Public API overview
Aithernet's programmatic surfaces are authenticated and either node-local or scoped to a provisioned external agent. There are no anonymous public API endpoints, and this site exposes no tokens, keys or live endpoints.
1 · Node-local API
Each node runs a local HTTP API used by the local dashboard and the aithernet CLI.
It is bound for local/administrative use and is never exposed to the Internet;
the node makes only outbound connections to the hosted control plane. Conceptual surfaces:
| Area | Purpose | CLI |
|---|---|---|
| Missions | Submit, inspect and process bounded missions. | aithernet mission … |
| Events | List and stream runtime events (steps, tool calls, agent activity). | aithernet events … |
| MCP tools | Inspect and call GNU Radio MCP tools through the signed component. | aithernet mcp … |
| Diagnostics | Sanitized operational diagnostics (no secrets). | aithernet diagnostics … |
2 · External-agent gateway
Aithernet supports secure interoperability with external agents through a gateway with scoped credentials, bounded execution, callback endpoints and durable deliveries. Agents are explicitly provisioned by an operator; anonymous access is never granted.
| Concept | Description |
|---|---|
| Provisioning | An operator provisions an external agent; credentials are issued server-side and never printed in full. |
| Scopes / permissions | Each agent is granted explicit, bounded permissions. |
| Endpoints & subscriptions | Callback endpoints and event subscriptions are registered per agent. |
| Deliveries | Event deliveries are durable and inspectable. |
Operator commands (run on an enrolled node):
# list and inspect external agents (no secrets are printed)
aithernet external-agents list
aithernet external-agents show <agent>
# provision, then manage scopes/credentials (operator-gated)
aithernet external-agents create <name>
aithernet external-agents permissions …
aithernet external-agents credentials …
aithernet external-agents diagnostics3 · Hosted control plane
The hosted platform authenticates browsers (HttpOnly session cookie + CSRF double-submit) and nodes (signed enrollment and heartbeat). Public, unauthenticated surfaces are limited to a health/readiness probe and signed release downloads granted to approved customers. Customer and administrator functionality is authorized server-side, not by hiding routes.
Status & stability
The programmatic interfaces are evolving during early access. A self-service token-issuance portal and versioned, published API reference are still being finalized; until then, external-agent credentials are provisioned with operator assistance. Treat the surfaces above as conceptual and subject to change.