contextbay

API Reference

Most endpoints are served under /api/ and return JSON. Authentication is required unless an endpoint is listed as public. The Prometheus scrape endpoint /metrics is intentionally open (Prometheus convention) and lives outside the /api tree.

Authentication

Three methods:

  1. JWT Bearer Authorization: Bearer <token>
  2. Session cookie — set automatically on login
  3. API key X-API-Key: cb_<key>

Roles

RoleCodePermissions
AdminaFull access
OperatorwCRUD resources, container actions, workflows, backups
ViewerrRead-only access

Error Format

{"error": "description of what went wrong"}

Status codes: 400, 401, 403, 404, 409, 500

REST Endpoints

Health & Bootstrap (public)

MethodPathAuthDescription
GET/metricspublicPrometheus scrape endpoint (no /api prefix; cb-prometheus scrapes here)
GET/api/healthpublicHealth check
GET/api/modulespublicList enabled modules
POST/api/enrollpublicWorker enrollment (rate-limited 10/min/IP, requires shared_secret + enroll_token)
POST/api/webhooks/alertmanagerpublicAlertmanager → CB events bridge
POST/api/webhooks/n8n/callbackpublicn8n workflow callbacks
POST/api/webhooks/wazuhpublicWazuh alert webhook (HMAC verified)

Auth

MethodPathAuthDescription
POST/api/auth/loginpublicLog in and obtain JWT + session cookie
POST/api/auth/setuppublicCreate initial admin user (one-time, then disabled)
POST/api/auth/refreshpublicRefresh an expiring JWT
POST/api/auth/logoutrInvalidate current session
GET/api/auth/merGet current user info
POST/api/admin/secrets/rotate-jwtaRotate the JWT signing secret

Users

MethodPathAuthDescription
GET/api/usersaList all users
POST/api/usersaCreate user
GET/api/users/{id}aGet user
PUT/api/users/{id}aUpdate user
DELETE/api/users/{id}aDelete user

API Keys

MethodPathAuthDescription
GET/api/keysrList your API keys
POST/api/keysrCreate API key
DELETE/api/keys/{id}rRevoke API key

Hosts (pending + enrolled)

MethodPathAuthDescription
GET/api/hostsrList hosts (pending + enrolled)
POST/api/hostsaCreate a host placeholder + mint enroll token
GET/api/hosts/{id}rGet host details (token TTL, install snippet)
POST/api/hosts/{id}/fuseaFuse the host once Sentinel + Edge Agent both report in
POST/api/hosts/{id}/retry-fuseaRe-attempt fuse if it stalled
POST/api/hosts/{id}/regenerate-tokenaMint a fresh enroll token (invalidates the old one)
GET/api/hosts/{id}/enroll-attemptsrRecent enroll attempts with reason codes (for the rejection log)
DELETE/api/hosts/{id}aRemove host

Nodes (enrolled)

MethodPathAuthDescription
GET/api/nodesrList all nodes
GET/api/nodes/fleet-statusrFleet health snapshot
GET/api/nodes/{id}rGet node details
DELETE/api/nodes/{id}aRemove node
PUT/api/nodes/{id}/labelswUpdate node labels
GET/api/nodes/{id}/security-policyrGet per-node security policy
PUT/api/nodes/{id}/security-policywUpdate per-node security policy
GET/api/nodes/{id}/censusrLatest deep-system census
POST/api/nodes/{id}/censuswTrigger a fresh census
GET/api/nodes/{id}/census/diffrDiff against the previous census
GET/api/censusrList census snapshots

Mesh (Headscale)

MethodPathAuthDescription
POST/api/mesh/enrollaMint a Headscale pre-auth key for a host
GET/api/mesh/statusaMesh control-plane status
GET/api/mesh/nodesaList nodes in the mesh
GET/api/mesh/nodes/{id}aGet a mesh node
DELETE/api/mesh/nodes/{id}aRemove a mesh node

Containers

MethodPathAuthDescription
GET/api/containersrList containers
POST/api/containerswCreate container
GET/api/containers/{id}rGet container
GET/api/containers/{id}/inspectrDocker inspect
POST/api/containers/{id}/{action}wContainer action (start/stop/restart)
DELETE/api/containers/{id}wRemove container
GET/api/containers/{id}/logsrFetch logs (HTTP, one-shot)
GET/api/containers/{id}/logs/wsrStream logs (WebSocket)
GET/api/containers/{id}/exec/wsaShell exec (WebSocket)
GET/api/containers/statsrContainer stats

