Skip to main content Module gateway Copy item path Source acp ACP-over-WebSocket gateway endpoint. api REST API handlers for the web dashboard. api_browse HTTP adapter over zeroclaw_runtime::browse::list_directory. api_config Per-property CRUD endpoints for /api/config/*. api_logs GET /api/logs — paginated query over the persisted JSONL log.api_onboard Onboard catalog endpoint — exposes the model_provider + model catalog the CLI
wizard already uses, so the dashboard’s “+ Add model_provider” affordance and
model-picker dropdown share the same source of truth as the CLI. api_pairing Device management and pairing API handlers. api_personality Read/write endpoints for per-agent personality markdown files
(SOUL.md, IDENTITY.md, USER.md, AGENTS.md, TOOLS.md,
HEARTBEAT.md, BOOTSTRAP.md, MEMORY.md). api_skills HTTP adapter over zeroclaw_runtime::skills::SkillsService. auth_rate_limit Sliding-window rate limiter for authentication attempts. canvas Live Canvas gateway routes — REST + WebSocket for real-time canvas updates. hardware_context Hardware context management endpoints. node_tool Wraps a node capability as a zeroclaw Tool nodes WebSocket endpoint for dynamic node discovery and capability advertisement. openapi Runtime-generated OpenAPI 3.1 document for the new /api/config/* surface. session_queue Per-session actor queue for serializing concurrent access. sse Server-Sent Events (SSE) stream for real-time event delivery. static_files Static file serving for the web dashboard. tls TLS and mutual TLS (mTLS) support for the gateway server. ws WebSocket agent chat handler. ws_approval WebSocket-backed Channel AppState Shared state for all axum handlers GatewayRateLimiter IdempotencyStore WatiVerifyQuery WebhookBody Webhook request body WhatsAppVerifyQuery WhatsApp verification query paramsIDEMPOTENCY_MAX_KEYS_DEFAULT Fallback max distinct idempotency keys retained in gateway memory. LONG_RUNNING_REQUEST_TIMEOUT_SECS Default request timeout for POST /api/cron/{id}/run (10 minutes). MAX_BODY_SIZE Maximum request body size (64KB) — prevents memory exhaustion RATE_LIMIT_MAX_KEYS_DEFAULT Fallback max distinct client keys tracked in gateway rate limiter. RATE_LIMIT_WINDOW_SECS Sliding window used by gateway rate limiting. REQUEST_TIMEOUT_SECS Default request timeout (30s) — prevents slow-loris attacks. gateway_long_running_request_timeout_secs Manual cron-trigger request timeout (seconds), exempt from the
gateway-wide gateway_request_timeout_secs gateway_request_timeout_secs Gateway request timeout (seconds) for routes other than the long-running
cron-trigger endpoint. Reads from typed config. run_gateway Run the HTTP gateway using axum with proper HTTP/1.1 compliance. verify_whatsapp_signature Verify WhatsApp webhook signature (X-Hub-Signature-256).
Returns true if the signature is valid, false otherwise.
See: https://developers.facebook.com/docs/graph-api/webhooks/getting-started#verification-requests