Skip to content

HTTP API

List of HTTP routes exposed by the arka-deck Fastify server, grouped by functional domain.

Source of truth: adapters/inbound/web/server/src/routes/.


  • CORS: localhost + RFC1918 ranges in LAN mode
  • CSP: script-src 'self', connect-src localhost + LAN
  • Rate limit: 900 writes/min (GET/loopback exemptions)
  • Token: X-Arka-Token header required in LAN mode
  • HSTS: disabled (local HTTP, no TLS)
  • Request ID: UUID per request, logged

MethodPathDescription
GET/api/healthHealth check (status + version)
GET/api/system/*System metadata (boot, token)
GET/api/i18n/:langUI translations
GET/api/preferencesUser preferences
PUT/api/preferencesUpdate preferences

MethodPathDescription
GET/api/workspacesList
GET/api/workspaces/:idDetail
POST/api/workspacesCreate
PUT/api/workspaces/:idModify
DELETE/api/workspaces/:idDelete (refuses if non-empty)
GET/api/workspaces/:id/projectsProjects of the workspace
GET/api/projectsList all projects
GET/api/projects/:idDetail
GET/api/projects/find-by-cwd?path=...Auto-detect by marker
POST/api/projectsCreate (checks allowlist + workspace)
PUT/api/projects/:idModify (path immutable)
DELETE/api/projects/:idForget (204)
DELETE/api/projects/:id?purge=trueFull purge
POST/api/projects/:id/touchUpdate lastUsedAt

MethodPathDescription
GET/api/catalogue/profilesList HYOS profiles
GET/api/catalogue/profiles/:idProfile detail
DELETE/api/catalogue/cacheClear catalogue cache

MethodPathDescription
POST/api/chat/sessionsStart a session
POST/api/chat/sessions/:id/send-messageSend a turn (SSE stream)
GET/api/chat/sessions/:id/streamSSE stream
GET/api/chat/sessionsList project sessions
GET/api/chat/sessions/:idSession detail

MethodPathDescription
GET/api/memory/:projectIdProject memory overview
POST/api/memory/:projectId/entryCapture an entry
GET/api/memory/:projectId/entriesList entries

MethodPathDescription
GET/api/arkadoc/:projectIdList documents
GET/api/arkadoc/:projectId/:docIdDocument detail
PATCH/api/arkadoc/:projectId/:docId/statusUpdate status
GET/api/arkadoc/:projectId/:docId/renderMarkdown render

MethodPathDescription
GET/api/projects/:id/documentation/documentsFiltered list of project ArkaDoc deliverables
GET/api/projects/:id/documentation/documents/:docId/indexConsultation index for one document
GET/api/projects/:id/documentation/documents/:docId/outlineHuman-readable document outline
GET/api/projects/:id/documentation/documents/:docId/neighborsIncoming/outgoing document relations
GET/api/projects/:id/documentation/documents/:docId/fullFull document read
GET/api/projects/:id/documentation/documents/:docId/blocks/:blockIdRead one precise block

These routes read the project’s real ArkaDoc documents. They power the Documentation UI and the agent MCP tools that navigate indexes/blocks before opening a full document.


MethodPathDescription
GET/api/projects/:id/agent-action-cardsCards for the project/session, optionally filtered by run
POST/api/projects/:id/agent-action-cards/:cardId/selectSelect a card before a turn or orchestration command
GET/api/cortex-actions/treeCatalogue blocs tree
GET/api/cortex-actions/search?q=Search catalogue blocs
GET/api/cortex-actions/:type/:id/contentRead one catalogue bloc content
POST/api/cortex-actions/:projectId/selectRecord a project-scoped selection for the next turn
POST/api/cortex-actions/:projectId/exec-logRecord a project-scoped execution log
GET/api/cortex-actions/:projectId/optionsRead project Cortex Actions options
PUT/api/cortex-actions/:projectId/optionsUpdate project Cortex Actions options
GET/api/cortex-actions/:projectId/favoritesRead project favorites
POST/api/cortex-actions/:projectId/favoritesAdd a project favorite
DELETE/api/cortex-actions/:projectId/favorites/:type/:idRemove a project favorite
POST/api/cortex-actions/:projectId/favorites/suggestLaunch project-scoped suggestion worker

Dispatch approval cards are generated from ready ArkaDoc task documents and exclude QA-only assignments. Existing card ids are reused on refresh to avoid duplicates.