Stacks

MethodPathAuthDescription
GET/api/stacksrList all stacks
POST/api/stackswCreate stack
GET/api/stacks/{id}rGet stack
PUT/api/stacks/{id}wUpdate stack
DELETE/api/stacks/{id}wDelete stack
POST/api/stacks/{id}/{action}wStack action (deploy/stop/remove)

Services (compose / swarm services)

MethodPathAuthDescription
GET/api/servicesrList services across endpoints
GET/api/services/{id}rGet service
DELETE/api/services/{id}wRemove service
PUT/api/services/{id}/healthwUpdate CB-tracked health snapshot for a service

Images

MethodPathAuthDescription
GET/api/imagesrList images
POST/api/images/pullwPull image
DELETE/api/images/{id}wRemove image
POST/api/images/prunewPrune unused images

Volumes

MethodPathAuthDescription
GET/api/volumesrList volumes
DELETE/api/volumes/{name}wRemove volume

Networks

MethodPathAuthDescription
GET/api/networksrList Docker networks
DELETE/api/networks/{id}wRemove a network
GET/api/networks/topologyrNetwork topology graph
GET/api/networks/{id}/inspectrInspect a network

Portainer endpoints

MethodPathAuthDescription
GET/api/endpointsaList Portainer endpoints (local + Edge Agents)
POST/api/endpointsaRegister a new endpoint
DELETE/api/endpoints/{id}aRemove an endpoint

Workflows (n8n)

Requires: modules.workflows = true

MethodPathAuthDescription
GET/api/n8n/statusrn8n connection + bootstrap status
GET/api/n8n/workflowsrList n8n workflows (proxied via API key)
GET/api/n8n/workflows/{id}rGet an n8n workflow
POST/api/n8n/workflows/{id}/executewTrigger an n8n workflow
POST/api/n8n/workflows/{id}/activatewActivate / deactivate
DELETE/api/n8n/workflows/{id}wDelete workflow
GET/api/n8n/executionsrList recent executions
GET/api/n8n/event-webhooksrList event-bus → n8n webhook bindings
PUT/api/n8n/event-webhookswUpdate event-bus → n8n webhook bindings

Monitoring (Prometheus + Grafana)

Requires: modules.monitoring = true

MethodPathAuthDescription
GET/api/metrics/queryrQuery time-series metrics (CB cache)
GET/api/metrics/latestrLatest metric values
GET/api/metrics/targetsrConfigured scrape targets
GET/api/metrics/historyrList saved PromQL history entries
POST/api/metrics/historyrSave a PromQL query into history
GET/api/v1/metrics/queryrPrometheus query proxy (PromQL)
POST/api/v1/metrics/queryrPrometheus query proxy (POST form)
GET/api/v1/metrics/query_rangerPrometheus query_range proxy
POST/api/v1/metrics/query_rangerPrometheus query_range proxy (POST form)
GET/api/v1/metrics/seriesrPrometheus series proxy
GET/api/v1/metrics/labelsrPrometheus labels proxy
GET/api/v1/metrics/label/{name}/valuesrPrometheus label values proxy
GET/api/v1/metrics/metadatarPrometheus metric metadata
GET/api/prometheus/targetsrPrometheus target health
GET/api/prometheus/rulesrLoaded recording / alert rules
GET/api/prometheus/statusrPrometheus runtime status
GET/api/grafana/dashboardsrList Grafana dashboards (provisioned + user)
POST/api/grafana/dashboardswCreate / save dashboard
GET/api/grafana/dashboards/{uid}rGet dashboard
DELETE/api/grafana/dashboards/{uid}wDelete dashboard
POST/api/grafana/dashboards/{uid}/starrStar a dashboard
DELETE/api/grafana/dashboards/{uid}/starrUn-star a dashboard
POST/api/grafana/annotationswPush annotation (used by event bus on alerts)

Alerting (Alertmanager-backed)

Requires: modules.alerting = true

MethodPathAuthDescription
GET/api/alertsrList alerts
POST/api/alerts/{id}/acknowledgewAcknowledge alert
POST/api/alerts/{id}/resolvewResolve alert
GET/api/alert-rulesrList alert rules (synced into prometheus.yml)
POST/api/alert-ruleswCreate alert rule
PUT/api/alert-rules/{id}wUpdate alert rule
DELETE/api/alert-rules/{id}wDelete alert rule
GET/api/alertmanager/silencesrList Alertmanager silences
POST/api/alertmanager/silenceswCreate a silence
DELETE/api/alertmanager/silences/{id}wDelete a silence

