Skip to content

[Server] Separate UI and agent API endpoints #75

Closed
Closed
[Server] Separate UI and agent API endpoints#75
Labels
area:serverGo server, listeners, APIs, and storagearea:uiStatic operator web interfacepriority:p1High-priority near-term worktype:stabilizationReliability, lifecycle, tests, and prototype hardening

Description

@Darkroom4364
Darkroom4364
opened on Jun 13, 2025

Current state:

  • UI routes, operator API routes, WebSocket routes, and agent polling routes all live in the same server process and route namespace.
  • This was acceptable for thesis/prototype testing, but it makes local operator controls and agent-facing endpoints harder to secure independently.

Why this matters:

  • Operator-only APIs such as listener management, payload generation, file drop, logs, and server terminal need different trust assumptions than agent polling.
  • Agent endpoints should stay minimal and stable, while operator endpoints can require authentication, CSRF/origin checks, and richer audit logging.

Acceptance criteria:

  • Define an explicit route split for operator UI/API, WebSockets, and agent listener endpoints.
  • Document which endpoints are intended to be exposed to agents and which are local/operator-only.
  • Make the configured web/API port and listener ports unambiguous in docs and UI code.
  • Add a small smoke test or documented manual test for command queueing after the split.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:serverGo server, listeners, APIs, and storagearea:uiStatic operator web interfacepriority:p1High-priority near-term worktype:stabilizationReliability, lifecycle, tests, and prototype hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions