{"status":"ok","ready":true,"service":"epistemes-gateway","browse_api_base_path":"/v1/gateway","endpoints":{"root":"/","statusz":"/statusz","healthz":"/healthz","readyz":"/readyz","demo_health":"/v1/gateway/demo/health","ops_summary":"/v1/gateway/ops/summary","ops_release":"/v1/gateway/ops/release","ops_environment":"/v1/gateway/ops/environment","ops_diagnostics":"/v1/gateway/ops/diagnostics","authorize":"/v1/gateway/invoke:authorize","session_resume":"/v1/gateway/session:resume","auth_email_otp_start":"/v1/gateway/auth/email-otp/start","auth_email_otp_verify":"/v1/gateway/auth/email-otp/verify","auth_session":"/v1/gateway/auth/session","auth_session_refresh":"/v1/gateway/auth/session/refresh","auth_session_desktop_bind":"/v1/gateway/auth/session/desktop-bind","auth_session_organization":"/v1/gateway/auth/session/organization","auth_session_logout":"/v1/gateway/auth/session/logout","session":"/v1/gateway/session","control_entry_session":"/v1/gateway/control-entry/session","control_entry_handoffs":"/v1/gateway/control-entry/handoffs","orders":"/v1/gateway/orders","payment_intents":"/v1/gateway/payment-intents","entitlements":"/v1/gateway/entitlements","license_reservations":"/v1/gateway/license-reservations","publish_states":"/v1/gateway/publish-states","skill_release_truths":"/v1/gateway/skill-release-truths","governance_truths":"/v1/gateway/governance-truths"},"release":{"build_version":{"env":"EPISTEMES_GATEWAY_BUILD_VERSION","value":"0.1.0","source":"env","description":"Gateway build version exposed by the read-only ops surface."},"build_commit":{"env":"EPISTEMES_GATEWAY_BUILD_COMMIT","value":"3d93a939","source":"env","description":"Gateway build commit exposed by the read-only ops surface."},"build_time":{"env":"EPISTEMES_GATEWAY_BUILD_TIME","value":"2026-04-15T03:27:33Z","source":"env","description":"Gateway build time exposed by the read-only ops surface."},"last_change_at":{"env":"EPISTEMES_GATEWAY_LAST_CHANGE_AT","value":"2026-04-15T03:27:33Z","source":"env","description":"Latest promoted gateway change timestamp exposed by the read-only ops surface."},"release_channel":{"env":"EPISTEMES_GATEWAY_RELEASE_CHANNEL","value":"canary","source":"env","description":"Current gateway-facing release channel classification for publish/update operations."},"minimum_supported_desktop_version":{"env":"EPISTEMES_DESKTOP_MINIMUM_SUPPORTED_VERSION","value":"0.1.0","source":"env","description":"Minimum supported protected desktop version for controlled execution entry."},"rollback_target_version":{"env":"EPISTEMES_DESKTOP_ROLLBACK_TARGET_VERSION","value":"0.1.0","source":"env","description":"Rollback target version retained for controlled desktop release operations."},"default_public_channel":"stable","supported_desktop_channels":["stable","canary","dev"],"protocol_compatibility_window_days":60},"environment":{"environment":{"env":"EPISTEMES_GATEWAY_ENVIRONMENT","value":"production","source":"env","description":"Environment classification exposed to Web/Console read-only control views."},"public_base_url":{"env":"EPISTEMES_GATEWAY_PUBLIC_BASE_URL","value":"https://gateway.epistemes.cn","source":"env","description":"Gateway public base URL for shared read-only status and ops surfaces."},"gateway_https_ready":true,"trusted_ssp_wss_ready":true,"formal_public_entry_ready":true,"protected_execution_terminal":"desktop","web_is_formal_protected_terminal":false},"governance":{"gateway_role":"control_plane_facade","ops_surface_mode":"read_only","canonical_truth_owner":"ledger-browse","gateway_holds_l4_canonical_truth":false,"protected_execution_terminal":"desktop","web_is_formal_protected_terminal":false,"health_status_surface_consistent":true,"organization_scoped_session_read_status":"ok","order_read_surface_status":"ok","publish_read_surface_status":"ok"},"entrypoints":[{"name":"healthz","path":"/healthz","surface":"liveness","auth":"none","status":"ok","detail":"Gateway liveness surface uses the same summary payload as statusz and demo health."},{"name":"readyz","path":"/readyz","surface":"readiness","auth":"none","status":"ok","detail":"Gateway readiness requires runtime state availability and ledger browse reachability."},{"name":"statusz","path":"/statusz","surface":"status","auth":"none","status":"ok","detail":"Gateway status surface is the canonical summary shape for health, demo, and ops reads."},{"name":"demo_health","path":"/v1/gateway/demo/health","surface":"status_alias","auth":"none","status":"ok","detail":"Legacy demo health route is kept as an alias of the status summary payload."},{"name":"ops_summary","path":"/v1/gateway/ops/summary","surface":"ops_read","auth":"none","status":"ok","detail":"Read-only control-plane summary for Web and Console environment, release, governance, and entrypoint state."},{"name":"ops_release","path":"/v1/gateway/ops/release","surface":"ops_read","auth":"none","status":"ok","detail":"Read-only release and update metadata view exposed by Gateway."},{"name":"ops_environment","path":"/v1/gateway/ops/environment","surface":"ops_read","auth":"none","status":"ok","detail":"Read-only environment classification and public entry readiness view exposed by Gateway."},{"name":"ops_diagnostics","path":"/v1/gateway/ops/diagnostics","surface":"ops_read","auth":"none","status":"ok","detail":"Read-only runtime, dependency, config, and warning diagnostics view exposed by Gateway."},{"name":"authorize","path":"/v1/gateway/invoke:authorize","surface":"invoke_control_plane","auth":"sdk_signed_payload","status":"ok","detail":"Gateway authorize stays on the invoke control plane and does not expose canonical ledger truth."