AI (tiered router: Ollama + Claude)

Requires: modules.ai = true

MethodPathAuthDescription
POST/api/ai/chatrChat completion (SSE when stream: true)
GET/api/ai/modelsrList available models
GET/api/ai/statusrEndpoint health and capabilities
GET/api/ai/router/statusrTiered router state (Ollama vs Claude routing decisions)
GET/api/ai/claude/statusrClaude Agent SDK service status
GET/api/ai/context-previewrPreview the assembled context for a request
POST/api/ai/taskswCreate background AI task
GET/api/ai/tasksrList tasks
GET/api/ai/tasks/{id}rGet task
POST/api/ai/tasks/{id}/cancelwCancel task
POST/api/ai/tasks/{id}/retrywRetry failed task
POST/api/ai/tasks/{id}/confirmwConfirm a task that was waiting for human approval
DELETE/api/ai/tasks/{id}wDelete task (and its transcript)
POST/api/ai/conversationswStart a multi-task conversation
GET/api/ai/conversations/{id}/tasksrList tasks in a conversation
POST/api/ai/sessionswStart a Claude Code session
GET/api/ai/sessionsrList Claude sessions
GET/api/ai/sessions/{id}rGet session (transcript + cost)
PUT/api/ai/sessions/{id}wUpdate session metadata (title, pin, tags)
DELETE/api/ai/sessions/{id}wEnd session
GET/api/ai/modesrList agent modes (autonomous / supervised / read-only)
POST/api/ai/modeswCreate agent mode
PUT/api/ai/modes/{id}wUpdate agent mode
DELETE/api/ai/modes/{id}wDelete agent mode
GET/api/ai/skillsrList Claude skills
GET/api/ai/skills/{id}rGet skill detail
POST/api/ai/skills/{id}/runwRun a skill
GET/api/ai/mcp-serversrList registered MCP servers
POST/api/ai/mcp-serverswRegister an MCP server
GET/api/ai/mcp-servers/{id}/healthrProbe MCP server
PUT/api/ai/mcp-servers/{id}wUpdate MCP server config
DELETE/api/ai/mcp-servers/{id}wRemove MCP server
GET/api/ai/mcp-toolsrList MCP tools exposed to Claude
POST/api/ai/mcp-tools/{name}/testwTest-fire a tool

Security (Wazuh + scanners)

Requires: modules.security = true

MethodPathAuthDescription
GET/api/security/statsrAggregate security stats
GET/api/security/eventsrList security events
GET/api/security/defaultsrGet fleet-wide security defaults
PUT/api/security/defaultsaSet fleet-wide security defaults
GET/api/security/wazuh/agentsrList Wazuh agents
GET/api/security/wazuh/statusrWazuh manager status
GET/api/security/wazuh/bridge-statusrCB→Wazuh bridge status
GET/api/security/wazuh/vulnerabilities/{agentID}rPer-agent vulnerabilities
GET/api/security/wazuh/sca/{agentID}rSCA policies for an agent
GET/api/security/wazuh/sca/{agentID}/checks/{policyID}rSCA checks for a policy on an agent
GET/api/security/wazuh/rulesrLoaded Wazuh rules
GET/api/security/wazuh/rules/{ruleID}rDetail for a specific rule
GET/api/security/wazuh/rules/files/{filename}rRead a rule file
PUT/api/security/wazuh/rules/files/{filename}aUpload / overwrite a rule file
GET/api/security/wazuh/decodersrLoaded decoders
GET/api/security/wazuh/decoders/files/{filename}rRead a decoder file
PUT/api/security/wazuh/decoders/files/{filename}aUpload / overwrite a decoder file
GET/api/security/wazuh/listsrList CDB lists
GET/api/security/wazuh/lists/files/{filename}rRead a CDB list file
PUT/api/security/wazuh/lists/files/{filename}aUpload / overwrite a CDB list file
PUT/api/security/wazuh/logtestaRun a log line through Wazuh's logtest endpoint
POST/api/security/wazuh/active-response/{agentID}aTrigger active response
GET/api/security/wazuh/groupsrList agent groups
POST/api/security/wazuh/groupsaCreate a new agent group
DELETE/api/security/wazuh/groups/{name}aDelete an agent group
GET/api/security/wazuh/groups/{name}/agentsrList agents in a group
PUT/api/security/wazuh/agents/{agentID}/group/{name}aAssign agent to a group
DELETE/api/security/wazuh/agents/{agentID}/group/{name}aRemove agent from a group
GET/api/security/wazuh/groups/{name}/configrRead group config (agent.conf)
PUT/api/security/wazuh/groups/{name}/configaUpdate group config
PUT/api/security/wazuh/agents/{agentID}/upgradeaUpgrade a Wazuh agent
PUT/api/security/wazuh/agents/{agentID}/restartaRestart a Wazuh agent
GET/api/security/wazuh/syscheck/{agentID}/detailedrFIM details for an agent
GET/api/security/wazuh/syscheck/{agentID}/filerFIM details for a single file
GET/api/security/vulnerabilitiesrVulnerability summary across the fleet
GET/api/security/vulnerabilities/{nodeID}rVulnerabilities for a specific node
PUT/api/security/vulnerabilities/{id}/statuswUpdate vuln triage status
POST/api/security/vulnerabilities/auto-trackaAuto-create planner issues for new vulns
GET/api/security/compliance/frameworksrCompliance frameworks
GET/api/security/compliance/historyrCompliance score history
GET/api/security/compliance/mappingsrList rule → control mappings
PUT/api/security/compliance/mappingsaUpsert a compliance mapping
GET/api/security/compliance/{framework}/scorerPer-framework score
GET/api/security/compliance/{framework}/checksrPer-framework checks
GET/api/security/playbooksrRemediation playbooks
POST/api/security/playbooksaCreate a custom playbook
GET/api/security/playbooks/{id}rGet a playbook
DELETE/api/security/playbooks/{id}aDelete a custom playbook
GET/api/security/playbooks/executionsrList playbook executions
POST/api/security/playbooks/{id}/executeaExecute a playbook
POST/api/security/playbooks/executions/{executionID}/rollbackaRollback a playbook execution
GET/api/security/correlaterCorrelate events across sources
GET/api/security/timelinerSecurity event timeline
GET/api/security/soc/overviewrSOC overview

