Server API
CLI-JAW exposes 201 route handlers including the root page, with 200 API/media endpoints across extracted route modules and mounted sub-routers.
Base URLs
http://localhost:3457 # Core server (jaw serve)
http://localhost:24576 # Manager dashboard (jaw dashboard serve)
Authentication
Loopback requests are accepted without a Bearer token for local use. Remote/private-network requests need a Bearer token unless trusted LAN bypass is explicitly enabled. Bootstrap a token with GET /api/auth/token from same-origin or CLI contexts.
Route Groups
| Group | Representative endpoints |
|---|---|
| Core/system | GET /api/health, GET /api/session, GET /api/runtime, GET /api/auth/token |
| Messages/sessions | GET /api/messages, GET /api/messages/count, GET /api/messages/search, GET|POST /api/chat-sessions, POST /api/chat-sessions/:id/switch |
| Events | GET /api/events SSE channel with replay cursor support |
| Commands | POST /api/command, GET /api/commands, POST /api/message |
| Agent control | POST /api/stop, POST /api/clear, POST /api/session/reset |
| Orchestration | GET /api/orchestrate/state, PUT /api/orchestrate/state, POST /api/orchestrate/dispatch, POST /api/orchestrate/dispatch/batch, GET /api/orchestrate/worker-progress |
| Goals/tasks | GET /api/goal, GET /api/goal/history, POST /api/goal, GET /api/goal-run, GET /api/goal-run/preflight, POST /api/goal-run, GET|POST /api/task |
| Settings/runtime | GET|PUT /api/settings, GET /api/cli-registry, GET /api/cli-status, GET /api/quota, POST /api/pi/profiles/register |
| MCP/skills | GET|PUT /api/mcp, POST /api/mcp/sync, POST /api/mcp/install, GET /api/skills, POST /api/skills/enable |
| Memory | GET /api/jaw-memory/search, GET /api/jaw-memory/context, POST /api/jaw-memory/save, GET /api/memory/status, POST /api/memory/reindex |
| Browser/CDP | POST /api/browser/start, GET /api/browser/status, GET /api/browser/snapshot, POST /api/browser/act, POST /api/browser/fetch, tab/debug endpoints, POST /api/browser/web-ai/code, POST /api/browser/web-ai/code-extract, and other /api/browser/web-ai/* routes |
| Messaging/media | POST /api/upload, POST /api/voice, POST /api/channel/send, POST /api/telegram/send, POST /api/discord/send, GET /media/:filename |
| Traces/security | GET /api/traces/:runId, GET /api/traces/:runId/events, GET /api/security-audit/entries, GET /api/security-audit/verify |
| Jaw CEO | GET /api/jaw-ceo/state, message/query/docs edit, settings, events, pending, watch/audit, voice, confirmations |
| Dashboard sub-routes | /api/dashboard/board/*, /api/dashboard/schedule/*, dashboard memory/chat/git/connector routes on the manager server |
Canonical Channel Send
POST /api/channel/send is the canonical outbound channel send endpoint. /api/telegram/send and /api/discord/send remain direct/compatibility paths.
Detailed Reference
For exact route counts, mutation guards, and WebSocket/SSE event names, use structure/server_api.md. The structure gate bash structure/check-doc-drift.sh validates this source-of-truth table against local source.