--- title: "API and Audit Registries" canonical: "https://helm.docs.mindburn.org/reference/api-and-audit-registries" source: "helm-ai-enterprise/docs/public/reference/api-and-audit-registries.md" edit: "https://github.com/Mindburn-Labs/helm-ai-enterprise/edit/main/docs/public/reference/api-and-audit-registries.md" section: "reference" access: "public" sensitivity: "public" last_reviewed: "2026-05-05" checksum_sha256: "sha256:daa9ed36408d848ac5e10836db3cbc563f5a3b32e94bac473b7485a60e3509e7" build_timestamp: "2026-05-24T13:40:27.882Z" --- # API and Audit Registries This page maps the public reference docs to HELM's OpenAPI, endpoint registry, config registry, contract registry, schema-version guide, and API lifecycle material. The active backend source for these registries is `apps/controlplane`. HELM Console has one browser API backend and one route registry. ## Audience Use this page if you build against HELM APIs, review control-plane contracts, or audit whether route, config, and schema changes are tracked. ## Outcome You should know which file owns each reference surface and which public export or docs page to use for implementation. ## Registry Flow ```mermaid flowchart TD subgraph Ingestion["1. Ingestion & Context Plane"] router["Control-plane router"] endpoints["Endpoint registry"] config["Config sources"] configRegistry["Config registry"] contractRegistry["Contract registry"] schemas["Schema versions"] schemaGuide["Schema version guide"] openapi["openapi"] docs["Public reference docs"] end subgraph Execution["3. Execution & Verdict Plane"] contracts["Runtime contracts"] end %% Operational Flow Edges router --> endpoints config --> configRegistry contracts --> contractRegistry schemas --> schemaGuide openapi --> docs configRegistry --> docs contractRegistry --> docs schemaGuide --> docs %% Premium Styling Rules style contracts fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff ``` ## Reference Surfaces | Surface | Source truth | Public use | | --- | --- | --- | | OpenAPI | `api/openapi/helm.openapi.yaml` source, mirrored to `docs/api/openapi.yaml` | `/openapi.yaml` and `/reference` | | API lifecycle | `docs/api/API_LIFECYCLE.md` | Versioning, compatibility, and deprecation expectations. | | API changelog | `docs/api/CHANGELOG.md` | Public API change history. | | Endpoint registry | `docs/audit/API_ENDPOINTS.md` | Generated route inventory for reviewer alignment. | | Config registry | `docs/audit/CONFIG_REGISTRY.md` | Runtime and deployment configuration source map. | | Contract registry | `docs/audit/CONTRACT_REGISTRY.md` | Contract ownership and compatibility map. | | Schema version guide | `docs/audit/SCHEMA_VERSION_GUIDE.md` | Schema evolution and compatibility rules. | | SDK docs | `docs/public/reference/sdks/` | SDK references and contract versioning. | | CLI v3 evidence format | `docs/public/reference/cli-v3/format.md` | Evidence bundle and Merkle format. | | CLI v3 keys | `docs/public/reference/cli-v3/keys.md` | Signing-key lifecycle and verification behavior. | ## Active Boundary - Treat `apps/controlplane/internal/http/router.go`, the Console route registry, and `api/openapi/helm.openapi.yaml` as the canonical API inventory. - Do not add a second browser API backend, standalone proof service, or duplicate route registry. ## Source Truth - `docs/11_API_REFERENCE.md` - `api/openapi/helm.openapi.yaml` (source) - `docs/api/openapi.yaml` (generated public mirror) - `docs/api/API_LIFECYCLE.md` - `docs/audit/API_ENDPOINTS.md` - `docs/audit/CONFIG_REGISTRY.md` - `docs/audit/CONTRACT_REGISTRY.md` - `docs/audit/SCHEMA_VERSION_GUIDE.md` ## Troubleshooting | Problem | Check | | --- | --- | | Route exists in code but not docs | Regenerate or update `docs/audit/API_ENDPOINTS.md`, then update `/reference`. | | API docs disagree with OpenAPI | Regenerate `docs/api/openapi.yaml` from `api/openapi/helm.openapi.yaml`; do not edit the mirror by hand. | | SDK version behavior is unclear | Check `/reference/sdks` and `/reference/sdks/contract-versioning`. | | Config behavior is ambiguous | Check `CONFIG_REGISTRY.md` and deployment docs before changing public docs. | ## Operational Readiness Use this page as the public operating layer for **API and Audit Registries**. The source of truth is `helm-ai-enterprise/docs/public/reference/api-and-audit-registries.md`; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing. Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, `llms-full.txt`, and MCP without exposing protected routes. Validation command: `corepack pnpm run docs:coverage && corepack pnpm run docs:truth`. For website parity, also run `npm run exports:boundary` and `npm run thin-pages:check` from `docs-platform`. ### Expected Output A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread. ### Failure Modes If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.