HTTP service
prism serve exposes the same engine over HTTP (needs the [http] extra). It’s a thin transport
over the CLI/MCP engine — the four locks, ANDON refusals, and signed receipts are unchanged.
prism serve --host 127.0.0.1 --port 8000 # OpenAPI docs at /docsEndpoints
Section titled “Endpoints”| Method | Path | Behavior |
|---|---|---|
POST | /verify | Verify an artifact. Blocks within the latency budget → 200 with the verdict. With Prefer: respond-async + a registered webhook, returns 202 and delivers the verdict to the webhook. |
GET | /replay/{receipt_id} | The stored receipt + signature_valid. |
POST | /verify-receipt | Verify a standalone receipt (cross-tool) — see Receipts. |
GET | /healthz | Liveness + configured verifier families. Unauthenticated. |
GET | /docs, /openapi.json | Auto-generated OpenAPI 3.1. |
Auth (fail-closed)
Section titled “Auth (fail-closed)”prism runs caller-supplied artifacts through paid model calls, so the surface is fail-closed:
/verify is refused until API keys are configured. Keys are prism_-prefixed, hashed at rest
(only SHA-256 hashes live in config), and constant-time compared.
export PRISM_API_KEYS="<sha256(key1)>,<sha256(key2)>" # callers send: Authorization: Bearer <key># local dev only — disables the requirement:export PRISM_HTTP_ALLOW_NO_AUTH=1A separate, stricter per-IP limiter throttles failed auth, so key-guessing costs ~0 compute and never reaches a model.
Back-pressure, idempotency, errors
Section titled “Back-pressure, idempotency, errors”- Rate limit — per-key token bucket;
429withRetry-After+ aRateLimitheader (emitted on success too). An oversize artifact is rejected with413before any provider call. - Idempotency — send an
Idempotency-Key; a retry replays the original result (200/202), an in-flight key returns409, and the same key with a different body returns422. - Errors — every 4xx/5xx is RFC 9457
application/problem+json, carrying prism’s structuredcode/retryableas extension members.
Signed-webhook escalate channel
Section titled “Signed-webhook escalate channel”For async / escalate verdicts that exceed the sync budget, prism POSTs the verdict to a
caller-registered webhook URL. Deliveries are Standard-Webhooks-signed (HMAC over
id.timestamp.payload, 300s tolerance, multi-signature for rotation), retried with backoff, and
dead-lettered on exhaustion. The endpoint is SSRF-guarded: prism requires https, resolves the
host, rejects any internal / link-local / metadata address, and pins the connection to the
validated IP. A withdrawn verdict is compensated by a signed verdict_cancelled follow-up.
export PRISM_WEBHOOK_SECRET="<random>" # signs deliveries