teams
Console API
After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim. Public route:Audience
Outcome
After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim.
Source Truth
- Public route:
product/console-api - Source document:
helm-ai-enterprise/docs/public/product/console-api.md - Control-plane router:
apps/controlplane/internal/http/router.go - Console route registry:
apps/controlplane/internal/console/route_registry.go - Console handler mount:
apps/controlplane/internal/console/facade.go - OpenAPI source:
api/openapi/helm.openapi.yaml - Public manifest:
helm-ai-enterprise/docs/public-docs.manifest.json - Source inventory:
helm-ai-enterprise/docs/source-inventory.manifest.json - Validation:
corepack pnpm run docs:coverage,corepack pnpm run docs:truth, andgo test ./apps/controlplane/internal/http ./apps/controlplane/internal/console
Do not expand this page with unsupported product, SDK, deployment, compliance, or integration claims unless the inventory manifest points to code, schemas, tests, examples, or an owner doc that proves the claim.
Troubleshooting
| Symptom | First check |
|---|---|
| A link or route is missing from the docs website | Check docs/public-docs.manifest.json, llms.txt, search, and the per-page Markdown export before changing navigation. |
| A claim is not backed by code or tests | Remove the claim or add the missing code, example, schema, or validation command before publishing. |
The HELM Operator Console uses apps/controlplane as its single browser API backend. All endpoints require authenticated session authority unless explicitly listed as public. The canonical Console route registry is apps/controlplane/internal/console/route_registry.go; this page is a public summary, not a second contract.
Authentication
Session, refresh, reauth, and WebAuthn ceremony endpoints live under /api/auth/*. Workspace-scoped routes derive tenant and workspace authority on the server. Public proof routes bypass private session context only when they return redaction-safe metadata.
Console/API Matrix
| Class | Route family | Source owner | Auth |
|---|---|---|---|
| Health | /health, /health/live, /health/ready |
internal/http/router.go |
Public |
| Auth and session | /api/auth/*, /api/session |
internal/auth, internal/platform |
Session, except WebAuthn login begin/finish |
| Bootstrap and workspaces | /api/bootstrap*, /api/workspaces*, /api/entitlements |
internal/platform |
Session |
| Console canonical API | /api/v1/workspaces*, /api/v1/marketplace/connectors* |
internal/console/route_registry.go |
Session |
| Public verification | /api/v1/signing-key, /api/v1/verify, /api/v1/replays*, /api/public/* |
internal/console, internal/platform, internal/runtime |
Public, redacted, read-only |
| Ops and connector drift | /api/ops*, /api/connectors* |
internal/ops |
Session |
| Billing and audit | /api/billing*, /api/audit* |
internal/billing, internal/audit |
Session; tenant path routes enforce tenant match |
| WebSocket hints | /ws/console, /ws/telemetry |
internal/ws |
Deployment/session dependent |
Endpoint Reference
Health And Session
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET | /health |
Process health | Public |
| GET | /health/live |
Liveness check | Public |
| GET | /health/ready |
Readiness check including required dependencies | Public |
| GET | /api/auth/session |
Current authenticated browser session | Session |
| POST | /api/auth/refresh |
Rotate persisted session | Session |
| POST | /api/auth/reauth |
Create a short-lived reauth grant | Session |
| POST | /api/auth/webauthn/register/begin |
Begin WebAuthn registration ceremony | Session |
| POST | /api/auth/webauthn/register/finish |
Finish WebAuthn registration ceremony | Session |
| POST | /api/auth/webauthn/login/begin |
Begin WebAuthn login ceremony | Public |
| POST | /api/auth/webauthn/login/finish |
Finish WebAuthn login ceremony | Public |
Public Proof And Replay
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET | /api/public/verify/{receiptId} |
Verify a public-safe receipt reference | Public |
| GET | /api/public/evidence/{bundleId} |
Read redacted evidence bundle metadata | Public |
| GET | /api/public/approval/{approvalId} |
Read public approval metadata | Public |
| GET | /api/v1/signing-key |
Publish the receipt verification signing key | Public |
| POST | /api/v1/verify |
Verify a receipt payload | Public |
| GET | /api/v1/replays |
List published replay manifests | Public |
| GET | /api/v1/replays/{id} |
Read one published replay manifest | Public |
Workspace And Operator State
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET/POST | /api/workspaces |
Control-plane workspace list/create used during bootstrap | Session |
| GET/POST | /api/bootstrap/* |
Workspace bootstrap and activation progress | Session |
| GET | /api/snapshot |
Authoritative Console snapshot | Session |
| GET/POST/DELETE | /api/v1/workspaces* |
