Skip to content

HTTP endpoints

Every route registered across the services, extracted from the mux.HandleFunc / mux.Handle calls in the source. See API reference for request/response bodies and auth.

Signer

cmd/signer

Route Handler
/v1/hosts srv.handleHosts
/v1/reload srv.handleReload
/v1/sign srv.handleSign
DELETE /v1/policy/grants/{id} srv.handleGrantRevoke
DELETE /v1/policy/hosts/{host}/allow srv.handlePolicyAllow
GET /v1/clusters srv.handleClusters
GET /v1/policy/grants srv.handleGrantList
GET /v1/policy/hosts srv.handlePolicyHostsRead
POST /v1/policy/hosts/{host}/allow srv.handlePolicyAllow
POST /v1/policy/hosts/{host}/grants srv.handleGrantCreate

Control plane

cmd/control-plane

Route Handler
GET /ui/approvals srv.handleUIList
GET /ui/approvals/{id} srv.handleUIDetail
GET /v1/approvals srv.handleApprovalsList
GET /v1/clusters srv.handleClusters
GET /v1/hosts srv.handleHosts
GET /v1/sign/result/{id} srv.handleResult
POST /v1/approvals/{id} srv.handleApprovalDecide
POST /v1/sign srv.handleSign

Broker (HTTP/mTLS)

cmd/broker

Route Handler
/v1/ssh_run (inline handler)

MCP HTTP

cmd/mcp-broker-http

Route Handler
/ protected
/.well-known/oauth-protected-resource prm