Inactu Control
ContactInspect Source

Docs

Inactu Control Plane Docs

API contract: openapi.yaml. This interface is designed for deterministic verification and auditable outcomes, with explicit request and response schemas for each endpoint.

API base: http://localhost:8080

GitHub RepoOpenAPI SpecExample Payloads

Quickstart

Run a verification-focused API check in 4 steps.

Start from a clean clone, run the API, then run one command that executes all baseline checks. The command exits non-zero on the first failure.

# Step 0: clone and install
git clone https://github.com/opertus-systems/inactu-control.git
cd inactu-control/web
npm install

# Terminal 1: start API
npm run run:api

# Terminal 2: run baseline checks
API_BASE="http://localhost:8080" npm run quickstart:check

1. Confirm API is up

curl -s "$API_BASE/healthz"

2. Hash a payload

curl -s -X POST "$API_BASE/v1/hash/sha256" \
  -H "content-type: application/json" \
  -d '{"payload":"hello inactu"}'

3. Verify a manifest

curl -s -X POST "$API_BASE/v1/verify/manifest" \
  -H "content-type: application/json" \
  -d @examples/verify-manifest-request.json

4. Verify a receipt

curl -s -X POST "$API_BASE/v1/verify/receipt" \
  -H "content-type: application/json" \
  -d @examples/verify-receipt-request.json

Script source

web/scripts/quickstart-check.sh

Security boundary model

Local examples can run without auth for testing, but production deployments should enforce TLS termination, API authentication, tenant authorization, and rate controls at the edge before forwarding requests.

Keep signing keys and trust-anchor material outside this service boundary, and pass only data required for verification and policy decisions.

Determinism and failure semantics

Validation failures return structured JSON errors and deterministic deny reasons. Treat non-2xx responses as explicit control outcomes and retain response payloads for audit and incident reconstruction.

Use request IDs and structured logs to correlate policy evaluations with downstream runtime events.

Interactive API Reference

Includes endpoint notes from OpenAPI and supports live demo calls via Try it out through a same-origin proxy.

Loading interactive API reference...

OpenAPI Spec (Raw YAML)

Rendered from the repository OpenAPI document for direct copy/paste and contract inspection.

Show raw YAML
// Loading openapi.yaml...

POST /v1/hash/sha256

// response appears here

POST /v1/verify/manifest

// response appears here

POST /v1/verify/receipt

// response appears here