Overview
DefenseClaw exposes two HTTP surfaces in the gateway code:
| Surface | Port | Protocol | Purpose |
|---|---|---|---|
| Sidecar API | 18970 | HTTP/1.1 + JSON | Health, status, scanner ingestion, policy evaluation, inventory, alerts, and guardrail runtime config |
| Guardrail proxy | 4000 | HTTP/1.1 + provider-native streaming | OpenAI-compatible chat/model routes, provider-native passthrough, provider registry, and egress reports |
The sidecar API is not uniformly versioned. Some routes are unversioned (/status, /policy/reload), some scanner and guardrail routes are under /v1, and code/network-inspection routes are under /api/v1. The generated REST endpoints page is the canonical route map.
Quick reference
# Health
curl -s http://127.0.0.1:18970/health | jq .
# Status
curl -s http://127.0.0.1:18970/status | jq .
# Trigger a policy reload
curl -s -X POST http://127.0.0.1:18970/policy/reload \
-H "X-DefenseClaw-Client: docs" \
-H "Content-Type: application/json" \
-d '{}' | jq .
# List proxy provider registry entries
curl -s http://127.0.0.1:4000/v1/config/providers | jq '.providers | length'
Section map
| Page | Purpose |
|---|---|
| REST endpoints | Generated sidecar/proxy route map with handlers and source files |
| RPC status | What the scoped gateway sources do and do not expose as RPC |
| Events and streaming | Proxy streaming behavior and the egress event ingestion endpoint |
| Authentication | Sidecar token behavior, proxy token behavior, and CSRF headers |
| Schemas | JSON Schemas generated from schemas/ |
Versioning
There is no single versioning rule for all gateway routes in the scoped source files. Treat the registered path as the contract. When a route is generated from internal/gateway/api.go or internal/gateway/proxy.go, the docs should link to REST endpoints rather than infer a prefix.