Knowledge / Brain

Requires: modules.knowledge = true

MethodPathAuthDescription
GET/api/pagesrList pages (search with ?q=)
GET/api/pages/graphrGet link graph
GET/api/pages/tagsrList tags with counts
GET/api/pages/{path...}rGet page by path
PUT/api/pages/{path...}wCreate or update page
POST/api/pages/{path...}wCreate or update page (API-key-friendly alias)
DELETE/api/pages/{path...}wDelete page
GET/api/page-history/{path...}rList previous versions of a page
GET/api/page-version/{id}rGet a specific version
GET/api/knowledge/searchrRAG search (Ollama embeddings)
GET/api/knowledge/statsrRAG index stats
GET/api/knowledge/seed-statusrSeeded-doc status
GET/api/knowledge/project-statusrPer-project doc-coverage status (which projects have a Brain page)
POST/api/knowledge/regenerate-docswRegenerate seeded docs from in-tree templates

Project Planner

Requires: modules.planner = true

MethodPathAuthDescription
POST/api/planner/projectswCreate project
GET/api/planner/projectsrList projects
GET/api/planner/projects/{id}rGet project
PUT/api/planner/projects/{id}wUpdate project
DELETE/api/planner/projects/{id}wDelete project
GET/api/planner/projects/{id}/statsrProject stats
GET/api/planner/projects/{id}/agent-summaryrCompact summary for AI agents
GET/api/planner/projects/{id}/boardrKanban board
GET/api/planner/projects/{id}/timelinerGantt-style timeline
GET/api/planner/projects/{id}/backlogrBacklog
GET/api/planner/projects/{id}/searchrSearch issues within a project
GET/api/planner/projects/{id}/velocityrSprint velocity
GET/api/planner/projects/{id}/velocity/predictrPredicted velocity
GET/api/planner/projects/{id}/cycle-timerCycle-time stats
POST/api/planner/projects/{id}/issueswCreate issue
GET/api/planner/projects/{id}/issuesrList issues
GET/api/planner/issues/{id}rGet issue
PUT/api/planner/issues/{id}wUpdate issue
DELETE/api/planner/issues/{id}wDelete issue
PATCH/api/planner/issues/{id}/statuswMove issue across columns
PATCH/api/planner/issues/{id}/sprintwAssign issue to a sprint
PATCH/api/planner/issues/{id}/prioritywUpdate issue priority
POST/api/planner/issues/bulkwBulk update issues
POST/api/planner/issues/from-specwCreate issues from a structured spec
POST/api/planner/issues/from-agentwCreate issue from an AI agent suggestion
POST/api/planner/issues/{id}/agent-notewAppend an agent-authored note
GET/api/planner/issues/{id}/commentsrList comments on an issue
POST/api/planner/issues/{id}/commentswCreate comment
DELETE/api/planner/comments/{id}wDelete comment
GET/api/planner/issues/{id}/dependenciesrList dependencies
POST/api/planner/issues/{id}/dependencieswAdd dependency
DELETE/api/planner/issues/{id}/dependencies/{depId}wRemove dependency
POST/api/planner/projects/{id}/sprintswCreate sprint
GET/api/planner/projects/{id}/sprintsrList sprints
GET/api/planner/sprints/{id}rGet sprint
PUT/api/planner/sprints/{id}wUpdate sprint
DELETE/api/planner/sprints/{id}wDelete sprint
POST/api/planner/sprints/{id}/startwStart sprint
POST/api/planner/sprints/{id}/completewComplete sprint