Console workspace CRUD, runs, approvals, tools, policy, tasks, actions, channels, skills, knowledge, evidence, legal holds, and jurisdictions | Session |
Packs, Marketplace, Ops, And Billing
| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET/POST/DELETE | /api/packs* |
Pack listing, verification, install planning, install, and removal | Session |
| GET/POST | /api/registry* |
Registry compatibility paths backed by controlplane pack handlers | Session |
| GET/POST | /api/ops* |
Incidents, plans, blast radius, freeze, throttle, resume, quarantine, and resync | Session |
| GET/POST | /api/connectors* |
Connector drift, shim list, and shim activation | Session |
| GET/POST | /api/billing* |
Plans, usage, budget, and overview | Session with tenant path check |
| GET/POST | /api/audit* |
Audit bundle, evidence pack, and verification endpoints | Session |
| GET/POST | /api/v1/marketplace/connectors* |
Canonical connector marketplace routes | Session |
Console Route Registry Areas
| Area | Routes | Notes |
|---|---|---|
workspaces |
create, list, get, delete | Workspace IDs are path-scoped. |
runs |
submit, list, get | Run records include plan, policy, verdict, receipt, and evidence fields. |
approvals |
list, get, resolve | Approval records become evidence; they do not grant execution outside policy. |
tools and policy |
import tools, draft/compile/activate/read policy | Policy activation must remain auditable. |
workstation |
receipt import, run list, run detail, denied timeline, memory review, loop registry | Workstation routes store parsed receipts and selected-effect decisions, not raw chat history. |
tasks, actions, channels |
task control, action decisions, collaboration sessions | Operator workflow surfaces. |
skills and knowledge |
candidate review, promotion/rejection, claim review | Governance review surfaces. |
evidence, legal-holds, jurisdictions |
evidence packs, replay, legal holds, jurisdiction list | Retention and export-sensitive surfaces. |
marketplace |
connector read/install/disable | Activation remains authorization-protected. |
Error Responses
Canonical Console /api/v1/* handlers return JSON errors with this shape:
{
"error": "detail",
"message": "operator-safe summary",
"code": 400
}
| Code | Meaning |
|---|---|
| 400 | Bad Request — invalid parameters |
| 401 | Unauthorized — missing or invalid token |
| 403 | Forbidden — insufficient permissions |
| 404 | Not Found — resource does not exist |
| 405 | Method Not Allowed |
| 429 | Too Many Requests |
| 500 | Internal Server Error |
Some compatibility handlers still use Go http.Error until they are converted. Do not document a route as fully canonical unless it is covered by the controlplane route registry and route-contract tests.
Redaction Boundary
Public Console API examples may include route names, sample IDs, receipt IDs, bundle IDs, hashes, public signing keys, and verification statuses. They must not include session cookies, customer payloads, provider credentials, private signing keys, raw evidence bundle contents, or production database URLs.
Public proof routes are read-only. Workspace, ops, billing, audit, and marketplace mutation routes require session authority and should not be presented as public integration endpoints.
Contract Rule
New Console capability work must be added to apps/controlplane, reflected in apps/controlplane/internal/console/route_registry.go when it is part of the Console /api/v1 surface, consumed through the canonical frontend API client layer, and covered by route-contract tests. Do not reintroduce a second browser backend or undocumented public proof surface.
Diagram
flowchart TD
subgraph Ingestion["1. Ingestion & Context Plane"]
source["Operator Console API"]
auth["Session and WebAuthn"]
snapshot["Authoritative Snapshot"]
ops["Governed Ops"]
controlplane["apps/controlplane"]
registry["Route Registry and Contract Tests"]
end
subgraph Ledger["4. Tamper-Evident Ledger Plane"]
proof["Public Proof"]
end
%% Operational Flow Edges
source --> auth
source --> snapshot
source --> proof
source --> ops
auth --> controlplane
snapshot --> controlplane
proof --> controlplane
ops --> controlplane
controlplane --> registry
%% Premium Styling Rules
style proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fffMermaid source
flowchart TD
subgraph Ingestion["1. Ingestion & Context Plane"]
source["Operator Console API"]
auth["Session and WebAuthn"]
snapshot["Authoritative Snapshot"]
ops["Governed Ops"]
controlplane["apps/controlplane"]
registry["Route Registry and Contract Tests"]
end
subgraph Ledger["4. Tamper-Evident Ledger Plane"]
proof["Public Proof"]
end
%% Operational Flow Edges
source --> auth
source --> snapshot
source --> proof
source --> ops
auth --> controlplane
snapshot --> controlplane
proof --> controlplane
ops --> controlplane
controlplane --> registry
%% Premium Styling Rules
style proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff