proofgate • API

Endpoints

GET /health
Minimal liveness check

200

GET /v1/health
Diagnostics (no secrets)

200

POST /v1/decide
Policy decision + receipt (may require approval)

200 / 400

POST /v1/approve
Approve a pending intent (TOCTOU re-check at approval time)

200 / 400 / 403 / 404

POST /v1/execute
Decide + execute if allowed (or mint approvalToken)

200 / 400 / 403

Quick test

curl -s ${ORIGIN:-http://127.0.0.1:8790}/v1/health | jq

Decide example (shape)

curl -s -X POST ${ORIGIN:-http://127.0.0.1:8790}/v1/decide \
  -H 'content-type: application/json' \
  -d '{
    "intent": { "kind": "..." },
    "meta": { "requestId": "demo" }
  }' | jq

Server time: 2026-06-14T06:19:35.003Z

Vercel-safe • no long-lived listen in prod

Runtime

service

proofgate

version

0.1.0

auditDir

database

signerEnabled

true

policyPath

/var/task/proofgate/policy.json

health snapshot

{
  "ok": true,
  "service": "proofgate",
  "version": "0.1.0",
  "auditDir": "database",
  "policyPath": "/var/task/proofgate/policy.json",
  "policyFromDisk": true,
  "signerEnabled": true
}

Live health: not loaded

proofgate API