GET/api/planner/sprints/{id}/burndownrSprint burndown
GET/api/planner/projects/{id}/viewsrList saved views
POST/api/planner/projects/{id}/viewswCreate saved view
GET/api/planner/views/{id}rGet saved view
PUT/api/planner/views/{id}wUpdate saved view
DELETE/api/planner/views/{id}wDelete saved view
PUT/api/planner/projects/{id}/views/reorderwReorder saved views
GET/api/planner/issues/{id}/fieldsrList custom fields on an issue
PUT/api/planner/issues/{id}/fieldswUpsert custom fields
DELETE/api/planner/issues/{id}/fields/{key}wDelete a custom field
GET/api/planner/projects/{id}/field-keysrList custom field keys defined in a project
GET/api/planner/contextrCompact planner context for AI prompts

Pipeline (platform validation)

MethodPathAuthDescription
GET/api/pipeline/distrosrAvailable test distros
POST/api/pipeline/runwRun a validation suite (infra / network / security / backup / drift)

Backups

Requires: modules.backups = true

MethodPathAuthDescription
GET/api/backup-jobsrList backup jobs
POST/api/backup-jobswCreate backup job
GET/api/backup-jobs/{id}rGet backup job
PUT/api/backup-jobs/{id}wUpdate backup job
DELETE/api/backup-jobs/{id}wDelete backup job
POST/api/backup-jobs/{id}/runwTrigger manual backup
GET/api/backup-jobs/{id}/recordsrList backup records
POST/api/backup-jobs/{id}/records/{rid}/restorewRestore from a record
GET/api/backup-jobs/{id}/records/{rid}/downloadrDownload an archive
POST/api/backup-jobs/{id}/records/{rid}/verifywVerify a record's checksum

Project Registry (manual project records)

MethodPathAuthDescription
GET/api/projectsrList projects (filters: tag, status, has_stack, q, include=system)
POST/api/projectswCreate project
GET/api/projects/{id}rGet project
PATCH/api/projects/{id}wPartial update
DELETE/api/projects/{id}wDelete project
POST/api/projects/{id}/redeploywRedeploy the linked Portainer stack
GET/api/projects/{id}/claude-contextrClaude-context bundle for AI grounding
GET/api/projects/localrScan the master's data volume for git repos

Bookmarks

MethodPathAuthDescription
GET/api/bookmarksrList bookmarks
POST/api/bookmarkswCreate bookmark
GET/api/bookmarks/{id}rGet bookmark
PUT/api/bookmarks/{id}wUpdate bookmark
DELETE/api/bookmarks/{id}wDelete bookmark

Discovery

MethodPathAuthDescription
GET/api/discoveryrList discovered items (auto-detected services + endpoints)
GET/api/discovery/bookmarkedrList bookmarked discovery items
POST/api/discovery/{id}/bookmarkwBookmark a discovery item

Notification channels

MethodPathAuthDescription
GET/api/notification-channelsaList notification channels (Discord, webhook, n8n)
POST/api/notification-channelsaCreate channel
PUT/api/notification-channels/{id}aUpdate channel
DELETE/api/notification-channels/{id}aDelete channel
POST/api/notification-channels/{id}/testaSend a test notification

Favorites

MethodPathAuthDescription
GET/api/favoritesrList favorites for the current user
POST/api/favoritesrAdd a favorite
DELETE/api/favorites/{type}/{id}rRemove a favorite
GET/api/favorites/{type}/{id}rCheck if a resource is favorited

Environment templates

MethodPathAuthDescription
GET/api/env-templatesrList env templates
POST/api/env-templateswCreate env template
GET/api/env-templates/{id}rGet env template
PUT/api/env-templates/{id}wUpdate env template
DELETE/api/env-templates/{id}wDelete env template

Credentials

MethodPathAuthDescription
GET/api/credentialsaList credentials (encrypted at rest)
POST/api/credentialsaCreate credential
GET/api/credentials/{id}aGet credential
PUT/api/credentials/{id}aUpdate credential
DELETE/api/credentials/{id}aDelete credential

Sub-containers (admin)

MethodPathAuthDescription
GET/api/admin/subcontainersaList the cb-* fleet (Headscale, Prometheus, Grafana, n8n, Wazuh, Loki, Tempo, Pyroscope, Ollama, Alertmanager)
GET/api/admin/subcontainers/{name}aGet a sub-container's status
GET/api/admin/subcontainers/{name}/healthaHealth probe
GET/api/admin/subcontainers/{name}/logsaRecent logs
POST/api/admin/subcontainers/{name}/restartaRestart
POST/api/admin/subcontainers/{name}/deployaRe-deploy via Portainer API
PUT/api/admin/subcontainers/{name}/configaUpdate stack config
DELETE/api/admin/subcontainers/{name}aRemove the stack

App Catalog

Requires: modules.catalog = true

MethodPathAuthDescription
GET/api/catalogrList templates
GET/api/catalog/categoriesrList categories
POST/api/catalogwCreate custom template
GET/api/catalog/{id}rGet template details
PUT/api/catalog/{id}wUpdate template
DELETE/api/catalog/{id}wDelete template

Proxy Routes

Requires: modules.proxy_routes = true

MethodPathAuthDescription
GET/api/proxy-routesrList proxy routes
POST/api/proxy-routesaCreate route
PUT/api/proxy-routes/{id}aUpdate route
DELETE/api/proxy-routes/{id}aDelete route

Webhooks

Requires: modules.webhooks = true

MethodPathAuthDescription
GET/api/webhook-targetsaList targets
POST/api/webhook-targetsaCreate target
PUT/api/webhook-targets/{id}aUpdate target
DELETE/api/webhook-targets/{id}aDelete target
POST/api/webhook-targets/{id}/testaFire a test webhook against the target

Discord (optional)

MethodPathAuthDescription
GET/api/discord/statusaBot connection + guild status
GET/api/discord/commandsaRegistered slash commands
GET/api/discord/agentsaBot-side agent state
GET/api/discord/activityaRecent bot activity
POST/api/discord/testaSend a test message to a configured channel
POST/api/discord/simulateaInject a synthetic event into the bot's handler

Settings + module config

MethodPathAuthDescription
GET/api/settings/{key}aRead a CB setting
PUT/api/settings/{key}aWrite a CB setting
GET/api/config/{module}aRead live module config
PUT/api/config/{module}aWrite live module config

Other

MethodPathAuthDescription
GET/api/notificationsrList notifications
POST/api/notifications/testwTest the notification dispatcher
GET/api/auditaList audit entries
GET/api/analyticsrQuery analytics events
GET/api/activityrRecent activity feed
GET/api/searchrGlobal search (Ctrl+K)
GET/api/exportaExport all configurations
POST/api/importaImport configurations
GET/api/topologyrCluster topology graph
GET/api/integrations/statusaStatus of every integration (n8n, Wazuh, Headscale, Grafana, …)
GET/api/system/infoaMaster system info
GET/api/health-checksrHealth-check definitions
GET/api/terminal/wsaWeb terminal (WebSocket)

gRPC Services

Worker-to-master communication uses Protocol Buffers. Definitions are in proto/contextbay/v1/.

ServiceRPCDescription
NodeServiceRegisterWorker sends hardware info, gets node ID
NodeServiceHeartbeatPeriodic health pings with stats
NodeServiceReportMetricsStreaming system + container metrics
NodeServiceReportEventsStreaming Docker / security events
CommandServiceCommandStreamBidirectional stream for log + exec session proxying. Container CRUD goes through Portainer, not gRPC.

WebSocket Events

Connect to /api/ws for real-time events. Events are JSON objects:

{"type": "node.status", "payload": {"node_id": "abc", "status": "healthy"}}
{"type": "container.update", "payload": {"id": "xyz", "state": "running"}}
{"type": "alert.fired", "payload": {"id": "alert-1", "severity": "warning"}}
{"type": "notification", "payload": {"title": "Backup complete", "body": "..."}}