt secret.", "For a future Ed25519 swap, the public key would live at /.well-known/ and", "verification would not need server auth. Today this endpoint is open." ], "stub": false, "expanded_from": null } ] }, { "key": "datasets", "label": "Datasets", "routes": [ { "method": "GET", "path": "/v1/datasets", "line": 21710, "source": "src/router.js", "short": "Datasets list - returns tenant-scoped dataset summaries for captured rows.", "comments": [ "Datasets list - returns tenant-scoped dataset summaries for captured rows." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/datasets", "line": 21719, "source": "src/router.js", "short": "Dataset create - builds a tenant-stamped dataset from a namespace of captured calls.", "comments": [ "Dataset create - builds a tenant-stamped dataset from a namespace of captured calls." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/datasets/:id", "line": 21731, "source": "src/router.js", "short": "Dataset detail - inspects one dataset and hides cross-tenant records as not found.", "comments": [ "Dataset detail - inspects one dataset and hides cross-tenant records as not found." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/datasets/:id/split", "line": 21746, "source": "src/router.js", "short": "Dataset split - recomputes a deterministic train/holdout split for an owned dataset.", "comments": [ "Dataset split - recomputes a deterministic train/holdout split for an owned dataset." ], "stub": false, "expanded_from": null } ] }, { "key": "deploy", "label": "Deploy", "routes": [ { "method": "POST", "path": "/v1/deploy", "line": 22657, "source": "src/router.js", "short": "HTTP control plane: POST /v1/deploy + /v1/deploy/canary +", "comments": [ "HTTP control plane: POST /v1/deploy + /v1/deploy/canary +", "/v1/test-device + /v1/test-quants. All require auth (auth.js gates via", "PUBLIC_API allowlist; these paths are NOT in PUBLIC_API, so an unauth", "request returns 401 from the auth middleware). The handlers below simply", "do shape-validation + delegate to the same modules the CLI calls." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/deploy/canary", "line": 22677, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/deploy/runpod", "line": 22563, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/deploy/runpod/:pod_id", "line": 22627, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/deploy/runpod/:pod_id", "line": 22615, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/deploy/runpod/:pod_id/logs", "line": 22639, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "device", "label": "Device", "routes": [ { "method": "POST", "path": "/v1/device/check", "line": 19070, "source": "src/router.js", "short": "Device requirement check - compares a target profile against a named host profile.", "comments": [ "Device requirement check - compares a target profile against a named host profile." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/device/probe", "line": 19080, "source": "src/router.js", "short": "Device host probe - detects this server's local profile using best-effort hardware probes.", "comments": [ "Device host probe - detects this server's local profile using best-effort hardware probes." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/device/profiles", "line": 19058, "source": "src/router.js", "short": "Device capability profiles - list static target profiles for artifact compatibility checks.", "comments": [ "Device capability profiles - list static target profiles for artifact compatibility checks." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/device/profiles/:device_id", "line": 19063, "source": "src/router.js", "short": "Device capability profile detail - returns one static profile or 404 for unknown device ids.", "comments": [ "Device capability profile detail - returns one static profile or 404 for unknown device ids." ], "stub": false, "expanded_from": null } ] }, { "key": "devices", "label": "Devices", "routes": [ { "method": "GET", "path": "/v1/devices", "line": 22035, "source": "src/router.js", "short": "Device fleet list - enumerates operator-registered device profiles newest first.", "comments": [ "Device fleet list - enumerates operator-registered device profiles newest first." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/devices/:id", "line": 22248, "source": "src/router.js", "short": "Guarded so we DO NOT intercept the legacy DELETE /v1/devices/:id/install/:artifact_id", "comments": [ "Guarded so we DO NOT intercept the legacy DELETE /v1/devices/:id/install/:artifact_id", "(Express route ordering means specific routes registered earlier win; we", "are below /v1/devices/:id/install handler so :id here only matches single segment)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/devices/:id", "line": 22264, "source": "src/router.js", "short": "per-file store so existing dashboards stay working.", "comments": [ "per-file store so existing dashboards stay working.", "NOTE: this is registered LAST so the more specific /v1/devices/detect,", "/v1/devices/list, /v1/devices/recommend, /v1/devices/installed routes", "above keep matching ahead of it." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/:id/heartbeat", "line": 22227, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/:id/install", "line": 22142, "source": "src/router.js", "short": "Device artifact install - stages a .kolm artifact by path or hash onto a registered device.", "comments": [ "Device artifact install - stages a .kolm artifact by path or hash onto a registered device." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/devices/:id/install/:artifact_id", "line": 22165, "source": "src/router.js", "short": "Device artifact uninstall - removes a staged artifact install for one registered device.", "comments": [ "Device artifact uninstall - removes a staged artifact install for one registered device." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/:id/probe", "line": 22209, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/:id/register", "line": 22115, "source": "src/router.js", "short": "Device fleet registration - validates and stores a canonical profile for a device id.", "comments": [ "Device fleet registration - validates and stores a canonical profile for a device id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/:id/test", "line": 22124, "source": "src/router.js", "short": "Device fleet test - probes reachability and runtime status for a registered device.", "comments": [ "Device fleet test - probes reachability and runtime status for a registered device." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/add", "line": 22281, "source": "src/router.js", "short": "browser-form translator for /account/fleet \"Add device\" modal.", "comments": [ "browser-form translator for /account/fleet \"Add device\" modal.", "The form posts {name, type, tags, connection:{host,user,key_path|base_url|kubeconfig,namespace}}", "which we flatten to DeviceRegistry.register() args." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/devices/detect", "line": 22043, "source": "src/router.js", "short": "Device fleet detect - probes local hardware and persists the local fleet profile.", "comments": [ "Device fleet detect - probes local hardware and persists the local fleet profile." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/detect", "line": 23560, "source": "src/router.js", "short": "Device fleet detect with hints - refreshes local inventory using optional device hints.", "comments": [ "Device fleet detect with hints - refreshes local inventory using optional device hints." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/devices/installed", "line": 22132, "source": "src/router.js", "short": "Device install list - returns staged artifact installs, optionally filtered by device_id.", "comments": [ "Device install list - returns staged artifact installs, optionally filtered by device_id." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/devices/list", "line": 22100, "source": "src/router.js", "short": "?type=&tag=&status=&includeRemoved=1", "comments": [ "?type=&tag=&status=&includeRemoved=1" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/devices/recommend", "line": 22194, "source": "src/router.js", "short": "Device recommendation default - recommends target and quantization for the detected profile.", "comments": [ "Device recommendation default - recommends target and quantization for the detected profile." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/recommend", "line": 22182, "source": "src/router.js", "short": "Device recommendation - chooses runtime target and quantization for profile/artifact inputs.", "comments": [ "Device recommendation - chooses runtime target and quantization for profile/artifact inputs." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/register", "line": 22085, "source": "src/router.js", "short": "Body matches DeviceRegistry.register() args:", "comments": [ "Body matches DeviceRegistry.register() args:", "{ id, name?, host?, port?, user?, type, keyPath?, tags?, hardware_hint? }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/devices/remove", "line": 22309, "source": "src/router.js", "short": "POST shim for /v1/devices/remove (fleet.html \"Remove\" button uses POST not DELETE).", "comments": [ "POST shim for /v1/devices/remove (fleet.html \"Remove\" button uses POST not DELETE).", "Accepts {name|id, hard?}. Soft delete by default." ], "stub": false, "expanded_from": null } ] }, { "key": "diagnose", "label": "Diagnose", "routes": [ { "method": "POST", "path": "/v1/diagnose", "line": 7642, "source": "src/router.js", "short": "POST mirror - body carries artifact_cid (matches existing", "comments": [ "POST mirror - body carries artifact_cid (matches existing", "/v1/pipeline/run + /v1/bakeoffs body shape)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/diagnose/:cid", "line": 7647, "source": "src/router.js", "short": "GET twin - path param carries cid.", "comments": [ "GET twin - path param carries cid." ], "stub": false, "expanded_from": null } ] }, { "key": "distill", "label": "Distill", "routes": [ { "method": "POST", "path": "/v1/distill/from-captures", "line": 16192, "source": "src/router.js", "short": "Distill from captures - turns the caller's namespace captures into either", "comments": [ "Distill from captures - turns the caller's namespace captures into either", "a recipe (template-cluster >=4 captures) or a specialist distill job (when", "total captures >=1000 or mode='specialist' is forced). Returns the synth", "result for recipes, {job_id, poll_url, bridge_source} (202) for specialists.", "Body: { namespace, min_pairs, mode, name }." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/from-captures/preview", "line": 15987, "source": "src/router.js", "short": "Commit (POST) picks recipe vs specialist by count (<1000 vs >=1000),", "comments": [ "Commit (POST) picks recipe vs specialist by count (<1000 vs >=1000),", "forwards to /v1/bridges/auto-synthesize (recipe) or KOLM_TRAINER_BRIDGE_URL", "(specialist). Errors surface as 503 (capture-store) / 400 (not_enough/", "no_cluster). W364: specialist arm always returns 202 with job_id (either", "remote bridge or in-tree worker via src/distill-bridge.js)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/distill/onpolicy", "line": 16355, "source": "src/router.js", "short": "Run an on-policy distillation against a teacher-student pair via the", "comments": [ "Run an on-policy distillation against a teacher-student pair via the", "tenant-installed trainer plug-in. Auth-gated. Body: { pairs_path, student_path,", "out_dir, namespace, max_steps }. Returns trainer envelope or no_trainer_installed." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/onpolicy/doctor", "line": 6066, "source": "src/router.js", "short": "Public trainer doctors. These report only local trainer availability and", "comments": [ "Public trainer doctors. These report only local trainer availability and", "install hints, so CLIs can decide whether a host is train-capable before a", "tenant exists. Training jobs themselves remain authenticated below." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/distill/preference", "line": 16377, "source": "src/router.js", "short": "Train a preference-pair objective (dpo/simpo/orpo/kto) via the tenant", "comments": [ "Train a preference-pair objective (dpo/simpo/orpo/kto) via the tenant", "installed trainer plug-in. Auth-gated. Body: { pairs_path, student_path,", "objective, out_dir, namespace, beta }. Returns trainer envelope." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/preference/doctor", "line": 6077, "source": "src/router.js", "short": "Preference distillation doctor - unauthenticated capability report for the", "comments": [ "Preference distillation doctor - unauthenticated capability report for the", "DPO/SIMPO/ORPO/KTO training path and its local dependency hints." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/runs", "line": 16314, "source": "src/router.js", "short": "Reads ~/.kolm/distill-runs/run_/{run-meta.json, progress.jsonl, manifest.json}.", "comments": [ "Reads ~/.kolm/distill-runs/run_/{run-meta.json, progress.jsonl, manifest.json}.", "Tenant-scoped: listDistillRuns filters by req.tenant_record.id (fail closed", "on missing tag). The progress.jsonl events are emitted from distill() each", "step so the dashboard can replay the loss curve without re-running the job." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/runs/:id", "line": 16330, "source": "src/router.js", "short": "Distill run detail - reads ~/.kolm/distill-runs/run_/{run-meta.json,", "comments": [ "Distill run detail - reads ~/.kolm/distill-runs/run_/{run-meta.json,", "progress.jsonl, manifest.json} for one run. Tenant-scoped - 404 when run", "belongs to another tenant or id doesn't match /^run_[a-z0-9_]+$/i." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/strategy", "line": 16142, "source": "src/router.js", "short": "Distill strategy plan - ranks the next backend action from current data,", "comments": [ "Distill strategy plan - ranks the next backend action from current data,", "holdout, privacy, teacher, preference, latency, and budget constraints.", "This planner does not launch training or call providers." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/distill/strategy", "line": 16164, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/distill/strategy/catalog", "line": 16105, "source": "src/router.js", "short": "Distill strategy catalog - static decision vocabulary for data collection,", "comments": [ "Distill strategy catalog - static decision vocabulary for data collection,", "rule/cache first paths, supervised fine-tune, teacher distillation,", "preference optimization, on-policy improvement, and speculative decoding." ], "stub": false, "expanded_from": null } ] }, { "key": "draft", "label": "Draft", "routes": [ { "method": "POST", "path": "/v1/draft/save", "line": 1450, "source": "src/router.js", "short": "so authed callers can later resume; anon callers also get an id but", "comments": [ "so authed callers can later resume; anon callers also get an id but", "the persistence flag is false (the page falls back to localStorage)." ], "stub": false, "expanded_from": null } ] }, { "key": "drift", "label": "Drift", "routes": [ { "method": "GET", "path": "/v1/drift/alerts", "line": 26613, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/auto-remediate", "line": 26635, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/configure", "line": 26581, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/detect", "line": 20611, "source": "src/router.js", "short": "Drift detect - compares two drift snapshots (baseline vs current) and", "comments": [ "Drift detect - compares two drift snapshots (baseline vs current) and", "returns signals + verdict ('within' | 'drift' | 'breach') with breach/drift", "counts. Body: { baseline_snapshot, current_snapshot, tolerances }." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/report", "line": 20633, "source": "src/router.js", "short": "Drift report - builds a full drift report (signals + narrative + tolerance", "comments": [ "Drift report - builds a full drift report (signals + narrative + tolerance", "block + caller notes) from two snapshots. Same inputs as /v1/drift/detect", "but returns the formatted report ready for archival or UI rendering." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/scan", "line": 26455, "source": "src/router.js", "short": "unless config.auto_remediate_drift === true AND body.dry_run !== true.", "comments": [ "unless config.auto_remediate_drift === true AND body.dry_run !== true.", "dry_run defaults to TRUE so a misclick cannot kick off a re-distill.", "All five are tenant-fenced via req.tenant_record.id (W411 law)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/drift/snapshot", "line": 20589, "source": "src/router.js", "short": "the 12-step compile→verify→run→drift→retrain loop. W434 exposes three", "comments": [ "the 12-step compile→verify→run→drift→retrain loop. W434 exposes three", "tenant-scoped POST routes that wrap the existing pure functions. The", "routes are stateless (no server-side persistence) - the report's hash", "is verifiable client-side, so the round-trip is just \"validate my", "inputs + compute signals + return the report you can persist anywhere.\"" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/drift/status", "line": 26516, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "drift-alert", "label": "Drift Alert", "routes": [ { "method": "GET", "path": "/v1/drift-alert", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/drift-alert/:namespace", "line": 20735, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/drift-alert/snapshot", "line": 20669, "source": "src/router.js", "short": "tie-in: when shouldAlert() fires the route calls", "comments": [ "tie-in: when shouldAlert() fires the route calls", "driftAlertStore.registerDriftWarning() so the NEXT W709 routing", "decision can stamp `drift_warning:true`. Honest fallback: if the W709", "routing-events module is not loaded, the warning is still registered", "(it is in-memory) and the W709 hook simply never reads it." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/drift-alert/webhooks", "line": 20836, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "embed", "label": "Embed", "routes": [ { "method": "POST", "path": "/v1/embed", "line": 9593, "source": "src/router.js", "short": "Tokenize-and-ingest a path (or array of paths). The path must live on the", "comments": [ "Tokenize-and-ingest a path (or array of paths). The path must live on the", "server; for now we support self-host where the kolm cloud runs alongside", "a tenant's mounted corpus directory. For the SaaS path we'll add an", "upload endpoint in Sprint 2." ], "stub": false, "expanded_from": null } ] }, { "key": "embeddings", "label": "Embeddings", "routes": [ { "method": "POST", "path": "/v1/embeddings", "line": 5512, "source": "src/router.js", "short": "OpenAI-compatible passthrough for the responses, embeddings, and", "comments": [ "OpenAI-compatible passthrough for the responses, embeddings, and", "moderations endpoints. Each routes through __connectorProxy('openai', ...)", "so the upstream OpenAI API is reached with the configured key, and the", "request/response is captured into the tenant lake." ], "stub": false, "expanded_from": "p" } ] }, { "key": "eval", "label": "Evaluation", "routes": [ { "method": "POST", "path": "/v1/eval/adversarial/generate", "line": 26946, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/benchmark-evidence", "line": 2178, "source": "src/router.js", "short": "Benchmark evidence readiness for comparative claims. This route audits", "comments": [ "Benchmark evidence readiness for comparative claims. This route audits", "local evidence files and reports the exact public data lanes still needed;", "it never calls providers and never returns secret values." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/benchmark-evidence/template", "line": 2225, "source": "src/router.js", "short": "Benchmark evidence template - returns the strict provider/runtime lane", "comments": [ "Benchmark evidence template - returns the strict provider/runtime lane", "schema required before comparative benchmark claims can be marked public." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/eval/benchmark-evidence/validate", "line": 2260, "source": "src/router.js", "short": "Benchmark evidence validation - validates a proposed provider matrix", "comments": [ "Benchmark evidence validation - validates a proposed provider matrix", "without saving it, calling providers, or exposing secrets." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/eval/gate", "line": 11926, "source": "src/router.js", "short": "Compile/promote eval gate (standalone evaluation endpoint)", "comments": [ "Compile/promote eval gate (standalone evaluation endpoint)" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/k-score-calibration", "line": 2103, "source": "src/router.js", "short": "K-score calibration - public, frozen benchmark contract for the score", "comments": [ "K-score calibration - public, frozen benchmark contract for the score", "formula, 30-case suite, class mix, axis means, and manual-review", "leaderboard. This proves how K-score is computed; live model ranking", "claims require separate public benchmark evidence." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/quality-calibration", "line": 2301, "source": "src/router.js", "short": "Quality judge calibration - public, deterministic fixture for the", "comments": [ "Quality judge calibration - public, deterministic fixture for the", "per-call quality judge. This is calibration evidence, not a broad claim", "that autonomous judging matches every review domain." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/tenant_holdout", "line": 14087, "source": "src/router.js", "short": "Tenant holdout list - returns the authenticated tenant's retained shadow corpus metadata.", "comments": [ "Tenant holdout list - returns the authenticated tenant's retained shadow corpus metadata." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/eval/tenant_holdout", "line": 14042, "source": "src/router.js", "short": "All four are authed (mounted below authMiddleware) and per-tenant scoped:", "comments": [ "All four are authed (mounted below authMiddleware) and per-tenant scoped:", "a tenant can only read/write/delete corpora under its own tenant_id. The", "tenant_id is derived from req.tenant_record.id (the authenticated tenant)", "rather than accepted as a body field, so a forged tenant_id is impossible." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/eval/tenant_holdout/:corpus_id", "line": 14125, "source": "src/router.js", "short": "Tenant holdout delete - removes one authenticated tenant corpus and audits the deletion.", "comments": [ "Tenant holdout delete - removes one authenticated tenant corpus and audits the deletion." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/eval/tenant_holdout/:corpus_id", "line": 14099, "source": "src/router.js", "short": "Tenant holdout detail - returns hash and size metadata without exposing corpus rows.", "comments": [ "Tenant holdout detail - returns hash and size metadata without exposing corpus rows." ], "stub": false, "expanded_from": null } ] }, { "key": "evidence", "label": "Evidence", "routes": [ { "method": "GET", "path": "/v1/evidence", "line": 8904, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/evidence/", "line": 8905, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/evidence/:id", "line": 8823, "source": "src/router.js", "short": "Looks up the owning artifact via the per-node reverse index; returns", "comments": [ "Looks up the owning artifact via the per-node reverse index; returns", "the verbatim node record (id, kind, plus any caller-supplied attrs).", "404 when the node id is not in any artifact's DAG." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/evidence/:id/revoke", "line": 8846, "source": "src/router.js", "short": "lifecycle revoke transition).", "comments": [ "lifecycle revoke transition).", "Returns { revoked, needs_review[] }. The revoke verdict does NOT", "mutate the artifact's signed receipt - receipts seal bytes, not", "operational provenance - so propagation is a verdict written to the", "caller's audit trail, not a state-machine transition." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/evidence/readiness", "line": 1785, "source": "src/router.js", "short": "Evidence readiness - one public, secret-safe aggregate for every proof gate", "comments": [ "Evidence readiness - one public, secret-safe aggregate for every proof gate", "that can keep product copy from saying \"final\" too early. This mirrors", "`kolm evidence --json` so account UI, docs, CLI, and release audits share", "the same local/external boundary." ], "stub": false, "expanded_from": null } ] }, { "key": "experts", "label": "Experts", "routes": [ { "method": "POST", "path": "/v1/experts", "line": 28829, "source": "src/router.js", "short": "Body: { artifact_path, threshold? }", "comments": [ "Body: { artifact_path, threshold? }", "The artifact must be operator-side (path on the server). Returns", "per-expert activation + prune candidates + estimated K-Score impact." ], "stub": false, "expanded_from": null } ] }, { "key": "export", "label": "Export", "routes": [ { "method": "POST", "path": "/v1/export", "line": 29067, "source": "src/router.js", "short": "gguf/awq/exl2/mlx/onnx/tflite/coreml/openvino). Returns the plan +", "comments": [ "gguf/awq/exl2/mlx/onnx/tflite/coreml/openvino). Returns the plan +", "estimated size + invocation hint; actual export runs via the CLI worker." ], "stub": false, "expanded_from": null } ] }, { "key": "exports", "label": "Exports", "routes": [ { "method": "GET", "path": "/v1/exports", "line": 29179, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/exports", "line": 29163, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/exports/:id", "line": 29191, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "failure-modes", "label": "Failure Modes", "routes": [ { "method": "POST", "path": "/v1/failure-modes", "line": 8253, "source": "src/router.js", "short": "POST mirror - body carries artifact_cid.", "comments": [ "POST mirror - body carries artifact_cid." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/failure-modes/:cid", "line": 8258, "source": "src/router.js", "short": "GET twin - path param carries cid.", "comments": [ "GET twin - path param carries cid." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/failure-modes/feed-active-learning", "line": 27285, "source": "src/router.js", "short": "Auth-gated via req.tenant_record. Tenant fence is forced from the", "comments": [ "Auth-gated via req.tenant_record. Tenant fence is forced from the", "authenticated record - any body.tenant value is overridden so a caller", "cannot point this at another tenant's namespace. The namespace IS read", "from the body because a single tenant routinely operates many", "namespaces and W816 closes the loop per-namespace." ], "stub": false, "expanded_from": null } ] }, { "key": "federated", "label": "Federated", "routes": [ { "method": "POST", "path": "/v1/federated/aggregate", "line": 20249, "source": "src/router.js", "short": "Federated approval aggregate - returns DP-noised counts across local and peer approval hashes.", "comments": [ "Federated approval aggregate - returns DP-noised counts across local and peer approval hashes." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/audit", "line": 20274, "source": "src/router.js", "short": "Federated audit - returns recent hash-only approval-share envelopes for the tenant.", "comments": [ "Federated audit - returns recent hash-only approval-share envelopes for the tenant." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/consortium", "line": 28627, "source": "src/router.js", "short": "/v1/federated/consortium - bare GET that points the TUI at the W830", "comments": [ "/v1/federated/consortium - bare GET that points the TUI at the W830", "members collection. The federated-consortium-routes module owns the", "tenant-scoped membership reads; here we add a no-query alias that", "returns the empty-state envelope when no consortium_id is supplied so", "the TUI view always has something to render." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/consortium/aggregations", "line": 245, "source": "src/federated-consortium-routes.js", "short": "Returns recent aggregation runs with status, epsilon spent, and", "comments": [ "Returns recent aggregation runs with status, epsilon spent, and", "participant count. Defense-in-depth: only returns rows where this", "tenant is a participant OR rows are visible to the consortium's", "listed members (default)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/consortium/budget", "line": 202, "source": "src/federated-consortium-routes.js", "short": "Returns the consortium-wide privacy budget: epsilon_spent (summed across", "comments": [ "Returns the consortium-wide privacy budget: epsilon_spent (summed across", "recorded aggregation rounds) vs epsilon_allocated (from the consortium", "state). Also surfaces per-tenant epsilon_spent_by_self so a tenant can", "see how much budget THEY have burned." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/consortium/members", "line": 167, "source": "src/federated-consortium-routes.js", "short": "Returns the list of opted-in members. Every member row includes its", "comments": [ "Returns the list of opted-in members. Every member row includes its", "contribution_count + last_share_at so the UI can show \"who's pulling", "their weight\". The caller's own member row is always included." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/consortium/opt-in", "line": 85, "source": "src/federated-consortium-routes.js", "short": "Body: { consortium_id, scope?:[ns...], epsilon_allocated?:number, note? }", "comments": [ "Body: { consortium_id, scope?:[ns...], epsilon_allocated?:number, note? }", "Writes the member row into the consortium's single-tenant view + audits", "contribution_count=0 baseline + last_share_at=null." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/consortium/opt-out", "line": 127, "source": "src/federated-consortium-routes.js", "short": "Body: { consortium_id, reason? }", "comments": [ "Body: { consortium_id, reason? }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/consortium/verify-mia", "line": 292, "source": "src/federated-consortium-routes.js", "short": "Body: { artifact_id, test_inputs:[...], shadow_models?:[...],", "comments": [ "Body: { artifact_id, test_inputs:[...], shadow_models?:[...],", "train_set?:[...], holdout_set?:[...], p_threshold? }", "Honest stub when shadow_models empty (returns mia_requires_shadow_models)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/opt-in", "line": 20202, "source": "src/router.js", "short": "Federated opt-in - records tenant namespaces and peers for hash-only approval sharing.", "comments": [ "Federated opt-in - records tenant namespaces and peers for hash-only approval sharing." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/opt-out", "line": 20218, "source": "src/router.js", "short": "Federated opt-out - clears tenant approval-sharing opt-in state and records the reason.", "comments": [ "Federated opt-out - clears tenant approval-sharing opt-in state and records the reason." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/federated/peers", "line": 20264, "source": "src/router.js", "short": "Federated peers - lists other opted-in approval-sharing peers visible to the tenant.", "comments": [ "Federated peers - lists other opted-in approval-sharing peers visible to the tenant." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/federated/share-approvals", "line": 20229, "source": "src/router.js", "short": "Federated approval share - emits hash-only approval rows for an opted-in namespace.", "comments": [ "Federated approval share - emits hash-only approval rows for an opted-in namespace." ], "stub": false, "expanded_from": null } ] }, { "key": "fit", "label": "Fit", "routes": [ { "method": "POST", "path": "/v1/fit", "line": 28797, "source": "src/router.js", "short": "Body: { model_params_b, quant, vram_gb, context?, batch?, kv_precision? }", "comments": [ "Body: { model_params_b, quant, vram_gb, context?, batch?, kv_precision? }", "Returns the same envelope as the CLI: {fits, est_total_gb, est_weights_gb,", "est_kv_gb, est_activations_gb, headroom_gb, recommendation}." ], "stub": false, "expanded_from": null } ] }, { "key": "fl", "label": "Fl", "routes": [ { "method": "POST", "path": "/v1/fl/aggregate", "line": 19141, "source": "src/router.js", "short": "Federated aggregate - folds verified client deltas into one foundation-state aggregate receipt.", "comments": [ "Federated aggregate - folds verified client deltas into one foundation-state aggregate receipt." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/fl/contribution/verify", "line": 19131, "source": "src/router.js", "short": "Federated contribution verify - checks a client update receipt against the announced round.", "comments": [ "Federated contribution verify - checks a client update receipt against the announced round." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/fl/round/new", "line": 19123, "source": "src/router.js", "short": "Federated round create - creates a foundation-state round and returns its stable round hash.", "comments": [ "Federated round create - creates a foundation-state round and returns its stable round hash." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/fl/strategies", "line": 19114, "source": "src/router.js", "short": "federated learning", "comments": [ "federated learning" ], "stub": false, "expanded_from": null } ] }, { "key": "fleet", "label": "Fleet", "routes": [ { "method": "POST", "path": "/v1/fleet/deploy", "line": 22398, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/fleet/monitor", "line": 22455, "source": "src/router.js", "short": "For long-running monitoring use the CLI `kolm fleet monitor` instead.", "comments": [ "For long-running monitoring use the CLI `kolm fleet monitor` instead." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/fleet/rollback", "line": 22419, "source": "src/router.js", "short": "Browser button passes {device}; CLI passes {tag|namespace, confirm:true}.", "comments": [ "Browser button passes {device}; CLI passes {tag|namespace, confirm:true}." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/fleet/status", "line": 22386, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/fleet/stop", "line": 22437, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "free", "label": "Free", "routes": [ { "method": "POST", "path": "/v1/free/chat", "line": 10023, "source": "src/router.js", "short": "20 messages/day to tinker with the intent classifier; if a tenant key is", "comments": [ "20 messages/day to tinker with the intent classifier; if a tenant key is", "attached the route upgrades to the full /v1/intent/ask snapshot. This is", "the SAME pipe pre-auth and post-auth, so the homepage chat box and the", "/account console chat box share the contract. Anon callers cannot read", "tenant state - snapshotContext is called with tenant_id=null." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/free/cli", "line": 10380, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/free/cli/allowlist", "line": 10444, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "gateway", "label": "Gateway", "routes": [ { "method": "GET", "path": "/v1/gateway/dashboard", "line": 6255, "source": "src/router.js", "short": "W-G wrapper-completion - GET /v1/gateway/dashboard", "comments": [ "W-G wrapper-completion - GET /v1/gateway/dashboard", "Aggregate routing breakdown + cost-savings + recent calls for the", "/account/gateway.html dashboard. Tenant-scoped via findByTenant." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/gateway/dispatch", "line": 6479, "source": "src/router.js", "short": "6. Build the kolm-audit-1 receipt, sign it, persist + return.", "comments": [ "6. Build the kolm-audit-1 receipt, sign it, persist + return.", "Every fallback marks `capture_eligible: true` so the flywheel picks up", "the cases where the local model fell short." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/gateway/health", "line": 6091, "source": "src/router.js", "short": "5 - public gateway liveness probe. Mirrors /health for the", "comments": [ "5 - public gateway liveness probe. Mirrors /health for the", "gateway sub-system: ok:true + version + module-loadable signal.", "Mounted before r.use(authMiddleware) so it is reachable without an API", "key. Ship-gate consumers use this to confirm the gateway dispatch path", "is wired without paying for a real upstream call." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/gateway/mode", "line": 6220, "source": "src/router.js", "short": "Auth-gated (mounted after r.use(authMiddleware)). Probes both local backends", "comments": [ "Auth-gated (mounted after r.use(authMiddleware)). Probes both local backends", "with a 1-second HEAD timeout so a slow / unreachable backend never blocks", "the dashboard. The response surfaces the resolved mode (NOT the raw env", "value) so a callers sees what currentMode() actually decided." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/gateway/providers", "line": 6337, "source": "src/router.js", "short": "W-G wrapper-completion - GET /v1/gateway/providers", "comments": [ "W-G wrapper-completion - GET /v1/gateway/providers", "Return the 11 supported providers with the customer's per-tenant config", "overlaid (enabled, rate_limit, position-in-chain). Reads the registry", "for the canonical list, then merges per-tenant overrides if any." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/gateway/providers/config", "line": 6368, "source": "src/router.js", "short": "W-G wrapper-completion - POST /v1/gateway/providers/config", "comments": [ "W-G wrapper-completion - POST /v1/gateway/providers/config", "Persist per-tenant provider overrides (enabled toggle, position-in-chain,", "RPM limit). API keys are NEVER stored in the row - operators set them", "as environment variables; we only persist the FLAG that one is set." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/gateway/test-connection", "line": 6407, "source": "src/router.js", "short": "W-G wrapper-completion - POST /v1/gateway/test-connection", "comments": [ "W-G wrapper-completion - POST /v1/gateway/test-connection", "Fire a tiny ping against an upstream to verify the key works. Body:", "{provider: 'anthropic', api_key: 'sk-ant-...'}. Returns {ok, status,", "elapsed_ms} but never echoes the key back." ], "stub": false, "expanded_from": null } ] }, { "key": "gemini", "label": "Gemini", "routes": [ { "method": "POST", "path": "/v1/gemini/chat/completions", "line": 5953, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/gemini/v1/chat/completions", "line": 5952, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "govern", "label": "Govern", "routes": [ { "method": "POST", "path": "/v1/govern/anchor/batch", "line": 121, "source": "src/govern-routes.js", "short": "ANCHOR - Merkle batch anchoring of receipts.", "comments": [ "ANCHOR - Merkle batch anchoring of receipts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/anchor/status", "line": 148, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/anchor/verify", "line": 157, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/c2pa/sign", "line": 267, "source": "src/govern-routes.js", "short": "C2PA - content credentials for model outputs.", "comments": [ "C2PA - content credentials for model outputs." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/c2pa/verify", "line": 296, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/compliance/ai-act/art12", "line": 358, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/compliance/ai-act/art12-export", "line": 389, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/compliance/ai-act/art72", "line": 373, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/compliance/export", "line": 339, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/compliance/frameworks", "line": 333, "source": "src/govern-routes.js", "short": "COMPLIANCE - framework evidence + EU AI Act live reports.", "comments": [ "COMPLIANCE - framework evidence + EU AI Act live reports." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/drift/standard", "line": 316, "source": "src/govern-routes.js", "short": "DRIFT - standard signals.", "comments": [ "DRIFT - standard signals." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/intoto/:receipt_id", "line": 102, "source": "src/intoto-receipt-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/intoto/verify", "line": 155, "source": "src/intoto-receipt-routes.js", "short": "body: { bundle | envelope, public_key?, subject_digest_map? }", "comments": [ "body: { bundle | envelope, public_key?, subject_digest_map? }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/provenance/build", "line": 231, "source": "src/govern-routes.js", "short": "PROVENANCE - in-toto / SLSA build provenance.", "comments": [ "PROVENANCE - in-toto / SLSA build provenance." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/provenance/verify", "line": 249, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/govern/transparency/append", "line": 177, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/transparency/head", "line": 200, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/govern/transparency/proof/:seq", "line": 214, "source": "src/govern-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "groups", "label": "Groups", "routes": [ { "method": "GET", "path": "/v1/groups", "line": 20037, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/groups", "line": 20048, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/groups/:slug", "line": 20095, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/groups/:slug", "line": 20065, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PATCH", "path": "/v1/groups/:slug", "line": 20077, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "hardware", "label": "Hardware", "routes": [ { "method": "GET", "path": "/v1/hardware", "line": 28763, "source": "src/router.js", "short": "Unauthed: returns the operator's local accelerator profile so an Account UI", "comments": [ "Unauthed: returns the operator's local accelerator profile so an Account UI", "running on the same host can render a \"what fits\" picker without auth." ], "stub": false, "expanded_from": null } ] }, { "key": "health", "label": "Health", "routes": [ { "method": "GET", "path": "/v1/health", "line": 7076, "source": "src/router.js", "short": "Authenticated /v1/health - full snapshot including provider availability", "comments": [ "Authenticated /v1/health - full snapshot including provider availability", "and feature flags. Admin-only because the booleans are useful signal for", "staff debugging but unnecessary surface for tenants. Public /health", "(above the authMiddleware) is the lightweight no-leak version." ], "stub": false, "expanded_from": null } ] }, { "key": "hub", "label": "Hub", "routes": [ { "method": "GET", "path": "/v1/hub", "line": 9485, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/hub/:owner/:name", "line": 9513, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/hub/:owner/:name/download", "line": 9549, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/hub/publish", "line": 9385, "source": "src/router.js", "short": "body: { name, visibility?: 'public'|'private', artifact_b64, metadata? }", "comments": [ "body: { name, visibility?: 'public'|'private', artifact_b64, metadata? }", "Stores the artifact bytes + metadata. Returns { handle, owner, name, sha256, url }." ], "stub": false, "expanded_from": null } ] }, { "key": "import", "label": "Import", "routes": [ { "method": "POST", "path": "/v1/import/inspect", "line": 7281, "source": "src/router.js", "short": "Both routes are auth-gated. The python3 parsers live in", "comments": [ "Both routes are auth-gated. The python3 parsers live in", "apps/import/{gguf,safetensors,onnx}.py and run in-process via spawnSync", "from src/import.js; missing python3 surfaces a 503 python3_missing", "envelope - never a 500, never a silent fake." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/import/wrap", "line": 7306, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "inspect", "label": "Inspect", "routes": [ { "method": "POST", "path": "/v1/inspect", "line": 28777, "source": "src/router.js", "short": "Body: { model_id?: string, kolm_path?: string }", "comments": [ "Body: { model_id?: string, kolm_path?: string }", "For HF id: fetches config.json over the public HF endpoint. For .kolm:", "reads manifest from disk (operator-side path) with signature bypass since", "inspection is read-only." ], "stub": false, "expanded_from": null } ] }, { "key": "integrations", "label": "Integrations", "routes": [ { "method": "DELETE", "path": "/v1/integrations/runpod", "line": 22554, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/integrations/runpod", "line": 22528, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/integrations/runpod", "line": 22509, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/integrations/runpod/test", "line": 22541, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "intent", "label": "Intent", "routes": [ { "method": "POST", "path": "/v1/intent/ask", "line": 10453, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/intent/next", "line": 9975, "source": "src/router.js", "short": "pair locally; this route runs it server-side so the post-auth dashboard", "comments": [ "pair locally; this route runs it server-side so the post-auth dashboard", "can render the same top-N ranked actions without shelling out. Auth-gated.", "Response envelope: { ok, recommendations: [{action, command, why, rank}],", "generated_at, snapshot_summary: {captures, opps, ...} }" ], "stub": false, "expanded_from": null } ] }, { "key": "ir", "label": "Ir", "routes": [ { "method": "POST", "path": "/v1/ir/compile", "line": 18875, "source": "src/router.js", "short": "ir", "comments": [ "ir" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/ir/replay", "line": 18924, "source": "src/router.js", "short": "IR replay - replays every workflow IR seed and reports deterministic mismatches.", "comments": [ "IR replay - replays every workflow IR seed and reports deterministic mismatches." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/ir/stats", "line": 18906, "source": "src/router.js", "short": "IR stats - validates a body-supplied workflow IR and returns node, edge, seed, kind, and hash counts.", "comments": [ "IR stats - validates a body-supplied workflow IR and returns node, edge, seed, kind, and hash counts." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/ir/validate", "line": 18915, "source": "src/router.js", "short": "IR validate - checks body-supplied workflow IR structure and returns its receipt-bound hash.", "comments": [ "IR validate - checks body-supplied workflow IR structure and returns its receipt-bound hash." ], "stub": false, "expanded_from": null } ] }, { "key": "jobs", "label": "Jobs", "routes": [ { "method": "GET", "path": "/v1/jobs/:id", "line": 14670, "source": "src/router.js", "short": "Job status (used by HF / URL queued jobs + W229 on-disk job registry +", "comments": [ "Job status (used by HF / URL queued jobs + W229 on-disk job registry +", "distill bridge). Order: corpus_jobs / specialists in-DB, then the", "src/jobs.js per-file on-disk registry." ], "stub": false, "expanded_from": null } ] }, { "key": "keys", "label": "Keys", "routes": [ { "method": "POST", "path": "/v1/keys/challenge", "line": 3364, "source": "src/router.js", "short": "Key challenge - issues a proof-of-control nonce for Ed25519 key registration.", "comments": [ "Key challenge - issues a proof-of-control nonce for Ed25519 key registration." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/keys/public", "line": 3325, "source": "src/router.js", "short": "Public keys list - returns registered Ed25519 verification keys and directory stats.", "comments": [ "Public keys list - returns registered Ed25519 verification keys and directory stats.", "additionally surface the default receipt signing pubkey under", "source:'system' so /v1/verify callers can discover it without going", "through the challenge→sign→register flow first." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/keys/public/:fingerprint", "line": 3395, "source": "src/router.js", "short": "Public key delete - admin-only removal of a registered verification key.", "comments": [ "Public key delete - admin-only removal of a registered verification key." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/keys/public/:fingerprint", "line": 3353, "source": "src/router.js", "short": "Public key lookup - fetches one registered Ed25519 key by short or full fingerprint.", "comments": [ "Public key lookup - fetches one registered Ed25519 key by short or full fingerprint." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/keys/register", "line": 3378, "source": "src/router.js", "short": "Key register - verifies a signed challenge nonce and publishes the Ed25519 public key.", "comments": [ "Key register - verifies a signed challenge nonce and publishes the Ed25519 public key." ], "stub": false, "expanded_from": null } ] }, { "key": "kolmbench", "label": "Kolmbench", "routes": [ { "method": "GET", "path": "/v1/kolmbench/leaderboard", "line": 23909, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/kolmbench/spec", "line": 23895, "source": "src/router.js", "short": "only + safe to cache. Both POST routes require auth via the standard", "comments": [ "only + safe to cache. Both POST routes require auth via the standard", "middleware path; submit additionally requires body.confirm:true as a", "spend-protection gate (the W411 confirm-pattern). Honest envelopes on", "every degraded path." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/kolmbench/submit", "line": 23946, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/kolmbench/validate", "line": 23921, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "kscore", "label": "Kscore", "routes": [ { "method": "GET", "path": "/v1/kscore/series", "line": 18520, "source": "src/router.js", "short": "K-score time series for the namespaces flywheel chart (recorded by", "comments": [ "K-score time series for the namespaces flywheel chart (recorded by", "the autopilot lifecycle). Tenant-fenced; honest empty series when none." ], "stub": false, "expanded_from": null } ] }, { "key": "label-queue", "label": "Label Queue", "routes": [ { "method": "GET", "path": "/v1/label-queue/audit/:event_id", "line": 21917, "source": "src/router.js", "short": "full audit trail for a single event_id. Tests assert that every", "comments": [ "full audit trail for a single event_id. Tests assert that every", "approval/reject/edit decision is recorded with reviewer + timestamp +", "before/after output. The legacy /v1/labels/:event_id returns the last", "label only; this endpoint returns the whole sequence." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/label-queue/next", "line": 21828, "source": "src/router.js", "short": "The /account/labeling.html UI uses concrete label-queue aliases for the", "comments": [ "The /account/labeling.html UI uses concrete label-queue aliases for the", "canonical labels routes. Rather than chase the legacy page (and break any", "client polling the old paths), we alias the known endpoints. The shapes", "also tolerate the older field names", "(label vs verdict, accepted vs approved, pending vs decided)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/label-queue/stats", "line": 21858, "source": "src/router.js", "short": "Label-queue stats alias; adapts canonical labels stats names for the legacy UI.", "comments": [ "Label-queue stats alias; adapts canonical labels stats names for the legacy UI." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/label-queue/submit", "line": 21879, "source": "src/router.js", "short": "Label-queue submit alias; accepts legacy label names and stores canonical verdicts.", "comments": [ "Label-queue submit alias; accepts legacy label names and stores canonical verdicts." ], "stub": false, "expanded_from": null } ] }, { "key": "labels", "label": "Labels", "routes": [ { "method": "POST", "path": "/v1/labels", "line": 21776, "source": "src/router.js", "short": "Label submit - records a reviewer verdict for one event and blocks cross-tenant decisions.", "comments": [ "Label submit - records a reviewer verdict for one event and blocks cross-tenant decisions." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/labels/:event_id", "line": 21809, "source": "src/router.js", "short": "Label detail - fetches one persisted decision and hides cross-tenant event ids.", "comments": [ "Label detail - fetches one persisted decision and hides cross-tenant event ids." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/labels/next", "line": 21763, "source": "src/router.js", "short": "Labels next - returns tenant-scoped unlabeled events with optional namespace/workflow filters.", "comments": [ "Labels next - returns tenant-scoped unlabeled events with optional namespace/workflow filters." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/labels/stats", "line": 21801, "source": "src/router.js", "short": "Labels stats - returns tenant-scoped pending, approved, rejected, and edited counts.", "comments": [ "Labels stats - returns tenant-scoped pending, approved, rejected, and edited counts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/labels/synthesize-corpus", "line": 17969, "source": "src/router.js", "short": "Returns the captured (input, output) pairs for a namespace as JSONL or", "comments": [ "Returns the captured (input, output) pairs for a namespace as JSONL or", "a JSON envelope. This is what `kolm labels` downloads. Counts go to the", "status command so the customer can see \"ready to distill at 1000 pairs.\"", "1: reads via the durable capture-store (listCaptures) so the", "distillation corpus comes from the same backend the proxy writes to." ], "stub": false, "expanded_from": null } ] }, { "key": "lake", "label": "Lake", "routes": [ { "method": "POST", "path": "/v1/lake/contribute", "line": 24055, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/export", "line": 21669, "source": "src/router.js", "short": "Supports format=jsonl (default) | json | csv. Streams the buffer back.", "comments": [ "Supports format=jsonl (default) | json | csv. Streams the buffer back." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/lake/opt-in", "line": 24002, "source": "src/router.js", "short": "The W751 GET /v1/verticals/:id/fingerprint route already exists above; the", "comments": [ "The W751 GET /v1/verticals/:id/fingerprint route already exists above; the", "module is consumed via the new pattern-lake helpers. New code paths", "(CLI lake subverbs, the W757 docs page) call these routes directly." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/lake/opt-out", "line": 24033, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/repeated", "line": 21539, "source": "src/router.js", "short": "Lake repeated - finds clusters of repeated workflow inputs in the event", "comments": [ "Lake repeated - finds clusters of repeated workflow inputs in the event", "store (the W384 \"repeated workflows\" surface). Returns up to ?limit (max", "200, default 20) clusters with their representative input + member count." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/stats", "line": 21510, "source": "src/router.js", "short": "Lake stats - per-tenant event-store roll-up: row counts, byte size, oldest", "comments": [ "Lake stats - per-tenant event-store roll-up: row counts, byte size, oldest", "and newest timestamps, namespace breakdown. Accepts ?namespace, ?since,", "?provider, ?model, ?status, ?min_latency_ms, ?max_latency_ms, and", "?exclude_errors filters. Scoped via _tenantScope; admin sees cross-tenant", "aggregate." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/storage", "line": 21698, "source": "src/router.js", "short": "dashboard can show \"Local storage: ~/.kolm/events/events.sqlite (12 MB)\".", "comments": [ "dashboard can show \"Local storage: ~/.kolm/events/events.sqlite (12 MB)\".", "Returns the same envelope storeInfo() emits, plus a coarse byte total." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/tail", "line": 21654, "source": "src/router.js", "short": "Reads directly from the event-store (NOT capture-store). Default limit", "comments": [ "Reads directly from the event-store (NOT capture-store). Default limit", "50, capped at 500. Returns newest first." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lake/trends", "line": 24099, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "lang", "label": "Lang", "routes": [ { "method": "POST", "path": "/v1/lang/augment-multilingual", "line": 24179, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/lang/detect", "line": 24123, "source": "src/router.js", "short": "* Wilson 95% CI gated at n>=30 PER LANGUAGE. Below that the per-lang", "comments": [ "* Wilson 95% CI gated at n>=30 PER LANGUAGE. Below that the per-lang", "k_score is null - never estimated.", "* augment-multilingual is dry_run by default. confirm:true required to", "incur translator cost. teacher_caller is DI'd from req.app.locals so", "tests never hit a real translation API." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lang/kscore-by-lang/:namespace", "line": 24139, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "lead", "label": "Lead", "routes": [ { "method": "POST", "path": "/v1/lead/enterprise", "line": 14731, "source": "src/router.js", "short": "Enterprise inquiry intake (KOLM-102)", "comments": [ "Enterprise inquiry intake (KOLM-102)", "Public POST from /enterprise/inquiry. Validates 7 required fields, persists", "to in-memory enterpriseLeads, and emails sales@kolm.ai via Resend (best", "effort - sendMail() returns { skipped: true } when RESEND_API_KEY is unset)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lead/enterprise/:id", "line": 14867, "source": "src/router.js", "short": "Admin-only read of a single enterprise lead. Useful for ops triage and", "comments": [ "Admin-only read of a single enterprise lead. Useful for ops triage and", "for verifying the in-memory store after a submit during e2e checks." ], "stub": false, "expanded_from": null } ] }, { "key": "library", "label": "Library", "routes": [ { "method": "GET", "path": "/v1/library", "line": 14410, "source": "src/router.js", "short": "Library - returns the bundled kolm runtime library version and a human", "comments": [ "Library - returns the bundled kolm runtime library version and a human", "description string. Used by the SDKs and `kolm version` for the", "runtime-library identifier (separate from the API/server version)." ], "stub": false, "expanded_from": null } ] }, { "key": "lineage", "label": "Lineage", "routes": [ { "method": "POST", "path": "/v1/lineage/build", "line": 19151, "source": "src/router.js", "short": "lineage + capability", "comments": [ "lineage + capability" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/lineage/validate", "line": 19159, "source": "src/router.js", "short": "Lineage validate - checks an artifact-lineage block for structural", "comments": [ "Lineage validate - checks an artifact-lineage block for structural", "consistency (parent links, build steps, version pins). Returns", "{ok:true, block} when the lineage is well-formed, {ok:false, error} otherwise." ], "stub": false, "expanded_from": null } ] }, { "key": "lingual", "label": "Lingual", "routes": [ { "method": "GET", "path": "/v1/lingual/distribution", "line": 39, "source": "src/lingual-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/lingual/manifest", "line": 28659, "source": "src/router.js", "short": "/v1/lingual/manifest - bare GET aliasing the W833 manifest collection.", "comments": [ "/v1/lingual/manifest - bare GET aliasing the W833 manifest collection.", "The shipped route is /v1/lingual/manifest/:artifact_id; without an", "artifact_id selected (the TUI default state) we return the tenant-wide", "language-mixture distribution so the view still renders." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/lingual/manifest/:artifact_id", "line": 181, "source": "src/lingual-routes.js", "short": "Reads the per-language K-Score block off an artifact's manifest.", "comments": [ "Reads the per-language K-Score block off an artifact's manifest.", "Looks up the manifest via src/artifact.js (or registry.js) when", "available; falls back to an honest \"no_manifest_found\" envelope when", "the artifact isn't registered." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/lingual/mixture/auto-balance", "line": 125, "source": "src/lingual-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/lingual/synthesize", "line": 84, "source": "src/lingual-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "long-context", "label": "Long Context", "routes": [ { "method": "POST", "path": "/v1/long-context/check", "line": 27995, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/long-context/p90", "line": 27973, "source": "src/router.js", "short": "Tenant fence: tenant_id forced from req.tenant_record.id; query/body", "comments": [ "Tenant fence: tenant_id forced from req.tenant_record.id; query/body", "never override. Returns honest envelope (no_captures, insufficient_samples)", "rather than throwing. version stamp matches /^w781-/." ], "stub": false, "expanded_from": null } ] }, { "key": "loop", "label": "Value-loop", "routes": [ { "method": "POST", "path": "/v1/loop/try", "line": 1671, "source": "src/router.js", "short": "public anonymous \"try it\" demo of the capture-receipt shape.", "comments": [ "public anonymous \"try it\" demo of the capture-receipt shape.", "No auth, no write side-effects; visitors on /value-loop POST a prompt+response", "and see the exact same receipt envelope a real authenticated /v1/bridges/observe", "would emit, with `demo:true` + `durable:false` so the body cannot lie." ], "stub": false, "expanded_from": null } ] }, { "key": "marketplace", "label": "Marketplace", "routes": [ { "method": "GET", "path": "/v1/marketplace", "line": 19252, "source": "src/router.js", "short": "Marketplace list - filters artifacts and overlays live verification before returning rows.", "comments": [ "Marketplace list - filters artifacts and overlays live verification before returning rows." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/:slug", "line": 19472, "source": "src/router.js", "short": "Marketplace detail - returns one artifact with live verification state or 404 for unknown slugs.", "comments": [ "Marketplace detail - returns one artifact with live verification state or 404 for unknown slugs." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/:slug/download", "line": 19498, "source": "src/router.js", "short": "W339/W342 - install/download MUST refuse artifacts that don't pass", "comments": [ "W339/W342 - install/download MUST refuse artifacts that don't pass", "productionReady(). Same gate the marketplace pill uses, so a user who", "sees no \"Verified\" badge ALSO can't `kolm marketplace install` it.", "force allowed via ?force=true query for CI testing / canary debug,", "matching `kolm run --force` semantics." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/catalog.json", "line": 19242, "source": "src/router.js", "short": "Marketplace catalog manifest - returns the signed catalog with live production-ready verdicts.", "comments": [ "Marketplace catalog manifest - returns the signed catalog with live production-ready verdicts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/download/:id", "line": 234, "source": "src/marketplace-routes.js", "short": "Auth-gated. Streams artifact_uri bytes; records download counter.", "comments": [ "Auth-gated. Streams artifact_uri bytes; records download counter.", "402 if listing.paid AND tenant lacks entitlement." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/facets", "line": 145, "source": "src/marketplace-routes.js", "short": "Pure read: returns the enum set so the UI sidebar can render filter", "comments": [ "Pure read: returns the enum set so the UI sidebar can render filter", "chips without hard-coding the lists in two places." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/finetune", "line": 332, "source": "src/marketplace-routes.js", "short": "Auth-gated. Queue a transfer-learning fine-tune from a marketplace artifact.", "comments": [ "Auth-gated. Queue a transfer-learning fine-tune from a marketplace artifact." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/interest", "line": 19310, "source": "src/router.js", "short": "IP per 24h (see marketplaceInterestLimiter above).", "comments": [ "IP per 24h (see marketplaceInterestLimiter above).", "Returns { ok, position } where position is the row's stable 1-indexed", "place in the early-access list. Stable means the position does not", "change on dedupe (we read the existing row's position back out)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/list", "line": 19270, "source": "src/router.js", "short": "explicit list endpoint used by /marketplace.html client render.", "comments": [ "explicit list endpoint used by /marketplace.html client render.", "Always returns { artifacts: [...] } with live verified flag." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/listings", "line": 117, "source": "src/marketplace-routes.js", "short": "Public read. Returns {ok:true, rows, total, page, limit, sort_by, all_count}.", "comments": [ "Public read. Returns {ok:true, rows, total, page, limit, sort_by, all_count}." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/listings", "line": 19412, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/payout-cycle", "line": 433, "source": "src/marketplace-routes.js", "short": "Auth-gated. Forecast-only: aggregates revenue ledger and emits payout", "comments": [ "Auth-gated. Forecast-only: aggregates revenue ledger and emits payout", "audit rows. Returns the per-listing split." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/publish", "line": 19582, "source": "src/router.js", "short": "Distinct from /v1/marketplace/publish-request (manual review queue)", "comments": [ "Distinct from /v1/marketplace/publish-request (manual review queue)", "this endpoint is the programmatic publish path the CLI uses after", "pipeline-ship has already enforced the production gate locally." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/publish-request", "line": 19278, "source": "src/router.js", "short": "Marketplace publish request - queues an artifact proposal for manual review without publishing bytes.", "comments": [ "Marketplace publish request - queues an artifact proposal for manual review without publishing bytes." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/rate", "line": 361, "source": "src/marketplace-routes.js", "short": "Auth-gated. Anti-gaming: 403 unless account_age >= 7d AND prior download.", "comments": [ "Auth-gated. Anti-gaming: 403 unless account_age >= 7d AND prior download." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/ratings/:id", "line": 415, "source": "src/marketplace-routes.js", "short": "Public read of aggregate ratings.", "comments": [ "Public read of aggregate ratings." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/reviews", "line": 19438, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/reviews/:cid", "line": 19461, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/marketplace/search", "line": 19377, "source": "src/router.js", "short": "* empty search results -> {ok:false, error:'marketplace_empty',", "comments": [ "* empty search results -> {ok:false, error:'marketplace_empty',", "hint:'no artifacts registered yet', results:[]}", "* unauth POST -> 401 + {error:'auth_required'}", "* invalid payload -> 400 + {error:'', detail:}" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/marketplace/upload", "line": 162, "source": "src/marketplace-routes.js", "short": "Auth-gated. Body: {artifact_uri, manifest_sha256, signature_b64,", "comments": [ "Auth-gated. Body: {artifact_uri, manifest_sha256, signature_b64,", "public_key_pem, id, title, vertical, task_type, hardware_targets[],", "k_score, teacher_model, paid, price_micro_usd}.", "publisher_tenant_id is FORCED from req.tenant_record.id." ], "stub": false, "expanded_from": null } ] }, { "key": "mcp", "label": "Mcp", "routes": [ { "method": "POST", "path": "/v1/mcp", "line": 11867, "source": "src/router.js", "short": "MCP server (JSON-RPC 2.0)", "comments": [ "MCP server (JSON-RPC 2.0)" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/mcp/dispatch", "line": 140, "source": "src/mcp-gateway-routes.js", "short": "transport?: 'stdio'|'http'|'sse',", "comments": [ "transport?: 'stdio'|'http'|'sse',", "server_id?: string, // MCP server registry id", "call_id?: string, // pin for a reproducible id", "now?: number|string // injected clock (tests / determinism)", "}" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/mcp/verify/:id", "line": 198, "source": "src/mcp-gateway-routes.js", "short": "Tenant-fenced: only returns a receipt minted under THIS tenant. The verify", "comments": [ "Tenant-fenced: only returns a receipt minted under THIS tenant. The verify", "result is deterministic (recompute canonical + Ed25519 check; no network)." ], "stub": false, "expanded_from": null } ] }, { "key": "me", "label": "Me", "routes": [ { "method": "GET", "path": "/v1/me/models", "line": 11835, "source": "src/router.js", "short": "Model entitlements (employee/team model access)", "comments": [ "Model entitlements (employee/team model access)" ], "stub": false, "expanded_from": null } ] }, { "key": "media", "label": "Media", "routes": [ { "method": "POST", "path": "/v1/media/redact", "line": 12090, "source": "src/router.js", "short": "Media redact - text-extractable media redactor. Accepts {media_uri | text,", "comments": [ "Media redact - text-extractable media redactor. Accepts {media_uri | text,", "mime} and either redacts inline text or loads the blob, sniffs mime, and", "routes text-extractable kinds (text/json/yaml/xml) through /v1/redact.", "Non-text kinds (image/audio/video/pdf) return {deferred:true, deferral}", "with a worker hint instead of attempting heavy ML in-process." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/media/redact-job", "line": 12194, "source": "src/router.js", "short": "envelope so the caller knows exactly what to install.", "comments": [ "envelope so the caller knows exactly what to install.", "Body: { media_uri | path, mime?, kind?, max_bytes?, model?, lang? }", "Sync mode (default): worker runs in-process via spawnSync. For long", "whisper passes, callers should pass {async:true} (deferred to W455)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/media/redact-job/doctor", "line": 12243, "source": "src/router.js", "short": "worker self-doctor proxied through the API so `kolm media", "comments": [ "worker self-doctor proxied through the API so `kolm media", "doctor --remote` can ask the server which extractors are wired." ], "stub": false, "expanded_from": null } ] }, { "key": "memory", "label": "Memory", "routes": [ { "method": "POST", "path": "/v1/memory/recall", "line": 18155, "source": "src/router.js", "short": "Given a query, find recipes tagged with that namespace, run them, and return the merged result.", "comments": [ "Given a query, find recipes tagged with that namespace, run them, and return the merged result." ], "stub": false, "expanded_from": null } ] }, { "key": "merge", "label": "Merge", "routes": [ { "method": "POST", "path": "/v1/merge", "line": 28878, "source": "src/router.js", "short": "Body: { base, head, method?, alpha?, dry_run? }", "comments": [ "Body: { base, head, method?, alpha?, dry_run? }", "Returns the merge envelope (lineage check, kscore delta heuristic, output", "path). When dry_run=true, no artifact is written." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/merge/:id", "line": 29006, "source": "src/router.js", "short": "Returns the durable merge_jobs record (status queued|running|completed|", "comments": [ "Returns the durable merge_jobs record (status queued|running|completed|", "planned|failed). Tenant-scoped: a tenant can only read its own merge jobs." ], "stub": false, "expanded_from": null } ] }, { "key": "messages", "label": "Anthropic-compatible messages", "routes": [ { "method": "POST", "path": "/v1/messages", "line": 5522, "source": "src/router.js", "short": "Anthropic direct + alias.", "comments": [ "Anthropic direct + alias." ], "stub": false, "expanded_from": null } ] }, { "key": "meta", "label": "Meta", "routes": [ { "method": "GET", "path": "/v1/meta/predict", "line": 86, "source": "src/meta-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/meta/retrain", "line": 53, "source": "src/meta-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/meta/status", "line": 22, "source": "src/meta-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "metrics", "label": "Metrics", "routes": [ { "method": "POST", "path": "/v1/metrics/event", "line": 10281, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/metrics/snapshot", "line": 10298, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "migrate", "label": "Migrate", "routes": [ { "method": "POST", "path": "/v1/migrate/discover", "line": 7354, "source": "src/router.js", "short": "{ok, manifest, source_metadata, ...}.", "comments": [ "{ok, manifest, source_metadata, ...}.", "Both are auth-gated. Discovery is local-filesystem only - no network", "call leaves the box. The python3 GGUF parser is reused; missing python3", "surfaces a 503 envelope on the wrap path." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/migrate/wrap", "line": 7394, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "mit", "label": "Mit", "routes": [ { "method": "POST", "path": "/v1/mit/run", "line": 24519, "source": "src/router.js", "short": "* The forget route ALWAYS writes the audit event before returning ok.", "comments": [ "* The forget route ALWAYS writes the audit event before returning ok.", "Idempotency is checked inside src/capture-forget.js (existing marker", "returns the original audit_event_id without writing a second row).", "* Tenant fence everywhere: every read/write is keyed on", "req.tenant_record.id; defense-in-depth lives inside capture-forget.js." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/mit/scan-pii", "line": 24549, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "model-card", "label": "Model Card", "routes": [ { "method": "POST", "path": "/v1/model-card/generate", "line": 25409, "source": "src/router.js", "short": "MUST regex-match (W604 anti-brittleness).", "comments": [ "MUST regex-match (W604 anti-brittleness).", "Modules import lazily so cold daemons that never hit this surface", "don't pay for the schema/emitter trees." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/model-card/governance-mappings", "line": 25458, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/model-card/schema", "line": 25444, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "models", "label": "Models", "routes": [ { "method": "GET", "path": "/v1/models", "line": 23615, "source": "src/router.js", "short": "other teachers, but rows whose family hints at an Anthropic-shaped", "comments": [ "other teachers, but rows whose family hints at an Anthropic-shaped", "client probe are also surfaced under an `anthropic:`-prefixed alias so", "a probe via the Anthropic SDK can discover them without colliding with", "the canonical HF id." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/models/:id/access", "line": 11856, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/models/:id/access", "line": 11840, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/models/:id/access", "line": 11845, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/models/:id/updates", "line": 11940, "source": "src/router.js", "short": "W-INTEG-3: on-device model self-update (signed, offline-verifiable)", "comments": [ "W-INTEG-3: on-device model self-update (signed, offline-verifiable)" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/models/:id/versions", "line": 11948, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/models/cache", "line": 6013, "source": "src/router.js", "short": "Models cache - returns the local model-weights cache index for the API", "comments": [ "Models cache - returns the local model-weights cache index for the API", "host (cache_dir, total_bytes, per-entry rows). Used by `kolm models cache`", "and the device-detect picker to know which weights are already on disk." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/models/info/:id", "line": 6050, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/models/manifest", "line": 5973, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/models/pull", "line": 5991, "source": "src/router.js", "short": "Models pull - 302-redirects to a resolved Hugging Face download URL for", "comments": [ "Models pull - 302-redirects to a resolved Hugging Face download URL for", "the requested model id+variant (default variant: q4_k_m). 404 for unknown", "variants, 410 when the variant exists but is marked unavailable." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/models/recommend", "line": 6028, "source": "src/router.js", "short": "Model recommendation + model info. Public and secret-free: this powers the", "comments": [ "Model recommendation + model info. Public and secret-free: this powers the", "post-auth model picker, CLI parity, and \"which backbone should I use?\"", "flows without requiring a tenant before the user understands the catalog." ], "stub": false, "expanded_from": null } ] }, { "key": "moderations", "label": "Moderations", "routes": [ { "method": "POST", "path": "/v1/moderations", "line": 5512, "source": "src/router.js", "short": "OpenAI-compatible passthrough for the responses, embeddings, and", "comments": [ "OpenAI-compatible passthrough for the responses, embeddings, and", "moderations endpoints. Each routes through __connectorProxy('openai', ...)", "so the upstream OpenAI API is reached with the configured key, and the", "request/response is captured into the tenant lake." ], "stub": false, "expanded_from": "p" } ] }, { "key": "multimodal", "label": "Multimodal", "routes": [ { "method": "GET", "path": "/v1/multimodal/bakeoff", "line": 12552, "source": "src/router.js", "short": "GET helper for TUI/CLI list-view: same shape as POST but with the", "comments": [ "GET helper for TUI/CLI list-view: same shape as POST but with the", "contestants list pulled from the tenant's locally-compiled artifacts", "(~/.kolm/artifacts/). Query params: ?modality=image&namespace=ns&limit=20.", "Returns the same envelope shape; the TUI's get-view unwrap chain", "already handles the `contestants` array." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/multimodal/bakeoff", "line": 12522, "source": "src/router.js", "short": "image/audio/video/PDF rows through selected .kolm artifacts and returns", "comments": [ "image/audio/video/PDF rows through selected .kolm artifacts and returns", "ranked contestants with token-overlap scoring and winner metadata." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/multimodal/pipeline", "line": 28610, "source": "src/router.js", "short": "/v1/multimodal/pipeline - collection GET listing tenant multimodal", "comments": [ "/v1/multimodal/pipeline - collection GET listing tenant multimodal", "capture pipeline state. Real W829 routes (/v1/captures/multimodal,", "/v1/vlm-distill/runs) live in src/multimodal-pipeline-routes.js; this", "bare GET aggregates them for the TUI surface." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/multimodal/redact-audio", "line": 12330, "source": "src/router.js", "short": "multimodal audio voiceprint scrub. Anonymizes the speaker's", "comments": [ "multimodal audio voiceprint scrub. Anonymizes the speaker's", "voiceprint while preserving content. Complementary to W462 image", "redact (faces/plates) and W454 audio transcript redact (text).", "Body: { media_uri | path, output_path?, strength?, max_bytes? }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/multimodal/redact-audio/doctor", "line": 12374, "source": "src/router.js", "short": "audio-redact worker self-doctor.", "comments": [ "audio-redact worker self-doctor." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/multimodal/redact-image", "line": 12280, "source": "src/router.js", "short": "{ok:false, error:'no_detector_installed', install_hint:'...'} so the", "comments": [ "{ok:false, error:'no_detector_installed', install_hint:'...'} so the", "caller never thinks redaction succeeded when it didn't.", "Body: { media_uri | path, output_path?, mode?, threshold?,", "face_model?, plate_model?, max_bytes? }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/multimodal/redact-image/doctor", "line": 12400, "source": "src/router.js", "short": "image-redact worker self-doctor, proxied so the CLI's", "comments": [ "image-redact worker self-doctor, proxied so the CLI's", "`kolm media image-doctor --remote` can ask the server." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/multimodal/tokenize", "line": 12468, "source": "src/router.js", "short": "on an authenticated local daemon or explicitly trusted self-hosted server.", "comments": [ "on an authenticated local daemon or explicitly trusted self-hosted server.", "Hosted deployments deny server-side file access unless the operator sets", "KOLM_ALLOW_SERVER_FILE_TOKENIZE=1." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/multimodal/tokenize/doctor", "line": 12436, "source": "src/router.js", "short": "multimodal sidecar tokenizer. API mirror of", "comments": [ "multimodal sidecar tokenizer. API mirror of", "`kolm media tokenize`: local-safe by default, hosted-disabled unless the", "operator explicitly allows server-side file access. Creates compile-ready", "Markdown sidecars using deterministic local feature tokens, with optional", "provider captions/transcripts when configured." ], "stub": false, "expanded_from": null } ] }, { "key": "namespaces", "label": "Namespaces", "routes": [ { "method": "GET", "path": "/v1/namespaces", "line": 25171, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/namespaces", "line": 24977, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/namespaces/:slug", "line": 25020, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/namespaces/:slug", "line": 25035, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/namespaces/:slug/deploy", "line": 25074, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/namespaces/:slug/rollback", "line": 25141, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/namespaces/:slug/stats", "line": 25187, "source": "src/router.js", "short": "rejected/quarantined captures in a namespace. Powers the \"ready to", "comments": [ "rejected/quarantined captures in a namespace. Powers the \"ready to", "compile?\" readiness signal on /account/overview and the namespace badge", "on /account/namespaces. Tenant-union pattern to handle name-vs-id keys." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/namespaces/:slug/undeploy", "line": 25119, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "nl", "label": "Nl", "routes": [ { "method": "POST", "path": "/v1/nl/scaffold", "line": 16592, "source": "src/router.js", "short": "air-gap branch produces the same shape locally via scaffoldRecipeFromNl;", "comments": [ "air-gap branch produces the same shape locally via scaffoldRecipeFromNl;", "this endpoint exists so a tenant that opts in (--network or KOLM_AIRGAP=0)", "can get an LLM-augmented scaffold without forking the CLI. The", "x-kolm-nl-source response header tells the caller which branch served", "(network = hosted LLM enrichment; airgap = deterministic fallback)." ], "stub": false, "expanded_from": null } ] }, { "key": "notifications", "label": "Notifications", "routes": [ { "method": "GET", "path": "/v1/notifications/config", "line": 16974, "source": "src/router.js", "short": "Notifications config - public VAPID/email capability flags and alert thresholds.", "comments": [ "Notifications config - public VAPID/email capability flags and alert thresholds." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/notifications/log", "line": 17801, "source": "src/router.js", "short": "Webhook notification log - returns the last 50 delivery attempts.", "comments": [ "Webhook notification log - returns the last 50 delivery attempts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/notifications/preferences", "line": 16978, "source": "src/router.js", "short": "Notification preferences - returns tenant alert opt-in settings plus public config.", "comments": [ "Notification preferences - returns tenant alert opt-in settings plus public config." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/notifications/preferences", "line": 16984, "source": "src/router.js", "short": "Notification preferences update - sets threshold alert opt-in and optional email.", "comments": [ "Notification preferences update - sets threshold alert opt-in and optional email." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/notifications/push-subscriptions", "line": 17012, "source": "src/router.js", "short": "Push subscription removal - deletes a subscription by endpoint from body or query.", "comments": [ "Push subscription removal - deletes a subscription by endpoint from body or query." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/notifications/push-subscriptions", "line": 16994, "source": "src/router.js", "short": "Push subscription list - returns registered WebPush endpoints without secret keys.", "comments": [ "Push subscription list - returns registered WebPush endpoints without secret keys." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/notifications/push-subscriptions", "line": 17002, "source": "src/router.js", "short": "Push subscription registration - stores an allowlisted HTTPS WebPush endpoint.", "comments": [ "Push subscription registration - stores an allowlisted HTTPS WebPush endpoint." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/notifications/settings", "line": 17770, "source": "src/router.js", "short": "Webhook notification settings - returns Slack/HTTP/email channels plus event toggles.", "comments": [ "Webhook notification settings - returns Slack/HTTP/email channels plus event toggles." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/notifications/settings", "line": 17776, "source": "src/router.js", "short": "Webhook notification settings update - writes Slack/HTTP/email channels and event toggles.", "comments": [ "Webhook notification settings update - writes Slack/HTTP/email channels and event toggles." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/notifications/state", "line": 17035, "source": "src/router.js", "short": "Notification threshold state - returns per-namespace alert state and readiness.", "comments": [ "Notification threshold state - returns per-namespace alert state and readiness." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/notifications/test", "line": 17020, "source": "src/router.js", "short": "Notification test alert - fires a synthetic threshold alert for a namespace.", "comments": [ "Notification test alert - fires a synthetic threshold alert for a namespace." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/notifications/test-channel", "line": 17786, "source": "src/router.js", "short": "Webhook notification test - dispatches a sample event payload to configured channels.", "comments": [ "Webhook notification test - dispatches a sample event payload to configured channels." ], "stub": false, "expanded_from": null } ] }, { "key": "numeric", "label": "Numeric", "routes": [ { "method": "POST", "path": "/v1/numeric/calculator", "line": 23840, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/numeric/eval", "line": 23817, "source": "src/router.js", "short": "contract - a stray request must not fire an evaluation by accident.", "comments": [ "contract - a stray request must not fire an evaluation by accident.", "Honest envelope on every error path: ok:false + structured error +", "version stamp `w759-vN.M`. Consumers MUST version-pin via regex", "(/^w759-/), not literal equality (W604 anti-brittleness)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/numeric/namespace-flag/:namespace", "line": 23862, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "oauth", "label": "OAuth", "routes": [ { "method": "GET", "path": "/v1/oauth/:provider/callback", "line": 116, "source": "src/oauth.js", "short": "Exchanges the provider code, creates or finds the tenant, then sets the session cookie.", "comments": [ "Exchanges the provider code, creates or finds the tenant, then sets the session cookie." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/oauth/:provider/start", "line": 90, "source": "src/oauth.js", "short": "Redirects to the provider when configured; returns 503 with an operator hint otherwise.", "comments": [ "Redirects to the provider when configured; returns 503 with an operator hint otherwise." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/oauth/providers", "line": 193, "source": "src/oauth.js", "short": "Signup uses this public route to hide provider buttons until credentials exist.", "comments": [ "Signup uses this public route to hide provider buttons until credentials exist." ], "stub": false, "expanded_from": null } ] }, { "key": "openrouter", "label": "Openrouter", "routes": [ { "method": "POST", "path": "/v1/openrouter/chat/completions", "line": 5945, "source": "src/router.js", "short": "OpenRouter chat-completions alias without the extra /v1 segment.", "comments": [ "OpenRouter chat-completions alias without the extra /v1 segment." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/openrouter/v1/chat/completions", "line": 5943, "source": "src/router.js", "short": "OpenRouter base-URL alias for SDKs that append /v1/chat/completions.", "comments": [ "OpenRouter base-URL alias for SDKs that append /v1/chat/completions." ], "stub": false, "expanded_from": null } ] }, { "key": "opportunities", "label": "Opportunities", "routes": [ { "method": "GET", "path": "/v1/opportunities", "line": 21558, "source": "src/router.js", "short": "every opportunity surface must be tenant-scoped. Without auth the", "comments": [ "every opportunity surface must be tenant-scoped. Without auth the", "engine would surface another tenant's pattern detections (cache_candidate", "request_hash, repeated prompt clusters, etc). 401s use the canonical", "{ok:false, error:'auth required'} envelope." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/opportunities/:id/accept", "line": 21579, "source": "src/router.js", "short": "Opportunity accept - marks one optimization opportunity (cache candidate,", "comments": [ "Opportunity accept - marks one optimization opportunity (cache candidate,", "repeated-prompt cluster, replacement) as accepted by the tenant. Tenant", "scoped; cross-tenant ids 404. Body: { reason }. Recorded for audit log." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/opportunities/:id/dismiss", "line": 21594, "source": "src/router.js", "short": "Accept either /dismiss or /ignore - both map to ignoreOpportunity.", "comments": [ "Accept either /dismiss or /ignore - both map to ignoreOpportunity." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/opportunities/:id/ignore", "line": 21611, "source": "src/router.js", "short": "Opportunity ignore - tenant-scoped synonym for /dismiss; marks the", "comments": [ "Opportunity ignore - tenant-scoped synonym for /dismiss; marks the", "opportunity as ignored so it stops surfacing on the dashboard. Body:", "{ reason }. Cross-tenant ids 404." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/opportunities/:id/promote", "line": 21630, "source": "src/router.js", "short": "Turns the opportunity into a real dataset by calling dataset-workbench", "comments": [ "Turns the opportunity into a real dataset by calling dataset-workbench", "createDataset() with the opportunity's namespace + provenance. Returns", "{ ok, dataset_id, train_count, holdout_count, ... }. Marks the", "opportunity status='promoted' so subsequent reads show the badge." ], "stub": false, "expanded_from": null } ] }, { "key": "orgs", "label": "Orgs", "routes": [ { "method": "GET", "path": "/v1/orgs", "line": 18456, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/orgs/:id", "line": 18461, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PATCH", "path": "/v1/orgs/:id", "line": 18464, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/orgs/:id/audit", "line": 18496, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/orgs/:id/invites", "line": 18476, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/orgs/:id/invites", "line": 18482, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/orgs/:id/leave", "line": 18501, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/orgs/:id/members", "line": 18471, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/orgs/:id/transfer-owner", "line": 18508, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "packages", "label": "Packages", "routes": [ { "method": "GET", "path": "/v1/packages/release-readiness", "line": 1827, "source": "src/router.js", "short": "Package release readiness - local, secret-safe audit for SDK/runtime/install", "comments": [ "Package release readiness - local, secret-safe audit for SDK/runtime/install", "package contracts. This is not a registry publication claim: it exposes", "manifest/docs/dry-run readiness and channel blockers for package-gated items." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/packages/release-readiness/template", "line": 1857, "source": "src/router.js", "short": "Package release manifest template - the signed artifact/registry evidence", "comments": [ "Package release manifest template - the signed artifact/registry evidence", "required before package-gated readiness can become publish-ready." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/packages/release-readiness/validate", "line": 1893, "source": "src/router.js", "short": "Package release manifest validation - dry-runs a proposed signed release", "comments": [ "Package release manifest validation - dry-runs a proposed signed release", "manifest without publishing to npm, PyPI, crates, SwiftPM, Maven, winget,", "Homebrew, apt, or extension stores." ], "stub": false, "expanded_from": null } ] }, { "key": "passport", "label": "Passport", "routes": [ { "method": "GET", "path": "/v1/passport/:job_id", "line": 11189, "source": "src/router.js", "short": "canonical path for offline use; this HTTP route serves the same envelope", "comments": [ "canonical path for offline use; this HTTP route serves the same envelope", "for a *compile job* the caller's tenant already owns (artifact lives in", "the local artifact store at /v1/compile/:id/.kolm). For arbitrary external", ".kolm files, the CLI remains the supported path.", "Returns 501 with a hint when the artifact is not local - never silent." ], "stub": false, "expanded_from": null } ] }, { "key": "pextract", "label": "Pextract", "routes": [ { "method": "POST", "path": "/v1/pextract/detect-attempt", "line": 24472, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/pextract/guard-request", "line": 24484, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/pextract/redact-prompt", "line": 24448, "source": "src/router.js", "short": "Defense layering with W762 is intentional. W762's", "comments": [ "Defense layering with W762 is intentional. W762's", "classifyPromptAdversarial covers a broader red-team taxonomy;", "is the system-prompt-extraction-specific guard. Overlapping", "matches (e.g. \"ignore previous instructions\") are correct, not a", "bug - defense in depth is the point." ], "stub": false, "expanded_from": null } ] }, { "key": "pipeline", "label": "Pipeline", "routes": [ { "method": "POST", "path": "/v1/pipeline/compile", "line": 20473, "source": "src/router.js", "short": "tenant gate. The pipeline runs compileFull which reads from the", "comments": [ "tenant gate. The pipeline runs compileFull which reads from the", "event store; without forcing tenant scope it would compile another", "tenant's corpus into the caller's artifact namespace. opts.tenant_id is", "injected from req.tenant_record.id and supersedes anything the body sent." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/pipeline/distill", "line": 20401, "source": "src/router.js", "short": "Returns 202 + {job_id}. The actual distill work is delegated to the", "comments": [ "Returns 202 + {job_id}. The actual distill work is delegated to the", "existing /v1/distill/from-captures path (in-process module call)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/pipeline/full", "line": 20502, "source": "src/router.js", "short": "job_id. Phases are streamed via /v1/pipeline/jobs/:id/stream (SSE).", "comments": [ "job_id. Phases are streamed via /v1/pipeline/jobs/:id/stream (SSE).", "same tenant gate as /v1/pipeline/compile. The caller's", "req.tenant_record.id is the only tenant scope that ever reaches", "compileFull from this route." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/pipeline/jobs/:id", "line": 20526, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/pipeline/jobs/:id/stream", "line": 20544, "source": "src/router.js", "short": "streams new ones until the job terminates.", "comments": [ "streams new ones until the job terminates." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/pipeline/run", "line": 7188, "source": "src/router.js", "short": "is just missing - we don't", "comments": [ "is just missing - we don't", "wrap that as a 4xx)", "The runner returns latency_ms_breakdown unconditionally so dashboards can", "chart per-tenant classify+route p50/p99 without a second round-trip." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/pipeline/tokenize", "line": 20350, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "pipelines", "label": "Pipelines", "routes": [ { "method": "GET", "path": "/v1/pipelines", "line": 97, "source": "src/pipeline-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/pipelines", "line": 120, "source": "src/pipeline-routes.js", "short": "Body: { name: string, yaml: string }", "comments": [ "Body: { name: string, yaml: string }" ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/pipelines/:id", "line": 179, "source": "src/pipeline-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/pipelines/:id", "line": 151, "source": "src/pipeline-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/pipelines/:id/kscore", "line": 260, "source": "src/pipeline-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/pipelines/:id/run", "line": 207, "source": "src/pipeline-routes.js", "short": "Body: { input: any }", "comments": [ "Body: { input: any }" ], "stub": false, "expanded_from": null } ] }, { "key": "plans", "label": "Plans", "routes": [ { "method": "GET", "path": "/v1/plans", "line": 2759, "source": "src/router.js", "short": "Plans - public compiler plan catalog. Historical aliases still", "comments": [ "Plans - public compiler plan catalog. Historical aliases still", "canonicalize server-side. Enterprise is contact-sales unless a custom", "checkout link is supplied by the operator." ], "stub": false, "expanded_from": null } ] }, { "key": "playground", "label": "Playground", "routes": [ { "method": "POST", "path": "/v1/playground/proxy/:slug", "line": 1474, "source": "src/router.js", "short": "/playground/[slug] renders without RunPod bound. 20/IP/day.", "comments": [ "/playground/[slug] renders without RunPod bound. 20/IP/day." ], "stub": false, "expanded_from": null } ] }, { "key": "plugins", "label": "Plugins", "routes": [ { "method": "GET", "path": "/v1/plugins", "line": 28171, "source": "src/router.js", "short": "Tenant scope: plugins live under ~/.kolm/plugins (the caller's KOLM_HOME).", "comments": [ "Tenant scope: plugins live under ~/.kolm/plugins (the caller's KOLM_HOME).", "The HTTP routes are auth-gated so a multi-tenant host doesn't accidentally", "surface another tenant's plugin directory; for self-hosted single-tenant", "installs the auth gate is no-op once KOLM_API_KEY is set." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/plugins", "line": 28188, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/plugins/:name", "line": 28223, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "poisoning", "label": "Poisoning", "routes": [ { "method": "POST", "path": "/v1/poisoning/bind-teacher", "line": 24239, "source": "src/router.js", "short": "Model Poisoning Anomaly Detection routes. Distinct-named handlers so", "comments": [ "Model Poisoning Anomaly Detection routes. Distinct-named handlers so", "parallel wave agents on W760 + W762..W765 do not collide on the suffix.", "Builds on W808 capture-anomaly + W750-followup copyright-detector + the", "teacher-response HMAC primitive." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/poisoning/namespace-risk/:namespace", "line": 24282, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/poisoning/quarantine", "line": 24300, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/poisoning/verify-binding", "line": 24267, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "pricing", "label": "Pricing", "routes": [ { "method": "GET", "path": "/v1/pricing", "line": 1714, "source": "src/router.js", "short": "Pricing - public price catalog in USD per billable unit (tokens, compile,", "comments": [ "Pricing - public price catalog in USD per billable unit (tokens, compile,", "replay, bakeoff, redact). Read by /pricing and the SDK shapers." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/pricing/estimate", "line": 2748, "source": "src/router.js", "short": "Pricing estimator - public, secret-safe workload calculator backed by the", "comments": [ "Pricing estimator - public, secret-safe workload calculator backed by the", "same compiler PLAN_CATALOG as /v1/plans and /v1/billing/tiers." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/pricing/estimate", "line": 2752, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "privacy", "label": "Privacy", "routes": [ { "method": "GET", "path": "/v1/privacy/events", "line": 19767, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/privacy/policy", "line": 19723, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/privacy/policy/:class", "line": 19729, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/privacy/redaction-benchmark", "line": 2058, "source": "src/router.js", "short": "Redaction benchmark - public, synthetic, secret-safe proof that the PHI/PII", "comments": [ "Redaction benchmark - public, synthetic, secret-safe proof that the PHI/PII", "redactor detects expected classes, redacts raw values, and fails closed on", "malformed identifiers. This is benchmark evidence, not a live compliance", "certification claim." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/privacy/report", "line": 19745, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/privacy/scan", "line": 19698, "source": "src/router.js", "short": "findings array + sensitive boolean + class counts. No state change.", "comments": [ "findings array + sensitive boolean + class counts. No state change." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/privacy/test", "line": 19709, "source": "src/router.js", "short": "return { redacted, findings, policy_actions }. May 403 if policy", "comments": [ "return { redacted, findings, policy_actions }. May 403 if policy", "says block on a class present." ], "stub": false, "expanded_from": null } ] }, { "key": "procurement", "label": "Procurement", "routes": [ { "method": "GET", "path": "/v1/procurement", "line": 11143, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/procurement/:framework", "line": 11157, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "product", "label": "Product", "routes": [ { "method": "GET", "path": "/v1/product/capabilities", "line": 3675, "source": "src/router.js", "short": "Public product capability contract for the compiler-first site. This is a", "comments": [ "Public product capability contract for the compiler-first site. This is a", "descriptive map, not an auth bypass: operational routes below keep their", "own auth/rate-limit gates." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/product/experience", "line": 1719, "source": "src/router.js", "short": "Product-experience contract. Public and secret-safe: this is the same", "comments": [ "Product-experience contract. Public and secret-safe: this is the same", "source of truth exposed by `kolm surfaces --json` and `kolm tui --views`.", "Frontend/account/docs can consume it to avoid drifting from CLI/TUI/API." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/product/graph", "line": 1737, "source": "src/router.js", "short": "Product graph - public, secret-safe, generated from the route-surface,", "comments": [ "Product graph - public, secret-safe, generated from the route-surface,", "journey, readiness, and experience contracts. This is the canonical", "machine-readable map for account UI, CLI/TUI parity, docs, and release", "audits." ], "stub": false, "expanded_from": null } ] }, { "key": "public", "label": "Public", "routes": [ { "method": "GET", "path": "/v1/public/concepts", "line": 3091, "source": "src/router.js", "short": "Public registry browsing - no auth needed for visibility=public", "comments": [ "Public registry browsing - no auth needed for visibility=public" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/public/concepts/:id", "line": 3114, "source": "src/router.js", "short": "Public concept detail - returns one public-visibility concept by id (no", "comments": [ "Public concept detail - returns one public-visibility concept by id (no", "auth required). 404 when the concept is missing or visibility != 'public'.", "Pairs with /v1/public/run for unauth try-it traffic." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/public/featured", "line": 15191, "source": "src/router.js", "short": "Public featured - hand-curated list of the most useful public recipes for", "comments": [ "Public featured - hand-curated list of the most useful public recipes for", "the home registry view (classify-issue-type, is-spam, extract-emails,", "classify-toxicity, etc.). Returns id, name, description, tags, head_version." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/public/run", "line": 3121, "source": "src/router.js", "short": "Public read-only run for any public concept (lets unauth visitors try the runtime)", "comments": [ "Public read-only run for any public concept (lets unauth visitors try the runtime)" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/public/submit", "line": 15017, "source": "src/router.js", "short": "Public registry submissions (Phase E - Day 120-180)", "comments": [ "Public registry submissions (Phase E - Day 120-180)" ], "stub": false, "expanded_from": null } ] }, { "key": "publish", "label": "Publish", "routes": [ { "method": "POST", "path": "/v1/publish", "line": 14169, "source": "src/router.js", "short": "Publish an edited generator (no synthesis required)", "comments": [ "Publish an edited generator (no synthesis required)" ], "stub": false, "expanded_from": null } ] }, { "key": "quality", "label": "Quality", "routes": [ { "method": "GET", "path": "/v1/quality/predict", "line": 26850, "source": "src/router.js", "short": "Wire the six built-but-unrouted autopilot components plus the full", "comments": [ "Wire the six built-but-unrouted autopilot components plus the full", "lifecycle tick into HTTP, mirroring the existing autopilot route", "pattern above (auth-gate -> dynamic import -> envelope -> status)." ], "stub": false, "expanded_from": null } ] }, { "key": "quantization", "label": "Quantization", "routes": [ { "method": "GET", "path": "/v1/quantization/oracle", "line": 22788, "source": "src/router.js", "short": "Quantization oracle plan - ranks quantization methods for task, device,", "comments": [ "Quantization oracle plan - ranks quantization methods for task, device,", "memory, runtime, calibration, quality, and privacy constraints. This is a", "planner only: promotion still requires quantize doctor, hashes, and holdout eval." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/quantization/oracle", "line": 22827, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/quantization/oracle/catalog", "line": 22751, "source": "src/router.js", "short": "Quantization oracle catalog - lists supported planner methods and whether", "comments": [ "Quantization oracle catalog - lists supported planner methods and whether", "each method is worker-backed, external-toolchain, runtime-policy, or baseline." ], "stub": false, "expanded_from": null } ] }, { "key": "quantize", "label": "Quantize", "routes": [ { "method": "POST", "path": "/v1/quantize", "line": 28848, "source": "src/router.js", "short": "from a single --target shortcut (gguf-q4km, exl2-4bpw, nvfp4, etc.) so the", "comments": [ "from a single --target shortcut (gguf-q4km, exl2-4bpw, nvfp4, etc.) so the", "Account UI and SDKs can call one route instead of constructing a spec.", "Body: { model_id, target, job_id?, ... } → returns the created job." ], "stub": false, "expanded_from": null } ] }, { "key": "ready", "label": "Ready", "routes": [ { "method": "GET", "path": "/v1/ready/deep", "line": 28544, "source": "src/router.js", "short": "/v1/ready/deep - /v1-prefixed alias of the W824 /ready/deep route so the", "comments": [ "/v1/ready/deep - /v1-prefixed alias of the W824 /ready/deep route so the", "TUI's k8s-readiness view stays on the /v1/* convention every other view", "uses. Forwards through the registered handler instead of duplicating", "logic so a single k8s-routes change updates both paths." ], "stub": false, "expanded_from": null } ] }, { "key": "recall", "label": "Recall", "routes": [ { "method": "POST", "path": "/v1/recall", "line": 9575, "source": "src/router.js", "short": "Recall", "comments": [ "Recall", "Hybrid query against the tenant's qmd-indexed corpus. Returns top-k chunks.", "The compile orchestrator calls the same surface internally; this is the", "public route for à la carte usage and for the kolm CLI's `kolm recall`." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recall/sources/:id", "line": 9639, "source": "src/router.js", "short": "Single-source debug view. Confirms a sidecar exists and returns its", "comments": [ "Single-source debug view. Confirms a sidecar exists and returns its", "frontmatter + first 4KB of body so a UI can preview what qmd indexed." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recall/status", "line": 9626, "source": "src/router.js", "short": "Health check for the recall substrate.", "comments": [ "Health check for the recall substrate." ], "stub": false, "expanded_from": null } ] }, { "key": "receipts", "label": "Receipts", "routes": [ { "method": "GET", "path": "/v1/receipts/:hash/public", "line": 3527, "source": "src/router.js", "short": "Public receipt lookup - resolves a receipt, artifact, CID, or signature hash without auth.", "comments": [ "Public receipt lookup - resolves a receipt, artifact, CID, or signature hash without auth.", "Tenant identity is hidden unless the tenant opted into public receipts." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/receipts/list", "line": 24742, "source": "src/router.js", "short": "W-D wrapper-completion - GET /v1/receipts/list", "comments": [ "W-D wrapper-completion - GET /v1/receipts/list", "Tenant-scoped receipt list with namespace + since + limit filters." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/receipts/stats", "line": 24793, "source": "src/router.js", "short": "where frontier_baseline = sum(local-route tokens × frontier per-token rate)", "comments": [ "where frontier_baseline = sum(local-route tokens × frontier per-token rate)", "(the counterfactual cost if every local-routed call had gone frontier", "instead). The baseline uses cost-estimator at frontier defaults", "(anthropic claude-haiku-4-5 input $0.0008/1k, output $0.004/1k) so the", "savings number is dimensioned in the same way as the receipts' cost_usd." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/receipts/verify", "line": 3162, "source": "src/router.js", "short": "This is NOT public-key cryptographic verification; that requires either", "comments": [ "This is NOT public-key cryptographic verification; that requires either", "the shared tenant receipt secret (issuer/holder offline path) or the", "roadmap Ed25519 receipt mode. Accepts the legacy rs-1 receipt (hmac", "field), v0.1 receipt (kolm_version=\"0.1\", chain[], signature), and the", "{artifact_hash, signature} drive-by shape." ], "stub": false, "expanded_from": null } ] }, { "key": "recipes", "label": "Recipes", "routes": [ { "method": "GET", "path": "/v1/recipes", "line": 14544, "source": "src/router.js", "short": "Recipe aliases", "comments": [ "Recipe aliases", "Forward-looking branding: \"recipe\" terminology mirrors \"concept\" endpoints.", "Both names route to the same handlers - full backward compatibility preserved." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/:id", "line": 9220, "source": "src/router.js", "short": "Recipe artifact aliases over the artifact/job surface.", "comments": [ "Recipe artifact aliases over the artifact/job surface.", "expect GET /v1/recipes/{id} to return the recipe (artifact) and POST", "/v1/recipes/{id}/run to invoke it. We alias the existing handlers so", "developers don't dead-end on 404s." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/:id/download", "line": 9233, "source": "src/router.js", "short": "Recipe artifact download alias. Streams the completed .kolm artifact for a job id.", "comments": [ "Recipe artifact download alias. Streams the completed .kolm artifact for a job id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/recipes/:id/label-corpus", "line": 14589, "source": "src/router.js", "short": "Inline labeler - synchronous up to 500 rows", "comments": [ "Inline labeler - synchronous up to 500 rows" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/recipes/:id/label-corpus/stream", "line": 14632, "source": "src/router.js", "short": "SSE stream variant: emits progress as rows are labeled.", "comments": [ "SSE stream variant: emits progress as rows are labeled." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/:id/lineage", "line": 16625, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/recipes/:id/run", "line": 14301, "source": "src/router.js", "short": "SDK-conventional REST alias: POST /v1/recipes/:id/run mirrors /v1/run", "comments": [ "SDK-conventional REST alias: POST /v1/recipes/:id/run mirrors /v1/run", "with concept_id set from the URL param. Body's version_id (if provided)", "still wins so callers can pin a specific revision." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/:id/stats", "line": 14554, "source": "src/router.js", "short": "Recipe stats alias for concept invocation counts, cache hit rate, and latency.", "comments": [ "Recipe stats alias for concept invocation counts, cache hit rate, and latency." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/templates", "line": 1325, "source": "src/router.js", "short": "All routes are public+stubbed by default (declared in PUBLIC_API in", "comments": [ "All routes are public+stubbed by default (declared in PUBLIC_API in", "src/auth.js) so the no-code wizard works pre-auth. Rate-limited inside", "the handler via freeChatLimiter (20/IP/day for the budget-bearing ones).", "state. Curated catalog; no tenant scoping." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/recipes/templates/:name", "line": 9209, "source": "src/router.js", "short": "Recipe template detail - returns one template plus its sample CSV reference.", "comments": [ "Recipe template detail - returns one template plus its sample CSV reference." ], "stub": false, "expanded_from": null } ] }, { "key": "redact", "label": "Redact", "routes": [ { "method": "POST", "path": "/v1/redact", "line": 12043, "source": "src/router.js", "short": "Redact - applies the tenant privacy policy to a text input and returns", "comments": [ "Redact - applies the tenant privacy policy to a text input and returns", "the redacted text plus class counters and a map_hash so callers can pin", "reinjection without exposing PHI. Body: { text (required), dry_run }.", "413 when text exceeds _REDACT_TEXT_LIMIT; 409 on policy_block." ], "stub": false, "expanded_from": null } ] }, { "key": "redteam", "label": "Redteam", "routes": [ { "method": "POST", "path": "/v1/redteam/bakeoff", "line": 24385, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/redteam/classify", "line": 24342, "source": "src/router.js", "short": "* /sanitize with policy=fallback_to_teacher returns", "comments": [ "* /sanitize with policy=fallback_to_teacher returns", "`no_fallback_handler_configured` - the hosted route has no", "teacher handler injected.", "* generate-corpus + bakeoff are confirm-gated because they emit", "attack-framing patterns + dispatch a multi-run loop respectively." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/redteam/generate-corpus", "line": 24355, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/redteam/sanitize", "line": 24420, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "reg", "label": "Reg", "routes": [ { "method": "POST", "path": "/v1/reg/classify-risk", "line": 104, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/reg/data-governance", "line": 200, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/reg/eu-aiact-docs", "line": 28668, "source": "src/router.js", "short": "/v1/reg/eu-aiact-docs - GET counterpart to the W834 POST. POST runs the", "comments": [ "/v1/reg/eu-aiact-docs - GET counterpart to the W834 POST. POST runs the", "Annex IV generator; GET reads the most-recent generated packet (or an", "empty envelope if none has been produced yet) so the TUI view does not", "require the operator to first POST to view state." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/reg/eu-aiact-docs", "line": 77, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/reg/grc-export", "line": 257, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/reg/hil/threshold", "line": 167, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/reg/hil/threshold", "line": 134, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/reg/model-card", "line": 230, "source": "src/reg-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "region", "label": "Region", "routes": [ { "method": "GET", "path": "/v1/region/gateways", "line": 27546, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/region/route", "line": 27568, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/region/status", "line": 27517, "source": "src/router.js", "short": "Cross-ref: W769 (data residency) is the per-capture tag; W780 is the", "comments": [ "Cross-ref: W769 (data residency) is the per-capture tag; W780 is the", "request-routing gateway. The two are joined inside getRegionForCapture", "so a tenant who configures a namespace default region in W769 also", "pins the W780 capture routing for that namespace." ], "stub": false, "expanded_from": null } ] }, { "key": "registry", "label": "Registry", "routes": [ { "method": "GET", "path": "/v1/registry/export", "line": 4056, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/registry/public", "line": 9258, "source": "src/router.js", "short": "/v1/registry/public - RS-1 contract alias over public concepts. Non-paginated;", "comments": [ "/v1/registry/public - RS-1 contract alias over public concepts. Non-paginated;", "returns up to 200 of the most recent public concepts. The richer export", "(with bundled source) lives at /v1/registry/export above." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/registry/search", "line": 9317, "source": "src/router.js", "short": "/v1/registry/search - programmatic discovery. Filters: task (substring on", "comments": [ "/v1/registry/search - programmatic discovery. Filters: task (substring on", "name/description/tags), min_k_score, max_size_mb, hardware tag, limit.", "Public concepts only. Used by IDE plugins, CI gates, and the registry UI's", "chip filters. Returns same shape as /v1/registry/public." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/registry/submit", "line": 9283, "source": "src/router.js", "short": "/v1/registry/submit - community recipe intake. Validates the shape, logs", "comments": [ "/v1/registry/submit - community recipe intake. Validates the shape, logs", "the submission to data/registry-submissions.jsonl, and returns 202 with a", "submission_id. Verification (fetch+CID-check+K-score-replay) is a manual", "step today; see /registry/submit for the human flow. POST body schema is", "SubmitRequest in /openapi.json." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/registry/verified-publishers/evaluate", "line": 2423, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/registry/verified-publishers/policy", "line": 2419, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "replay", "label": "Replay", "routes": [ { "method": "POST", "path": "/v1/replay", "line": 16508, "source": "src/router.js", "short": "Replay - reruns a tenant's recent captures through the chosen artifact and", "comments": [ "Replay - reruns a tenant's recent captures through the chosen artifact and", "returns per-row diffs (upstream output vs local output), K-score (Jaccard),", "success/failure counts, and cost delta. Body: { concept_id|version_id", "(one required), namespace, limit (1..200, default 25) }." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/replay/preview", "line": 16476, "source": "src/router.js", "short": "Replay preview - dry-run for /v1/replay. Resolves the artifact + namespace", "comments": [ "Replay preview - dry-run for /v1/replay. Resolves the artifact + namespace", "+ clamped limit (1..200) and reports how many captures would be replayed,", "without running them. Query: ?concept_id|version_id, ?namespace, ?limit." ], "stub": false, "expanded_from": null } ] }, { "key": "residency", "label": "Residency", "routes": [ { "method": "GET", "path": "/v1/residency/capture-region/:capture_id", "line": 25775, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/residency/configure-namespace", "line": 25796, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/residency/regions", "line": 25826, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/residency/tag-capture", "line": 25745, "source": "src/router.js", "short": "by country code - that's the perimeter geo-fence. W769 tags WHERE", "comments": [ "by country code - that's the perimeter geo-fence. W769 tags WHERE", "DATA LIVES at capture time - that's the data-locality residency", "control. Both are required for a credible regulated-industry posture;", "they cover orthogonal threat models. The /compliance/data-residency", "landing surfaces the cross-reference explicitly." ], "stub": false, "expanded_from": null } ] }, { "key": "responses", "label": "OpenAI Responses", "routes": [ { "method": "POST", "path": "/v1/responses", "line": 5512, "source": "src/router.js", "short": "OpenAI-compatible passthrough for the responses, embeddings, and", "comments": [ "OpenAI-compatible passthrough for the responses, embeddings, and", "moderations endpoints. Each routes through __connectorProxy('openai', ...)", "so the upstream OpenAI API is reached with the configured key, and the", "request/response is captured into the tenant lake." ], "stub": false, "expanded_from": "p" } ] }, { "key": "route", "label": "Route", "routes": [ { "method": "POST", "path": "/v1/route/chat/completions", "line": 5555, "source": "src/router.js", "short": "Response: original upstream JSON, additionally tagged with", "comments": [ "Response: original upstream JSON, additionally tagged with", "{ kolm_routing: { decision, segments, teacher_called,", "total_cost_micro_usd } }" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/route/chat/completions/stream", "line": 5739, "source": "src/router.js", "short": "__fixture_teacher_tokens: [{text}, ...]", "comments": [ "__fixture_teacher_tokens: [{text}, ...]", "which makes the route end-to-end testable without standing up real", "student/teacher upstreams. Tests rely on this; production never sets", "these fields." ], "stub": false, "expanded_from": null } ] }, { "key": "routing", "label": "Routing", "routes": [ { "method": "GET", "path": "/v1/routing/summary", "line": 23224, "source": "src/router.js", "short": "tenant. The /account/routing dashboard polls this endpoint.", "comments": [ "tenant. The /account/routing dashboard polls this endpoint.", "Tenant fence: tenant_id is forced from req.tenant_record.id - never", "read from query string or body. namespace + since are optional", "filters." ], "stub": false, "expanded_from": null } ] }, { "key": "run", "label": "Run", "routes": [ { "method": "POST", "path": "/v1/run", "line": 14296, "source": "src/router.js", "short": "Runtime run - executes a concept_id or version_id against input and returns the output.", "comments": [ "Runtime run - executes a concept_id or version_id against input and returns the output.", "Includes a signed receipt by default; pass receipt:false to skip receipt generation." ], "stub": false, "expanded_from": null } ] }, { "key": "runtime", "label": "Runtime", "routes": [ { "method": "GET", "path": "/v1/runtime/adoption-packets", "line": 3952, "source": "src/router.js", "short": "Runtime adoption packets - local integration packets for model hubs,", "comments": [ "Runtime adoption packets - local integration packets for model hubs,", "local runners, conversion tooling, and hardware partners." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/runtime/adoption-packets/template", "line": 3992, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/runtime/adoption-packets/validate", "line": 4024, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/runtime/decide", "line": 22008, "source": "src/router.js", "short": "Runtime decision - executes the policy ladder for one request and records the decision.", "comments": [ "Runtime decision - executes the policy ladder for one request and records the decision." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/runtime/decisions", "line": 22017, "source": "src/router.js", "short": "Runtime decision history - returns the most recent recorded runtime decisions.", "comments": [ "Runtime decision history - returns the most recent recorded runtime decisions." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/runtime/placement", "line": 28553, "source": "src/router.js", "short": "/v1/runtime/placement - collection GET that emits the local placement", "comments": [ "/v1/runtime/placement - collection GET that emits the local placement", "hierarchy snapshot. W826 ships detectMemoryHierarchy + placementDecision", "as pure functions; the TUI view needs a one-shot GET to read the", "hierarchy without staging an artifact size first." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/runtime/policy", "line": 21991, "source": "src/router.js", "short": "Runtime policy read - returns the active runtime policy and available policy names.", "comments": [ "Runtime policy read - returns the active runtime policy and available policy names." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/runtime/policy", "line": 21999, "source": "src/router.js", "short": "Runtime policy update - admin-only mutation of the active runtime routing policy.", "comments": [ "Runtime policy update - admin-only mutation of the active runtime routing policy." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/runtime/replacement-stats", "line": 22026, "source": "src/router.js", "short": "Runtime replacement stats - summarizes replacement rate, savings, and spend over a window.", "comments": [ "Runtime replacement stats - summarizes replacement rate, savings, and spend over a window." ], "stub": false, "expanded_from": null } ] }, { "key": "sales", "label": "Sales", "routes": [ { "method": "POST", "path": "/v1/sales/demo-request", "line": 14880, "source": "src/router.js", "short": "demoRequestLimiter above). Lighter-weight than /v1/lead/enterprise: a", "comments": [ "demoRequestLimiter above). Lighter-weight than /v1/lead/enterprise: a", "buyer at the \"Book Demo\" CTA gives company + email + use_case +", "expected_volume_per_month + optional message. Stored under namespace", "'sales/demo-requests' in the capture lake; mirror lives in", "salesDemoRequests for ops triage. Email best-effort to SALES_EMAIL." ], "stub": false, "expanded_from": null } ] }, { "key": "savings", "label": "Savings", "routes": [ { "method": "GET", "path": "/v1/savings", "line": 28683, "source": "src/router.js", "short": "/v1/savings - bare alias for the W835 summary endpoint so the TUI's", "comments": [ "/v1/savings - bare alias for the W835 summary endpoint so the TUI's", "savings-tracker view has a stable collection-style URL. Forwards into", "the real /v1/savings/summary handler." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/savings/baseline", "line": 60, "source": "src/savings-routes.js", "short": "its start time + accumulated spend so far.", "comments": [ "its start time + accumulated spend so far." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/savings/baseline", "line": 82, "source": "src/savings-routes.js", "short": "Body: { namespace?, start_ts? }.", "comments": [ "Body: { namespace?, start_ts? }." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/savings/displacement", "line": 28703, "source": "src/router.js", "short": "frontier_provider (optional) - re-pricing target; falls back to receipt's own model", "comments": [ "frontier_provider (optional) - re-pricing target; falls back to receipt's own model", "frontier_model (optional) - re-pricing target; falls back to receipt's own model", "artifact_id (optional) - for compile_cost + deployed_at lookup", "compile_cost_usd (optional) - explicit override", "deployed_at_ms (optional) - explicit override" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/savings/record", "line": 102, "source": "src/savings-routes.js", "short": "Body: { namespace?, provider, model, input_tokens, output_tokens, ts? }.", "comments": [ "Body: { namespace?, provider, model, input_tokens, output_tokens, ts? }." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/savings/summary", "line": 147, "source": "src/savings-routes.js", "short": "Query: ?period_days=30&namespace=default[&fee_rate=0.125]", "comments": [ "Query: ?period_days=30&namespace=default[&fee_rate=0.125]" ], "stub": false, "expanded_from": null } ] }, { "key": "sbom", "label": "Sbom", "routes": [ { "method": "POST", "path": "/v1/sbom/emit", "line": 25233, "source": "src/router.js", "short": "confirm flag is honored on emit only; repo + verify are read-only.", "comments": [ "confirm flag is honored on emit only; repo + verify are read-only.", "The route imports lazily so the SBOM module isn't paid for on cold", "daemons that never call it." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sbom/repo", "line": 25255, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/sbom/verify", "line": 25268, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "scim", "label": "Scim", "routes": [ { "method": "GET", "path": "/v1/scim/v2/Groups", "line": 11685, "source": "src/router.js", "short": "SCIM Groups CRUD (bound to kolm rbac roles)", "comments": [ "SCIM Groups CRUD (bound to kolm rbac roles)" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/scim/v2/Groups", "line": 11691, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/scim/v2/Groups/:id", "line": 11720, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/scim/v2/Groups/:id", "line": 11699, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PATCH", "path": "/v1/scim/v2/Groups/:id", "line": 11712, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/scim/v2/Groups/:id", "line": 11704, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/scim/v2/ServiceProviderConfig", "line": 11513, "source": "src/router.js", "short": "SCIM 2.0 Service Provider Configuration - RFC 7644 §5. IdPs read this", "comments": [ "SCIM 2.0 Service Provider Configuration - RFC 7644 §5. IdPs read this", "to discover what SCIM operations the SP supports. Empty/false flags are", "honest signals to the IdP that bulk/patch/etag are not yet implemented." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/scim/v2/Users", "line": 11535, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/scim/v2/Users", "line": 11559, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/scim/v2/Users/:id", "line": 11676, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/scim/v2/Users/:id", "line": 11655, "source": "src/router.js", "short": "SCIM Users per-resource lifecycle (RFC 7644 §3.5/§3.6)", "comments": [ "SCIM Users per-resource lifecycle (RFC 7644 §3.5/§3.6)" ], "stub": false, "expanded_from": null }, { "method": "PATCH", "path": "/v1/scim/v2/Users/:id", "line": 11668, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/scim/v2/Users/:id", "line": 11660, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "search", "label": "Search", "routes": [ { "method": "POST", "path": "/v1/search", "line": 14246, "source": "src/router.js", "short": "Search - registry similarity search across the caller's tenant artifacts.", "comments": [ "Search - registry similarity search across the caller's tenant artifacts.", "Returns top-k matches with embedding-distance scores. Body: { query", "(required), k=10, tag }. 500 errors are wrapped in {error, detail,", "matches:[]} so SDKs never see a raw 500 (W470 P0-2)." ], "stub": false, "expanded_from": null } ] }, { "key": "seasonal", "label": "Seasonal", "routes": [ { "method": "GET", "path": "/v1/seasonal", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/seasonal/:namespace", "line": 8038, "source": "src/router.js", "short": "- bad params → 400 missing_field", "comments": [ "- bad params → 400 missing_field", "- no matching variant for today's event/season → recommended:null +", "human-readable reason string", "(NEVER guess at the calendar).", "- hemisphere bias echoed in payload → callers can detect the N-bias." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/seasonal/variant", "line": 8118, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "security", "label": "Security", "routes": [ { "method": "GET", "path": "/v1/security/audit-retention/status", "line": 25698, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/security/continuous-monitoring/snapshot", "line": 25709, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/security/iso27001/controls", "line": 25640, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/security/soc2/checklist", "line": 25592, "source": "src/router.js", "short": "(not kolm) supplies evidence (e.g. background-check policy).", "comments": [ "(not kolm) supplies evidence (e.g. background-check policy).", "The retention + monitoring routes import lazily so the certification", "modules are not paid for on cold daemons that never call them." ], "stub": false, "expanded_from": null } ] }, { "key": "seeds", "label": "Seeds", "routes": [ { "method": "POST", "path": "/v1/seeds/from-nl", "line": 4418, "source": "src/router.js", "short": "LLM, or deterministic local fallback when no LLM backend is configured.", "comments": [ "LLM, or deterministic local fallback when no LLM backend is configured." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/seeds/from-nl/health", "line": 4356, "source": "src/router.js", "short": "button when no LLM backend is configured. Stable, no auth.", "comments": [ "button when no LLM backend is configured. Stable, no auth." ], "stub": false, "expanded_from": null } ] }, { "key": "serve", "label": "Serve", "routes": [ { "method": "POST", "path": "/v1/serve", "line": 29031, "source": "src/router.js", "short": "a .kolm artifact and runtime target.", "comments": [ "a .kolm artifact and runtime target.", "Body: { artifact, runtime, port?, docker?, k8s? } → { manifest, runtime, port }" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/serve/pods", "line": 29023, "source": "src/router.js", "short": "currently served). No live-pod tracker is wired yet, so this returns an empty", "comments": [ "currently served). No live-pod tracker is wired yet, so this returns an empty", "set; the /account/models UI uses it to badge \"serving\" state and degrades", "gracefully (it already .catch()es to {pods:[]}). Registering the route stops", "the prod 404 the models page hit." ], "stub": false, "expanded_from": null } ] }, { "key": "session", "label": "Session", "routes": [ { "method": "POST", "path": "/v1/session/login", "line": 3063, "source": "src/router.js", "short": "Session cookie (S7)", "comments": [ "Session cookie (S7)", "then call authenticated API routes without exposing the key to JavaScript. The legacy", "localStorage path still works, but new pages should use this route", "and rely on the cookie." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/session/logout", "line": 3085, "source": "src/router.js", "short": "Session logout - clears the kolm_session cookie set by /v1/session/login.", "comments": [ "Session logout - clears the kolm_session cookie set by /v1/session/login.", "Returns {ok:true}; safe to call repeatedly (no-op when no cookie present)." ], "stub": false, "expanded_from": null } ] }, { "key": "signin", "label": "Sign in", "routes": [ { "method": "POST", "path": "/v1/signin", "line": 3020, "source": "src/router.js", "short": "/v1/signin and /v1/signout mirror /v1/session/login and /v1/session/logout", "comments": [ "Signin / Signout aliases (RS-1 contract)", "/v1/signin and /v1/signout mirror /v1/session/login and /v1/session/logout", "for the homepage contract. POST {api_key} returns the same shape and sets", "the same kolm_session cookie. /v1/signout returns 204 to be friendly to", "CLI tools that ignore body." ], "stub": false, "expanded_from": null } ] }, { "key": "signout", "label": "Sign out", "routes": [ { "method": "POST", "path": "/v1/signout", "line": 3053, "source": "src/router.js", "short": "/v1/session/logout; kept so older clients that POST /v1/signout still work.", "comments": [ "Signout - clears the kolm_session cookie and returns 204. Legacy alias for", "/v1/session/logout; kept so older clients that POST /v1/signout still work." ], "stub": false, "expanded_from": null } ] }, { "key": "signup", "label": "Sign up", "routes": [ { "method": "POST", "path": "/v1/signup", "line": 2883, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "sigstore", "label": "Sigstore", "routes": [ { "method": "POST", "path": "/v1/sigstore/attest", "line": 3455, "source": "src/router.js", "short": "Sigstore attest - forwards a caller-signed receipt bundle to the", "comments": [ "Sigstore attest - forwards a caller-signed receipt bundle to the", "configured Rekor instance and returns the merged bundle. The caller MUST", "pre-sign with their own key (server has no private key); receipt must", "already carry signature_ed25519 + dry-run signature_sigstore (Wave 150+)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sigstore/entry/:logIndex", "line": 3434, "source": "src/router.js", "short": "Sigstore entry fetch - forwards to the configured Rekor instance and", "comments": [ "Sigstore entry fetch - forwards to the configured Rekor instance and", "returns the raw entry by logIndex. Public (Rekor itself is public).", "503 when no KOLM_SIGSTORE_REKOR_URL is configured; 404 when Rekor 404s." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sigstore/health", "line": 3424, "source": "src/router.js", "short": "has a Rekor URL configured + whether the", "comments": [ "has a Rekor URL configured + whether the", "integration is enabled.", "raw entry. Public - Rekor is public." ], "stub": false, "expanded_from": null } ] }, { "key": "sim", "label": "Simulation", "routes": [ { "method": "GET", "path": "/v1/sim", "line": 21942, "source": "src/router.js", "short": "Sim list - returns saved workflow simulations plus the supported simulator type catalog.", "comments": [ "Sim list - returns saved workflow simulations plus the supported simulator type catalog." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sim/:id", "line": 21950, "source": "src/router.js", "short": "Sim detail - returns one saved workflow simulation record by simulation id.", "comments": [ "Sim detail - returns one saved workflow simulation record by simulation id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/sim/run", "line": 21927, "source": "src/router.js", "short": "Sim run - creates a workflow simulation and emits synthetic events into its saved run record.", "comments": [ "Sim run - creates a workflow simulation and emits synthetic events into its saved run record." ], "stub": false, "expanded_from": null } ] }, { "key": "simulations", "label": "Simulations", "routes": [ { "method": "GET", "path": "/v1/simulations", "line": 23508, "source": "src/router.js", "short": "/v1/simulations - list + run alias for /v1/sim + /v1/sim/run. Plus a", "comments": [ "/v1/simulations - list + run alias for /v1/sim + /v1/sim/run. Plus a", "promote endpoint that mirrors simulations.html's \"promote to holdout\"", "button (delegates to simulation.generateDatasetFromSim)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/simulations", "line": 23517, "source": "src/router.js", "short": "Simulations create+run - REST alias of /v1/sim/run that creates a", "comments": [ "Simulations create+run - REST alias of /v1/sim/run that creates a", "workflow simulation and immediately runs it. Body: { workflow_id, type, n,", "personas, opts, toLake (default true) }. Returns sim_id + emitted events." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/simulations/:id", "line": 23532, "source": "src/router.js", "short": "Simulation detail - REST alias of /v1/sim/:id. Returns one saved workflow", "comments": [ "Simulation detail - REST alias of /v1/sim/:id. Returns one saved workflow", "simulation record. 404 when the id is unknown." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/simulations/:id/promote", "line": 23543, "source": "src/router.js", "short": "Simulation promote - mirrors the \"promote to holdout\" button on", "comments": [ "Simulation promote - mirrors the \"promote to holdout\" button on", "simulations.html. Calls simulation.generateDatasetFromSim to convert a sim", "into a dataset (synthetic rows + optional holdout). Body: { name,", "holdoutFromSim (default true) }. Returns the dataset id on success." ], "stub": false, "expanded_from": null } ] }, { "key": "sla", "label": "Sla", "routes": [ { "method": "GET", "path": "/v1/sla/dashboard", "line": 20314, "source": "src/router.js", "short": "SLA dashboard - bundle of every surface rollup for /account/sla.html.", "comments": [ "SLA dashboard - bundle of every surface rollup for /account/sla.html." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sla/rollup", "line": 20295, "source": "src/router.js", "short": "SLA rollup - returns p50/p95/p99 latency + uptime_pct for one surface.", "comments": [ "SLA rollup - returns p50/p95/p99 latency + uptime_pct for one surface." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sla/series", "line": 20327, "source": "src/router.js", "short": "copy (\"Numbers come from the /v1/sla/series route\") binds straight to", "comments": [ "SLA series - alias of /v1/sla/rollup so the placeholder /account/sla.html", "copy (\"Numbers come from the /v1/sla/series route\") binds straight to", "the persistent rollup once frontend wires." ], "stub": false, "expanded_from": null } ] }, { "key": "sneakernet", "label": "Sneakernet", "routes": [ { "method": "POST", "path": "/v1/sneakernet/pack", "line": 27660, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/sneakernet/unpack", "line": 27684, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "spec", "label": "Spec", "routes": [ { "method": "GET", "path": "/v1/spec", "line": 3789, "source": "src/router.js", "short": "Public RS-1 spec document - open standard, no auth required.", "comments": [ "Public RS-1 spec document - open standard, no auth required." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/spec/governance-packet", "line": 3846, "source": "src/router.js", "short": "A device with this bundle can run every public recipe locally, offline,", "comments": [ "A device with this bundle can run every public recipe locally, offline,", "forever, for free. Returns a portable JSON envelope of all public recipes", "with their executable source. This is the on-device runtime payload.", "Format governance packet - local evidence for neutral .kolm stewardship.", "External acceptance remains explicitly gated until a public venue accepts it." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/spec/governance-packet/template", "line": 3886, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/spec/governance-packet/validate", "line": 3918, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "spec-decode", "label": "Spec Decode", "routes": [ { "method": "POST", "path": "/v1/spec-decode", "line": 16410, "source": "src/router.js", "short": "Train a speculative-decoding draft head (eagle/eagle2/eagle3/medusa)", "comments": [ "Train a speculative-decoding draft head (eagle/eagle2/eagle3/medusa)", "via the tenant-installed trainer plug-in. Auth-gated. Body: { pairs_path,", "base_path, draft_kind, out_dir, namespace }. Returns trainer envelope." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/spec-decode/doctor", "line": 16399, "source": "src/router.js", "short": "Speculative decoding draft-head trainer doctor (EAGLE-2/3, Medusa).", "comments": [ "Speculative decoding draft-head trainer doctor (EAGLE-2/3, Medusa).", "Reports whether $KOLM_SPECDECODE_TRAINER is resolvable; install_hint when not." ], "stub": false, "expanded_from": null } ] }, { "key": "specialists", "label": "Specialists", "routes": [ { "method": "GET", "path": "/v1/specialists", "line": 14976, "source": "src/router.js", "short": "Specialists list - returns tenant-visible specialist jobs without inline corpus rows.", "comments": [ "Specialists list - returns tenant-visible specialist jobs without inline corpus rows." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/specialists/:id", "line": 14982, "source": "src/router.js", "short": "Specialist detail - returns one accessible specialist record for the tenant or admin.", "comments": [ "Specialist detail - returns one accessible specialist record for the tenant or admin." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/specialists/:id/run", "line": 15001, "source": "src/router.js", "short": "Specialist run - executes the specialist preview through its source recipe fallback.", "comments": [ "Specialist run - executes the specialist preview through its source recipe fallback." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/specialists/:id/weights", "line": 14990, "source": "src/router.js", "short": "Specialist weights - returns completed weight metadata or 503 while training is pending.", "comments": [ "Specialist weights - returns completed weight metadata or 503 while training is pending." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/specialists/auto-distill", "line": 18025, "source": "src/router.js", "short": "Specialist auto-distill - turns 1,000+ kept namespace captures into a distill job.", "comments": [ "Specialist auto-distill - turns 1,000+ kept namespace captures into a distill job.", "Returns a job id and poll URL from the trainer bridge or the local distill worker." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/specialists/train", "line": 14955, "source": "src/router.js", "short": "Specialist train - queues tenant specialist training from an existing recipe and optional corpus.", "comments": [ "Specialist train - queues tenant specialist training from an existing recipe and optional corpus." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/specialists/waitlist", "line": 14707, "source": "src/router.js", "short": "Specialist waitlist - captures guided-training interest from teams before onboarding.", "comments": [ "Specialist waitlist - captures guided-training interest from teams before onboarding." ], "stub": false, "expanded_from": null } ] }, { "key": "speculative", "label": "Speculative", "routes": [ { "method": "GET", "path": "/v1/speculative/acceptance", "line": 27464, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/speculative/bench", "line": 27352, "source": "src/router.js", "short": "Acceptance log query (workflow_id='speculative_teacher:log')", "comments": [ "Acceptance log query (workflow_id='speculative_teacher:log')", "Auth-gated via req.tenant_record. Tenant fence forced from session, never", "from request body. Distinct prefix /v1/speculative/* so parallel agents on", "W811/W812/W813/W815 cannot collide on these route paths." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/speculative/bench/:id", "line": 27401, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "sso", "label": "Sso", "routes": [ { "method": "GET", "path": "/v1/sso/status", "line": 10985, "source": "src/router.js", "short": "W869+ Persona D admin status aggregators.", "comments": [ "W869+ Persona D admin status aggregators.", "Thin read-only composers for /account/enterprise. Each one stitches data", "from individual surfaces (sso/status, byoc/deployments, compliance/*, audit)", "into the shape the admin dashboard expects. Honest when state is missing:", "empty fields, no 404s." ], "stub": false, "expanded_from": null } ] }, { "key": "staleness", "label": "Staleness", "routes": [ { "method": "GET", "path": "/v1/staleness", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/staleness/:namespace", "line": 7691, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/staleness/apply-ttl", "line": 7731, "source": "src/router.js", "short": "Role gate: req.is_admin OR req.local_daemon OR req.tenant_record.kind === 'human'", "comments": [ "Role gate: req.is_admin OR req.local_daemon OR req.tenant_record.kind === 'human'", "(the tenant_record.kind sentinel - human tenants are workspace owners by", "construction in src/auth.js; anon/api_only/etc. are not). We do NOT reuse", "teams.requireRole here because the staleness scope is per-namespace inside", "a tenant, not per-team. Adding team scoping is a follow-up (W746+1)." ], "stub": false, "expanded_from": null } ] }, { "key": "stat-sig", "label": "Stat Sig", "routes": [ { "method": "GET", "path": "/v1/stat-sig/gate", "line": 27926, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/stat-sig/test", "line": 27904, "source": "src/router.js", "short": "Returns: {ok, decision:'pass'|'fail'|'insufficient', reasons:[], welch:{...}, version}", "comments": [ "Returns: {ok, decision:'pass'|'fail'|'insufficient', reasons:[], welch:{...}, version}", "Auth-gated. Pure-math welchT does not need tenant fence; gate() reads via", "ab-router which forces tenant from session." ], "stub": false, "expanded_from": null } ] }, { "key": "status", "label": "Status", "routes": [ { "method": "GET", "path": "/v1/status", "line": 10233, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/status/receipts", "line": 150, "source": "src/website-status-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/status/subscribe", "line": 1641, "source": "src/router.js", "short": "Status subscribe - email opt-in from the /status page. Validates the address,", "comments": [ "Status subscribe - email opt-in from the /status page. Validates the address,", "dedupes by email (returns duplicate:true on re-subscribe), inserts into", "status_subscribers with source:'status_page', and is rate-limited." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/status/summary", "line": 147, "source": "src/website-status-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "storage", "label": "Storage", "routes": [ { "method": "GET", "path": "/v1/storage/config", "line": 23344, "source": "src/router.js", "short": "Storage config - returns the event-store driver info + media blob base", "comments": [ "Storage config - returns the event-store driver info + media blob base", "directory + supported media kinds. The config itself is env-var driven", "(KOLM_DATA_DIR, KOLM_MEDIA_DIR, KOLM_EVENT_STORE_DRIVER)." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/storage/config", "line": 23360, "source": "src/router.js", "short": "Storage config update - admin-only echo endpoint that does NOT mutate", "comments": [ "Storage config update - admin-only echo endpoint that does NOT mutate", "runtime config (storage settings live in env vars and require a daemon", "restart). Returns {ok, proposed, note, env_vars} so the dashboard can", "show what would change and which vars to set." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/storage/object-readiness", "line": 2379, "source": "src/router.js", "short": "Artifact object-store readiness for account UI and CI. This is split out", "comments": [ "Artifact object-store readiness for account UI and CI. This is split out", "from generic cloud readiness because large .kolm/model bundles require a", "real object path (R2 S3, AWS S3, generic S3, Supabase S3, or local disk),", "not only provider env detection." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/storage/purge", "line": 23377, "source": "src/router.js", "short": "Storage purge - destructive admin-only event-store purge. Requires", "comments": [ "Storage purge - destructive admin-only event-store purge. Requires", "{confirm:true} in the body; supports {before} timestamp + {namespace}", "filters. Returns purge counts. Used for lake-retention cleanups." ], "stub": false, "expanded_from": null } ] }, { "key": "streaming", "label": "Streaming", "routes": [ { "method": "GET", "path": "/v1/streaming/capabilities", "line": 2435, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/streaming/normalize", "line": 2439, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "stripe", "label": "Stripe", "routes": [ { "method": "POST", "path": "/v1/stripe/webhook", "line": 13082, "source": "src/router.js", "short": "(downgrade to free). Idempotent: each Stripe event id is recorded once.", "comments": [ "(downgrade to free). Idempotent: each Stripe event id is recorded once.", "The route is mounted with `express.raw({ type: '*/*' })` ahead of", "`express.json()` in server.js - req.body must be a Buffer for signature", "verification to work (canonical JSON reordering breaks the HMAC)." ], "stub": false, "expanded_from": null } ] }, { "key": "sync", "label": "Sync", "routes": [ { "method": "GET", "path": "/v1/sync/audit", "line": 19831, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/sync/inbox", "line": 19846, "source": "src/router.js", "short": "{events, namespace, source_device_id, state} envelope as the contract.", "comments": [ "{events, namespace, source_device_id, state} envelope as the contract.", "The receiver writes incoming events into the local event store.", "WC14 - token-in-body endpoint: a fuzzer can spam any envelope shape. The", "syncInboxBackoff middleware locks an IP out for 15 min after 5 malformed", "attempts (a real peer always sends a typed envelope; bots typically don't)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/sync/pull", "line": 19817, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/sync/push", "line": 19802, "source": "src/router.js", "short": "{pushed, skipped, blocked, audit_id, reasons}.", "comments": [ "{pushed, skipped, blocked, audit_id, reasons}." ], "stub": false, "expanded_from": null }, { "method": "PUT", "path": "/v1/sync/state", "line": 19788, "source": "src/router.js", "short": "what data leaves the device.", "comments": [ "what data leaves the device." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/sync/status", "line": 19779, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "synthesize", "label": "Synthesis", "routes": [ { "method": "POST", "path": "/v1/synthesize", "line": 13718, "source": "src/router.js", "short": "Layer 1: Synthesis", "comments": [ "Layer 1: Synthesis" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/synthesize/batch", "line": 13814, "source": "src/router.js", "short": "Batch synthesis: multiple concepts in one round-trip. Sequential, since", "comments": [ "Batch synthesis: multiple concepts in one round-trip. Sequential, since", "synthesis is CPU-bound - but billed once via shared overhead." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/synthesize/stream", "line": 13761, "source": "src/router.js", "short": "SSE: live synthesis events (candidate generated, verified, accepted, etc.)", "comments": [ "SSE: live synthesis events (candidate generated, verified, accepted, etc.)" ], "stub": false, "expanded_from": null } ] }, { "key": "synthetic", "label": "Synthetic", "routes": [ { "method": "POST", "path": "/v1/synthetic/commit", "line": 21226, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/synthetic/coverage", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/synthetic/coverage/:namespace", "line": 21068, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/synthetic/gaps", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/synthetic/gaps/:namespace", "line": 21017, "source": "src/router.js", "short": "supply ANTHROPIC_API_KEY or KOLM_TEACHER_API_KEY in env. Missing key →", "comments": [ "supply ANTHROPIC_API_KEY or KOLM_TEACHER_API_KEY in env. Missing key →", "503 teacher_not_wired envelope.", "* Spend protection: POST /v1/synthetic/generate refuses to actually call", "the teacher unless body.confirm === true. Without confirm we return", "200 + {ok:false, error:'synthetic_costs_money', estimated_cost_usd}." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/synthetic/generate", "line": 21114, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "system", "label": "System", "routes": [ { "method": "GET", "path": "/.well-known/jwks.json", "line": 3308, "source": "src/router.js", "short": "NOW-3 - standards-conformant JWKS endpoint. Exposes the default receipt", "comments": [ "NOW-3 - standards-conformant JWKS endpoint. Exposes the default receipt", "signing key as an RFC 8037 OKP JWK so any third-party verifier can fetch the", "key (kid == fingerprint) and check the X-Inference-Signature response header", "the gateway emits, WITHOUT trusting kolm (IETF inference-signature drafts)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/anthropic/v1/messages", "line": 5526, "source": "src/router.js", "short": "/anthropic/v1/messages so SDKs that point BASE_URL at https://kolm.ai/anthropic", "comments": [ "Anthropic messages alias - same connector as /v1/messages, mounted under", "/anthropic/v1/messages so SDKs that point BASE_URL at https://kolm.ai/anthropic", "continue to work without rewriting the path." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/health", "line": 1495, "source": "src/router.js", "short": "hit /v1/health for the full snapshot including backend availability.", "comments": [ "hit /v1/health for the full snapshot including backend availability.", "ok:true is the canonical liveness signal for ship-gate, status", "is preserved for older readers. W890-13: extended with `git`, `gateway`,", "`capture_store`, `signing_key` per plan Part K-1. Each field is a string", "so platform health probes can pattern-match without unpacking a struct." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/metrics", "line": 1605, "source": "src/router.js", "short": "authMiddleware so a Prometheus scraper can reach it without an API", "comments": [ "authMiddleware so a Prometheus scraper can reach it without an API", "key, optionally gated by KOLM_METRICS_BEARER for prod deployments.", "The honest-dev-default is public; setting the env var requires", "`Authorization: Bearer ` and returns a structured 401 envelope", "on mismatch so misconfigured scrapers fail loud." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/metrics/extended", "line": 205, "source": "src/k8s-routes.js", "short": "/metrics/extended", "comments": [ "/metrics/extended" ], "stub": false, "expanded_from": null }, { "method": "ALL", "path": "/r/:token", "line": 18690, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "ALL", "path": "/r/:token/*", "line": 18691, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/ready", "line": 1698, "source": "src/router.js", "short": "gates. /health stays green for static uptime; /ready fails when critical", "comments": [ "Deploy readiness: public, low-detail, and suitable for platform health", "gates. /health stays green for static uptime; /ready fails when critical", "production-only configuration is missing." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/ready/deep", "line": 180, "source": "src/k8s-routes.js", "short": "/ready/deep", "comments": [ "/ready/deep" ], "stub": false, "expanded_from": null } ] }, { "key": "target-profiles", "label": "Target Profiles", "routes": [ { "method": "GET", "path": "/v1/target-profiles", "line": 3634, "source": "src/router.js", "short": "(jetson-orin-nano, iphone-15-pro, rtx-5090, ...) to the recommended", "comments": [ "(jetson-orin-nano, iphone-15-pro, rtx-5090, ...) to the recommended", "(--target, runtime, context, est tok/s) combo. The data is the same as", "`kolm compile --list-target-profiles --json` and ships with the CLI; the", "HTTP surface is here so the docs site and Studio compile wizard can read", "it without shelling out." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/target-profiles/:name", "line": 3642, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "teacher", "label": "Teacher", "routes": [ { "method": "POST", "path": "/v1/teacher/chat", "line": 7871, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/teacher/chat/health", "line": 8008, "source": "src/router.js", "short": "kolm instance. No auth required (publishes only booleans). Lets a local", "comments": [ "kolm instance. No auth required (publishes only booleans). Lets a local", "distill worker pick which vendor to route through the proxy without", "burning a real call to test." ], "stub": false, "expanded_from": null } ] }, { "key": "teacher-versions", "label": "Teacher Versions", "routes": [ { "method": "GET", "path": "/v1/teacher-versions", "line": 28518, "source": "src/router.js", "short": ":namespace path param. The dashboard pages call these endpoints without a", "comments": [ ":namespace path param. The dashboard pages call these endpoints without a", "selected namespace before the user picks one; previously they 404'd. We", "forward to the existing :namespace handler with namespace='default' so the", "account UI<->server parity test (W409f #4) passes and the page renders an", "empty-state from a real envelope instead of a 404." ], "stub": false, "expanded_from": "bare" }, { "method": "GET", "path": "/v1/teacher-versions/:namespace", "line": 7804, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "team", "label": "Team", "routes": [ { "method": "POST", "path": "/v1/team/accept-invite", "line": 19910, "source": "src/router.js", "short": "WC14 - token-in-body endpoint: teamAcceptBackoff locks an IP out for", "comments": [ "WC14 - token-in-body endpoint: teamAcceptBackoff locks an IP out for", "15 min after 5 failed token attempts to bound brute-force search of", "the invite_token space." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/team/approvals", "line": 19954, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/team/approvals", "line": 19969, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/team/approvals/:id/decide", "line": 19982, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/team/invite", "line": 19887, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/team/invites", "line": 9045, "source": "src/router.js", "short": "/v1/team/invites - team.html invite list / create endpoint.", "comments": [ "/v1/team/invites - team.html invite list / create endpoint.", "GET returns the calling tenant's outstanding invites; POST creates one." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/team/invites", "line": 9056, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/team/member/:id", "line": 19941, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/team/members", "line": 19881, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/team/namespaces", "line": 20003, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/team/role", "line": 19927, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/team/sync", "line": 20117, "source": "src/router.js", "short": "structured body; soft cap sets x-kolm-quota-warning.", "comments": [ "structured body; soft cap sets x-kolm-quota-warning.", "Auth flows through the standard middleware (mounted later as", "r.use(authMiddleware) at the section below). The tenant_record is", "already attached when this handler runs." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/team/workspace", "line": 19875, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "teams", "label": "Teams", "routes": [ { "method": "GET", "path": "/v1/teams", "line": 18205, "source": "src/router.js", "short": "Team list - returns active teams for the signed-in tenant with their role.", "comments": [ "Team list - returns active teams for the signed-in tenant with their role." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/teams", "line": 18192, "source": "src/router.js", "short": "Team creation - creates a paid-plan workspace and makes the caller the owner.", "comments": [ "Team creation - creates a paid-plan workspace and makes the caller the owner." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/teams/:idOrSlug", "line": 18390, "source": "src/router.js", "short": "Team delete - owner-only soft delete that removes members and pending invites.", "comments": [ "Team delete - owner-only soft delete that removes members and pending invites." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/:idOrSlug", "line": 18212, "source": "src/router.js", "short": "Team detail - returns team, member, and pending-invite data for members or admins.", "comments": [ "Team detail - returns team, member, and pending-invite data for members or admins." ], "stub": false, "expanded_from": null }, { "method": "PATCH", "path": "/v1/teams/:idOrSlug", "line": 18377, "source": "src/router.js", "short": "Team update - admin-only rename, plan, and seat-limit updates.", "comments": [ "Team update - admin-only rename, plan, and seat-limit updates." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/:idOrSlug/captures", "line": 18227, "source": "src/router.js", "short": "team activity dashboard. Every member's captured AI traffic,", "comments": [ "team activity dashboard. Every member's captured AI traffic,", "attributed (who / model / namespace / cost), plus a rollup. Any active team", "member may read; finer-grained capture:read RBAC is layered in Part A3." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/:idOrSlug/export", "line": 18334, "source": "src/router.js", "short": "team-scoped data export (admin + lake:export scope). Streams the", "comments": [ "team-scoped data export (admin + lake:export scope). Streams the", "team's captured events so a team can hand an auditor or analyst the lake." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/:idOrSlug/invite", "line": 18418, "source": "src/router.js", "short": "Team invite - admin-only invite that enforces seat limits and returns an accept URL.", "comments": [ "Team invite - admin-only invite that enforces seat limits and returns an accept URL." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/teams/:idOrSlug/members/:tenant_id", "line": 18574, "source": "src/router.js", "short": "Team member removal - members may leave; admins may remove non-owner members.", "comments": [ "Team member removal - members may leave; admins may remove non-owner members." ], "stub": false, "expanded_from": null }, { "method": "PATCH", "path": "/v1/teams/:idOrSlug/members/:tenant_id", "line": 18560, "source": "src/router.js", "short": "Team member role update - admin-only role changes, with owner changes routed via transfer.", "comments": [ "Team member role update - admin-only role changes, with owner changes routed via transfer." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/:idOrSlug/models", "line": 18272, "source": "src/router.js", "short": "team model registry. A member shares an artifact (a completed", "comments": [ "team model registry. A member shares an artifact (a completed", "compile job) with the team; members list it and reach it via a STABLE", "endpoint. Backs \"train a model your team owns, then everyone uses it\"", "(including the intense cloud/GPU training path - any completed artifact)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/:idOrSlug/models", "line": 18284, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/teams/:idOrSlug/models/:modelId", "line": 18306, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/:idOrSlug/models/:modelId/endpoint", "line": 18319, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/:idOrSlug/retention", "line": 18354, "source": "src/router.js", "short": "team data-retention policy (admin sets retain_days; 0 = keep forever).", "comments": [ "team data-retention policy (admin sets retain_days; 0 = keep forever)." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/:idOrSlug/retention", "line": 18362, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/:idOrSlug/transfer", "line": 18403, "source": "src/router.js", "short": "Team ownership transfer - owner-only handoff to an existing team member.", "comments": [ "Team ownership transfer - owner-only handoff to an existing team member." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/teams/invites/:invite_id", "line": 18549, "source": "src/router.js", "short": "Team invite revoke - admin-only deletion of an outstanding invite by invite id.", "comments": [ "Team invite revoke - admin-only deletion of an outstanding invite by invite id." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/teams/invites/:token", "line": 18529, "source": "src/router.js", "short": "Team invite preview - public token lookup with invite role, expiry, and team summary.", "comments": [ "Team invite preview - public token lookup with invite role, expiry, and team summary." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/teams/invites/:token/accept", "line": 18540, "source": "src/router.js", "short": "Team invite acceptance - signed-in tenant accepts a valid invite for their email.", "comments": [ "Team invite acceptance - signed-in tenant accepts a valid invite for their email." ], "stub": false, "expanded_from": null } ] }, { "key": "telemetry", "label": "Telemetry", "routes": [ { "method": "GET", "path": "/v1/telemetry", "line": 14325, "source": "src/router.js", "short": "Returns the v5 (kolm) summary AND the legacy invocations snapshot the", "comments": [ "Returns the v5 (kolm) summary AND the legacy invocations snapshot the", "existing dashboard.html consumes. Dashboard keeps reading", "total_invocations/p50_us/cache; new surfaces (status, hero) read", "compiles_today/receipt_bearing_runs/k_score_median/artifacts_total/", "active_tenants_24h." ], "stub": false, "expanded_from": null } ] }, { "key": "test-device", "label": "Test Device", "routes": [ { "method": "POST", "path": "/v1/test-device", "line": 22695, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "test-quants", "label": "Test Quants", "routes": [ { "method": "POST", "path": "/v1/test-quants", "line": 22712, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "trace", "label": "Trace", "routes": [ { "method": "GET", "path": "/v1/trace/:trace_id/chain", "line": 18830, "source": "src/router.js", "short": "Trace chain - returns tenant-scoped parent/child span chain for a 32-hex trace id.", "comments": [ "Trace chain - returns tenant-scoped parent/child span chain for a 32-hex trace id." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trace/:trace_id/export", "line": 18841, "source": "src/router.js", "short": "Trace export - returns tenant-scoped raw spans for a 32-hex trace id.", "comments": [ "Trace export - returns tenant-scoped raw spans for a 32-hex trace id." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trace/:trace_id/stats", "line": 18819, "source": "src/router.js", "short": "Trace stats - returns tenant-scoped span counts and timing stats for a 32-hex trace id.", "comments": [ "Trace stats - returns tenant-scoped span counts and timing stats for a 32-hex trace id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/trace/append", "line": 18852, "source": "src/router.js", "short": "Trace append - validates and stores one span under the authenticated tenant.", "comments": [ "Trace append - validates and stores one span under the authenticated tenant." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/trace/compile", "line": 18942, "source": "src/router.js", "short": "Trace compile - converts a tenant trace into replayable workflow IR seeds.", "comments": [ "Trace compile - converts a tenant trace into replayable workflow IR seeds." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trace/distill", "line": 28595, "source": "src/router.js", "short": "/v1/trace/distill - collection GET listing tenant reasoning-trace distill", "comments": [ "/v1/trace/distill - collection GET listing tenant reasoning-trace distill", "jobs. Real W828 wiring lives in src/trace-compile.js; this collection", "stub returns an empty envelope until a wave wires the distill queue", "through a dedicated route module." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/trace/translate", "line": 19019, "source": "src/router.js", "short": "Trace translate - rewrites trace IR provider/model fields for replay on another provider.", "comments": [ "Trace translate - rewrites trace IR provider/model fields for replay on another provider." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trace/translate/detect", "line": 18999, "source": "src/router.js", "short": "Trace provider detect - detects source provider/model metadata for a tenant trace.", "comments": [ "Trace provider detect - detects source provider/model metadata for a tenant trace." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trace/translate/providers", "line": 18993, "source": "src/router.js", "short": "Trace translate providers - lists supported cross-provider trace rewrite targets.", "comments": [ "Trace translate providers - lists supported cross-provider trace rewrite targets." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/trace/verify", "line": 18964, "source": "src/router.js", "short": "Trace replay verify - checks compiled replay outputs against captured trace spans.", "comments": [ "Trace replay verify - checks compiled replay outputs against captured trace spans." ], "stub": false, "expanded_from": null } ] }, { "key": "training", "label": "Training", "routes": [ { "method": "POST", "path": "/v1/training/plan", "line": 21979, "source": "src/router.js", "short": "Training plan - drafts a training plan (model class, dataset split, eval", "comments": [ "Training plan - drafts a training plan (model class, dataset split, eval", "protocol, expected K-floor) for a given dataset. Body: { dataset_id, plus", "optional model_class, holdout, budget }. Used by `kolm training plan`." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/training/token-dpo", "line": 28580, "source": "src/router.js", "short": "/v1/training/token-dpo - collection GET listing tenant token-DPO jobs.", "comments": [ "/v1/training/token-dpo - collection GET listing tenant token-DPO jobs.", "Honest envelope: no token-DPO module is wired into the request path yet,", "so the items[] is empty + status='pending'. The operator still gets a", "real envelope rather than a 404 from the TUI view." ], "stub": false, "expanded_from": null } ] }, { "key": "transparency-log", "label": "Transparency Log", "routes": [ { "method": "GET", "path": "/v1/transparency-log/checkpoints", "line": 233, "source": "src/transparency-log-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/transparency-log/checkpoints/latest", "line": 222, "source": "src/transparency-log-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/transparency-log/entries", "line": 153, "source": "src/transparency-log-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/transparency-log/entries/:seq", "line": 174, "source": "src/transparency-log-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/transparency-log/proof/:seq", "line": 194, "source": "src/transparency-log-routes.js", "short": "The RFC 9162 / RFC 6962 inclusion-proof fields (leaf_index, tree_size,", "comments": [ "The RFC 9162 / RFC 6962 inclusion-proof fields (leaf_index, tree_size,", "audit_path, root_hash, leaf_hash) are surfaced at the TOP LEVEL so a buyer", "can verify inclusion directly against verifyInclusionProof without reaching", "into a nested object. The original `proof` + `checkpoint` keys are kept for", "backward compatibility (older clients still read response.proof.*)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/transparency-log/size", "line": 142, "source": "src/transparency-log-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "trust", "label": "Trust", "routes": [ { "method": "GET", "path": "/v1/trust/*", "line": 1861, "source": "src/audit-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/trust/:slug", "line": 1599, "source": "src/audit-routes.js", "short": "review group. Renders the paid signed report (html default, ?format=json|pdf)", "comments": [ "review group. Renders the paid signed report (html default, ?format=json|pdf)", "and verifies offline. The slug is an unguessable capability token; possession", "is the grant. Resolves a paid audit slug OR a subscription's stable slug", "(always-current). A lapsed subscription serves its last report with a banner." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trust/:slug/badge.svg", "line": 1736, "source": "src/audit-routes.js", "short": "issuer key is revoked goes grey 'report revoked', outranking staleness and", "comments": [ "issuer key is revoked goes grey 'report revoked', outranking staleness and", "readiness), so it is cached for only 5 minutes - short enough that a", "revocation or freshness change propagates promptly. Allow-listed in", "src/auth.js PUBLIC_API alongside the other /v1/trust regexes." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trust/:slug/delta", "line": 1790, "source": "src/audit-routes.js", "short": "resolved from the audit / subscription history (resolvePriorReport); a link", "comments": [ "resolved from the audit / subscription history (resolvePriorReport); a link", "with no prior (a first-cycle Continuous report or a standalone $750 report)", "returns { ok:true, delta:null, note } rather than a 404. computeAuditDelta is", "pure + never-throws; this route never re-signs and touches no tenant data." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trust/:slug/export", "line": 1712, "source": "src/audit-routes.js", "short": "CSV / .xls / Drata / Vanta / exec / crosswalk artifact straight into their", "comments": [ "CSV / .xls / Drata / Vanta / exec / crosswalk artifact straight into their", "GRC tool with no kolm account. Possession of the unguessable slug is the", "grant; resolveTrust only yields an envelope for a PAID audit or an active /", "lapsed Continuous subscription (a not-yet-generated subscription is 409)." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/trust/:slug/questionnaire", "line": 1769, "source": "src/audit-routes.js", "short": "the unguessable slug is the grant (same capability level as the report it", "comments": [ "the unguessable slug is the grant (same capability level as the report it", "derives from); allow-listed in PUBLIC_API alongside GET /v1/trust/:slug.", "Answers are DERIVED from the report - a control the run never assessed is", "'n/a', never an unsupported 'yes'." ], "stub": false, "expanded_from": null } ] }, { "key": "tunnel", "label": "Tunnel", "routes": [ { "method": "GET", "path": "/v1/tunnel/agent/:token", "line": 18638, "source": "src/router.js", "short": "SSE long-poll: agent attaches and receives `request` events.", "comments": [ "SSE long-poll: agent attaches and receives `request` events." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/tunnel/agent/:token/response", "line": 18645, "source": "src/router.js", "short": "Agent posts a response for a given request_id.", "comments": [ "Agent posts a response for a given request_id." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/tunnel/register", "line": 18594, "source": "src/router.js", "short": "The agent maintains an SSE connection to /v1/tunnel/agent/, pulls", "comments": [ "The agent maintains an SSE connection to /v1/tunnel/agent/, pulls", "pending requests, runs the artifact, and posts responses back. The relay", "never decrypts payloads (we don't terminate TLS inside the user's", "machine), so the trust model is: trust kolm.ai to relay bytes in transit,", "or use BYOC TEE for payload-blind operation." ], "stub": false, "expanded_from": null } ] }, { "key": "tunnels", "label": "Tunnels", "routes": [ { "method": "GET", "path": "/v1/tunnels", "line": 18616, "source": "src/router.js", "short": "Tunnels list - returns the caller's active tenant tunnels (or team tunnels", "comments": [ "Tunnels list - returns the caller's active tenant tunnels (or team tunnels", "when ?team_id is supplied). Each row carries token, public_url, expires_at,", "and agent attach status. Used by the dashboard + `kolm tunnel list`." ], "stub": false, "expanded_from": null }, { "method": "DELETE", "path": "/v1/tunnels/:token", "line": 18626, "source": "src/router.js", "short": "Tunnel close - tears down one tunnel by token. Tenant-fenced (closeTunnel", "comments": [ "Tunnel close - tears down one tunnel by token. Tenant-fenced (closeTunnel", "throws code:'forbidden' for cross-tenant tokens → 403). Disconnects the", "attached agent SSE stream." ], "stub": false, "expanded_from": null } ] }, { "key": "usage", "label": "Usage", "routes": [ { "method": "GET", "path": "/v1/usage/budget", "line": 11829, "source": "src/router.js", "short": "Spend-cap budget status", "comments": [ "Spend-cap budget status" ], "stub": false, "expanded_from": null } ] }, { "key": "verified-inference", "label": "Verified inference", "routes": [ { "method": "POST", "path": "/v1/verified-inference", "line": 4213, "source": "src/router.js", "short": "Verified-inference endpoint - Generator-Verifier asymmetry made shippable.", "comments": [ "Verified-inference endpoint - Generator-Verifier asymmetry made shippable.", "Sample k candidates from a frontier model, run each through a deterministic", "Recipe verifier (test cases), pick the first that passes. Returns a receipt.", "P(correct) >= 1 - (1 - p*v)^k. For p=0.91 v=1 k=8: 99.9999%.", "Uses the server's ANTHROPIC_API_KEY, so a tenant API key is required." ], "stub": false, "expanded_from": null } ] }, { "key": "verify", "label": "Verify", "routes": [ { "method": "POST", "path": "/v1/verify", "line": 13854, "source": "src/router.js", "short": "Verify - compiles caller-supplied source and runs the verify suite against", "comments": [ "Verify - compiles caller-supplied source and runs the verify suite against", "positive/negative examples. Returns the verify result block (per-case", "pass/fail + summary). Rate-limited via publishLimiter. Body: { source", "(required), positives, negatives }." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/verify/:cid", "line": 13876, "source": "src/router.js", "short": "DoD step 9 closer. If the registry row carries `manifest.hashes`,", "comments": [ "DoD step 9 closer. If the registry row carries `manifest.hashes`,", "recompute the CID from those hashes (cidFromManifestHashes) and refuse to", "return verified=true unless the recomputed CID matches the requested CID.", "Surfaces `manifest_hash_mismatch` envelope with both expected_cid and", "actual_cid so an auditor can diff the discrepancy without trusting us." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/verify/:receipt_id", "line": 24885, "source": "src/router.js", "short": "W-D wrapper-completion - GET /v1/verify/:receipt_id", "comments": [ "W-D wrapper-completion - GET /v1/verify/:receipt_id", "Public receipt verification surface. Returns the receipt JSON if known", "to this tenant + signature verification result. Used by the kolm-audit-1", "`verify_url` field; the third-party can hit this without auth to get", "back the signed payload + a deterministic verify result." ], "stub": false, "expanded_from": null } ] }, { "key": "verticals", "label": "Verticals", "routes": [ { "method": "GET", "path": "/v1/verticals", "line": 21320, "source": "src/router.js", "short": "from a human workspace, not a CI api_only key.", "comments": [ "from a human workspace, not a CI api_only key.", "The fingerprint surface is intentionally non-404 - the route exists, it", "returns an honest \"w757_not_shipped\" envelope so callers can branch on", "the error code instead of probing for the URL." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/verticals/:id", "line": 21334, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/verticals/:id/fingerprint", "line": 21361, "source": "src/router.js", "short": "otherwise shadow this on /v1/verticals//. Express orders", "comments": [ "otherwise shadow this on /v1/verticals//. Express orders", "by registration, so this stays after /v1/verticals/:id but matches a", "strictly longer path; both are fine, the test pins both." ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/verticals/register-stubs", "line": 21383, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "video", "label": "Video", "routes": [ { "method": "POST", "path": "/v1/video/bakeoff", "line": 26137, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/video/capture-detect", "line": 26110, "source": "src/router.js", "short": "Distinct paths from W771 vision-capture (/v1/vision/capture-detect,", "comments": [ "Distinct paths from W771 vision-capture (/v1/vision/capture-detect,", "/v1/vision/captures) and W772 audio capture (/v1/audio/speech,", "/v1/audio/transcriptions, /v1/audio/translations) so the three parallel", "wave agents do not collide." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/video/captures", "line": 26169, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/video/tokenize", "line": 27208, "source": "src/router.js", "short": "Auth-gated. Returns the worker doctor envelope -- reports python3", "comments": [ "Auth-gated. Returns the worker doctor envelope -- reports python3", "presence + transformers/torch/decord/av/PIL availability + which", "tokenizer command is wired.", "═══════════════════════════════════════════════════════════════════════" ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/video/tokenize/doctor", "line": 27258, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "vision", "label": "Vision", "routes": [ { "method": "POST", "path": "/v1/vision/bakeoff", "line": 25893, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/vision/capture-detect", "line": 25869, "source": "src/router.js", "short": "{ok, count, captures[]} envelope.", "comments": [ "{ok, count, captures[]} envelope.", "All three are tenant-fenced via req.tenant_record.id (W411). Honest", "envelopes on bad input - no silent passthrough." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/vision/captures", "line": 25931, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "vlm", "label": "Vlm", "routes": [ { "method": "POST", "path": "/v1/vlm/tokenize", "line": 27126, "source": "src/router.js", "short": "Auth-gated. Returns the worker doctor envelope -- reports python3", "comments": [ "Auth-gated. Returns the worker doctor envelope -- reports python3", "presence + transformers/torch/Pillow availability + which", "tokenizer command is wired." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/vlm/tokenize/doctor", "line": 27162, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "vlm-distill", "label": "Vlm Distill", "routes": [ { "method": "POST", "path": "/v1/vlm-distill/run", "line": 117, "source": "src/multimodal-pipeline-routes.js", "short": "{ teacher, student_model, dataset_captures } - see src/vlm-distill.js", "comments": [ "{ teacher, student_model, dataset_captures } - see src/vlm-distill.js", "When KOLM_VLM_TEACHER_API_KEY is unset the response envelope still has", "ok:true (because the job was enqueued honestly) but real_run:false +", "missing_env:'KOLM_VLM_TEACHER_API_KEY' so the caller knows nothing was", "actually trained." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/vlm-distill/runs", "line": 139, "source": "src/multimodal-pipeline-routes.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "webhooks", "label": "Webhooks", "routes": [ { "method": "GET", "path": "/v1/webhooks", "line": 11877, "source": "src/router.js", "short": "Webhooks CRUD", "comments": [ "Webhooks CRUD" ], "stub": false, "expanded_from": null }, { "method": "POST", "path": "/v1/webhooks", "line": 11882, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "DELETE", "path": "/v1/webhooks/:id", "line": 11917, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "GET", "path": "/v1/webhooks/:id", "line": 11891, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PATCH", "path": "/v1/webhooks/:id", "line": 11908, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "PUT", "path": "/v1/webhooks/:id", "line": 11899, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "whoami", "label": "Whoami", "routes": [ { "method": "GET", "path": "/v1/whoami", "line": 9855, "source": "src/router.js", "short": "/v1/whoami alias. SDKs (OpenAI/Anthropic/LangChain) follow the", "comments": [ "/v1/whoami alias. SDKs (OpenAI/Anthropic/LangChain) follow the", "convention `GET /v1/whoami` (or `/v1/me`) for \"who is this key?\". The", "canonical kolm endpoint is GET /v1/account, but /v1/whoami forwards to", "the same handler so SDKs probing the conventional path get an answer", "instead of a 404 + bad first-impression. Auth-gated identically." ], "stub": false, "expanded_from": null } ] }, { "key": "workflows", "label": "Workflows", "routes": [ { "method": "GET", "path": "/v1/workflows/repeated", "line": 23441, "source": "src/router.js", "short": "/v1/workflows/repeated - repeated-workflows.html surfaces the cluster", "comments": [ "/v1/workflows/repeated - repeated-workflows.html surfaces the cluster", "summary from /v1/bridges/observations (the canonical W297 source) under", "a more discoverable URL. Returns {workflows:[{template,count,samples}]}." ], "stub": false, "expanded_from": null } ] }, { "key": "wrap", "label": "Wrap", "routes": [ { "method": "POST", "path": "/v1/wrap/verified", "line": 4108, "source": "src/router.js", "short": "If `corpus_namespace` is set, we ask the tenant's Recall index for the", "comments": [ "If `corpus_namespace` is set, we ask the tenant's Recall index for the", "top-k chunks for the most-recent user message and prepend them as a", "system context block. This is the \"ground every Distill call in the", "user's corpus\" promise from the plan." ], "stub": false, "expanded_from": null } ] }, { "key": "xlang", "label": "Xlang", "routes": [ { "method": "POST", "path": "/v1/xlang/bakeoff", "line": 26331, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/xlang/balanced-sample", "line": 26231, "source": "src/router.js", "short": "* Hosted route has NO runOnArtifact/judge wired by default", "comments": [ "* Hosted route has NO runOnArtifact/judge wired by default", "production injects via req.app.locals._w774_run_on_artifact +", "._w774_judge. The honest envelope on missing wiring is the", "contract, not a 500.", "* All four routes are W411 tenant-fenced." ], "stub": false, "expanded_from": null }, { "method": "GET", "path": "/v1/xlang/language-coverage", "line": 26380, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null }, { "method": "POST", "path": "/v1/xlang/per-language-eval", "line": 26282, "source": "src/router.js", "short": null, "comments": [], "stub": true, "expanded_from": null } ] }, { "key": "yaml", "label": "Yaml", "routes": [ { "method": "POST", "path": "/v1/yaml/validate", "line": 7122, "source": "src/router.js", "short": "* 200 + { ok:false, parsed, validation } on schema errors (parse", "comments": [ "* 200 + { ok:false, parsed, validation } on schema errors (parse", "succeeded but the document violates the W732 schema - caller still", "gets the parsed tree so it can highlight the bad rows)", "* 400 + { ok:false, error:'yaml_parse_failed', detail, line } on a", "parser error (couldn't even read the document)" ], "stub": false, "expanded_from": null } ] } ], "unparseable": [] }