MethodPathDescription
GET/api/squads/:projectIdList squads of the project
POST/api/squadsCreate a squad
POST/api/squads/:id/materialize-leaderRecruit the Leader Pack
GET/api/orchestration/:projectId/missionsList missions
POST/api/orchestration/missionsStart mission
GET/api/orchestration/missions/:idMission state

MethodPathDescription
GET/api/mission-guardian/:projectId/statePhases + gates state
POST/api/mission-guardian/:projectId/decisionRecord decision
GET/api/mission-guardian/:projectId/evidenceCaptured evidence

Mission Guardian is the gate authority. Mission Control is exposed to agents through the runtime context/MCP surfaces.


MethodPathDescription
GET/api/providers/manifestsStatic manifests (catalogue)
GET/api/providers/instancesList configured instances
POST/api/providers/instancesCreate an instance
PUT/api/providers/instances/:idModify
DELETE/api/providers/instances/:idDelete
POST/api/providers/instances/:id/testTest (check + live)
GET/api/cortex-lite/projects/:id/stateCortex Lite project state
POST/api/cortex-lite/projects/:id/syncSynchronize
GET/api/cortex-runtime/statusRuntime endpoint readiness
POST/api/cortex-runtime/syncSynchronize runtime atoms/prompts
GET/api/projects/:id/runtime/snapshotProject runtime snapshot for agents
GET/api/projects/:id/runtime/docsRuntime ArkaDoc summaries
GET/api/projects/:id/runtime/docs/:docIdRuntime ArkaDoc detail
POST/api/projects/:id/runtime/docs/searchRuntime ArkaDoc search
GET/api/projects/:id/runtime/tasksRuntime task summaries
GET/api/projects/:id/runtime/memoryRuntime memory by scope

For task dispatch, runtime task summaries expose the ArkaDoc id as dispatch_task_id. A payload-level business task_id may be shown as business_task_id, but dispatch commands must use the ArkaDoc id.


MethodPathDescription
GET/api/connectors/manifestsAvailable connectors
GET/api/connectors/installations/:projectIdProject installations
POST/api/connectors/installationsEnable a connector
DELETE/api/connectors/installations/:idDisable
POST/api/connectors/oauth/startStart OAuth flow
GET/api/connectors/oauth/callbackOAuth callback
POST/api/connectors/executionsExecute an action
GET/api/connectors/audit-log/:projectIdAudit trail

MethodPathDescription
GET/api/projects/:id/mcp-connectorsList MCP servers attached to the project
POST/api/projects/:id/mcp-connectorsCreate a custom HTTP/SSE project MCP
POST/api/projects/:id/mcp-connectors/from-installation/:installationIdAttach the MCP exposed by a connector installation
GET/api/projects/:id/mcp-connectors/:connectorIdProject MCP detail
PATCH/api/projects/:id/mcp-connectors/:connectorIdUpdate display name, endpoint or tool policy
POST/api/projects/:id/mcp-connectors/:connectorId/testTest MCP server availability
POST/api/projects/:id/mcp-connectors/:connectorId/enableEnable exposure to the project’s agents
POST/api/projects/:id/mcp-connectors/:connectorId/disableDisable exposure to the project’s agents
DELETE/api/projects/:id/mcp-connectors/:connectorIdRemove the MCP from the project

Project MCP servers are scoped to one project and exposed to the provider runtime under a connector_* name. Remote endpoints must use HTTPS; HTTP is accepted only on loopback. Secrets are not copied into the project MCP configuration.


MethodPathDescription
POST/api/workers/:name/invokeInvoke a worker (1-shot)
GET/api/workers/:name/logsInvocation logs

MethodPathDescription
GET/api/fs/read?path=...Read a file
POST/api/fs/writeWrite (allowlist)