API Reference

REST API endpoints for the LockStock platform

Gateway Endpoints

The d3cipher Gateway exposes these endpoints on port 4000.

GET /healthz
Liveness probe. Returns 200 if the gateway is up and the d3cipher cloud is reachable. 
curl http://gateway-host:4000/healthz
# {"status": "ok", "agents_active": 3, "inflight": 0}
GET /metrics
Prometheus-compatible metrics: request count, rejection count, latency per agent.

Supported Paths

Every path below is stamped, encrypted, and forwarded through the governance middleware. Identify the agent via the X-D3cipher-Agent header (or set AGENT_ID on the container for a default).

Path Task Type Provider
POST /v1/chat/completions CHATCOMPLETION OpenAI, Ollama, any OpenAI-compatible
POST /v1/messages CHATCOMPLETION Anthropic (native Messages API)
POST /v1/completions COMPLETION OpenAI
POST /v1/embeddings EMBEDDING OpenAI
POST /v1/images/generations IMAGEGENERATION OpenAI (DALL-E)
POST /v1/audio/transcriptions TRANSCRIPTION OpenAI (Whisper)
POST /v1/audio/speech TEXTTOSPEECH OpenAI (TTS)
GET /v1/models Passthrough (not stamped)

Request and response are stamped separately (e.g., CHATCOMPLETION on the way in, CHATCOMPLETIONRESPONSE on the way out), so the chain records both sides of every conversation.

Three Provider Modes

The gateway resolves which provider each agent uses (from server settings or environment variables) and selects the right proxy automatically. Different agents can use different providers through the same gateway.

Mode Client Speaks Upstream Translation
openai (default) OpenAI Chat API OpenAI, Ollama, any compatible None — dumb forward proxy
anthropic-native Anthropic Messages API Anthropic None — passthrough. Beta headers merged and forwarded.
anthropic OpenAI Chat API Anthropic OpenAI → Anthropic on request, Anthropic → OpenAI on response

Examples

OpenAI — POST /v1/chat/completions
curl http://gateway-host:4000/v1/chat/completions \
  -H "Authorization: Bearer sk-your-openai-key" \
  -H "X-D3cipher-Agent: customer-support-bot" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4", "messages": [{"role": "user", "content": "Hello"}]}'
Anthropic Native — POST /v1/messages
For agents configured as anthropic-native. The gateway forwards the Anthropic Messages API as-is, stamps the request, and merges any anthropic-beta headers with the server config. 
curl http://gateway-host:4000/v1/messages \
  -H "x-api-key: sk-ant-your-anthropic-key" \
  -H "anthropic-version: 2023-06-01" \
  -H "anthropic-beta: prompt-caching-2024-07-31" \
  -H "X-D3cipher-Agent: research-assistant" \
  -H "Content-Type: application/json" \
  -d '{"model": "claude-sonnet-4-20250514", "max_tokens": 1024,
       "messages": [{"role": "user", "content": "Hello"}]}'
Anthropic via OpenAI format — POST /v1/chat/completions
For agents configured as anthropic (translation mode). Your client sends OpenAI format, the gateway translates to Anthropic Messages API on the way in, and translates back on the way out. Your code doesn't change. 
curl http://gateway-host:4000/v1/chat/completions \
  -H "Authorization: Bearer sk-ant-your-anthropic-key" \
  -H "X-D3cipher-Agent: sales-agent" \
  -H "Content-Type: application/json" \
  -d '{"model": "claude-sonnet-4-20250514", "messages": [{"role": "user", "content": "Hello"}]}'

Dashboard API

Authenticated with the Admin Key (lsk_admin_*) via Authorization: Bearer header.

GET /api/guard/fleet
List all agents with status, sequence depth, velocity, and risk scores.
GET /api/guard/audit-logs?agent_id=...&limit=50
Retrieve audit log entries. Filter by agent, date range, event type.
POST /api/guard/agent/{id}/token-budget
Set or update the token budget for an agent. Body: {"budget": 100000}
POST /api/guard/circuit-breaker/override
Manually lock or unlock an agent's circuit breaker. Body: {"agent_id": "...", "action": "unlock"}
POST /v1/agents/provision
Provision a new agent. Returns agent_id and genesis token. Body: {"agent_name": "my-agent", "authorized_tasks": ["all"]}
POST /v1/agents/claim
Claim a provisioned agent by burning the genesis token. Creates the chain genesis block. Body: {"genesis_token": "..."}

Agent-to-Agent Endpoints

Endpoints for verified agent collaboration. Agents authenticate each other using their cryptographic chain identity.

POST /api/a2a/task
Submit a task from one agent to another. Both agents must belong to the same account. The server verifies the sending agent's chain identity before delivery. Both chains record the interaction for audit purposes.
POST /api/a2a/cross-link
Complete an agent-to-agent handshake. The receiving agent confirms task receipt by referencing the sender's chain head, creating mutual non-repudiation.
GET /v1/verify/{agent_id}
Verify an agent's chain credential. Returns status: current, stale, frozen, or revoked. Supports ?tolerance=N for handshake tolerance windows. No authentication required (credential tier is public).
GET /v1/agents/{agent_id}/card
Per-agent identity card with live chain metadata, gateway URL, and capabilities. Used for agent discovery in multi-agent workflows.

HTTP Status Codes

200 OK
Request stamped and forwarded successfully.
403 Forbidden
Gateway key used for an admin endpoint, admin key used where gateway key is expected, or fingerprint mismatch (stamp from unauthorized machine). Check your key type and allowed machines.
409 Conflict
Chain hash mismatch. The agent's prev_hash doesn't match the server's last_hash. This means the chain has forked — a duplicate agent, a replay attempt, or a cloned credential. The stamp is rejected and the action is blocked. Investigate immediately.
429 Too Many Requests
Agent is locked (circuit breaker tripped, token budget exhausted, or manual lock). Unlock from dashboard.
503 Service Unavailable
d3cipher cloud unreachable. Check network connectivity.

Need help? Email hello@d3cipher.ai or view the Gateway Quickstart