},{"name":"session_resume","path":"/v1/gateway/session:resume","surface":"invoke_control_plane","auth":"resume_token","status":"ok","detail":"Gateway session resume depends on runtime state and protected execution policy continuity."},{"name":"auth_email_otp_start","path":"/v1/gateway/auth/email-otp/start","surface":"auth_entrypoint","auth":"none","status":"ok","detail":"Marketplace passwordless email OTP start surface issues short-lived login challenges without exposing canonical user truth."},{"name":"auth_email_otp_verify","path":"/v1/gateway/auth/email-otp/verify","surface":"auth_entrypoint","auth":"otp_challenge","status":"ok","detail":"Gateway email OTP verify surface exchanges a challenge for a formal web auth session facade."},{"name":"auth_session","path":"/v1/gateway/auth/session","surface":"auth_session_read","auth":"auth_session","status":"ok","detail":"Formal auth session read surface for web, desktop-device, and organization session facades."},{"name":"auth_session_refresh","path":"/v1/gateway/auth/session/refresh","surface":"auth_session_write","auth":"auth_session","status":"ok","detail":"Auth session refresh rotates the gateway facade token without promoting Gateway to canonical truth."},{"name":"auth_session_desktop_bind","path":"/v1/gateway/auth/session/desktop-bind","surface":"auth_session_write","auth":"auth_session","status":"ok","detail":"Desktop bind upgrades a web auth session into a device-bound desktop session for protected execution entry."},{"name":"auth_session_organization","path":"/v1/gateway/auth/session/organization","surface":"auth_session_write","auth":"auth_session","status":"ok","detail":"Organization switch emits a scoped organization session facade while leaving membership truth outside Gateway."},{"name":"auth_session_logout","path":"/v1/gateway/auth/session/logout","surface":"auth_session_write","auth":"auth_session","status":"ok","detail":"Gateway logout revokes auth session facades and descendants without altering ledger canonical state."},{"name":"session","path":"/v1/gateway/session","surface":"session_read","auth":"login_session","status":"ok","detail":"Organization-scoped session read surface for Web and Console control entry."},{"name":"control_entry_session","path":"/v1/gateway/control-entry/session","surface":"control_entry_read","auth":"login_session","status":"ok","detail":"Gateway control-entry compatibility surface remains desktop-only for protected execution."},{"name":"orders","path":"/v1/gateway/orders","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only order projection passthrough backed by ledger browse truth."},{"name":"payment_intents","path":"/v1/gateway/payment-intents","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only payment intent projection passthrough backed by ledger browse truth."},{"name":"entitlements","path":"/v1/gateway/entitlements","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only entitlement projection passthrough backed by ledger browse truth."},{"name":"license_reservations","path":"/v1/gateway/license-reservations","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only reservation projection passthrough backed by ledger browse truth."},{"name":"publish_states","path":"/v1/gateway/publish-states","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only seller publish state passthrough backed by ledger browse truth."},{"name":"skill_release_truths","path":"/v1/gateway/skill-release-truths","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only real skill and release truth passthrough backed by ledger browse truth."},{"name":"governance_truths","path":"/v1/gateway/governance-truths","surface":"operations_read","auth":"login_session","status":"ok","detail":"Read-only governance truth passthrough for publish and authorization control decisions."}],"runtime":{"state_available":true,"active_session_count":0,"active_control_entry_handoff_count":0,"idempotency_cache_entries":0,"audit_event_count":0},"dependencies":[{"name":"ledger-browse","ok":true,"status_code":200,"base_url":"http://127.0.0.1:8092","detail":"ok"}],"config":{"bind_addr":{"env":"EPISTEMES_GATEWAY_BIND","value":"127.0.0.1:8090","source":"env","description":"HTTP facade bind address for local demo and integration entry."},"ledger_store_path":{"env":"EPISTEMES_LEDGER_PATH","value":"/var/lib/epistemes/gateway-ledger.json","source":"env","description":"Local gateway-side ledger store used by authorize, usage, and audit demo flows."},"ledger_base_url":{"env":"EPISTEMES_LEDGER_BASE_URL","value":"http://127.0.0.1:8092","source":"env","description":"Browse truth facade base URL; gateway reads browse projections here and does not persist canonical ledger truth."},"browse_request_timeout_ms":{"env":"EPISTEMES_GATEWAY_BROWSE_TIMEOUT_MS","value":"2500","source":"env","description":"Gateway browse facade total request timeout in milliseconds. Demo default is 2500 ms so desktop and web login callbacks fail fast when the ledger browse backend is unavailable."},"browse_connect_timeout_ms":{"env":"EPISTEMES_GATEWAY_BROWSE_CONNECT_TIMEOUT_MS","value":"750","source":"env","description":"Gateway browse facade connect timeout in milliseconds. Demo default is 750 ms so broken integration endpoints surface quickly."},"control_entry_handoff_ttl_seconds":{"env":"EPISTEMES_GATEWAY_CONTROL_ENTRY_HANDOFF_TTL_SECONDS","value":"300","source":"env","description":"Gateway control-entry handoff staging TTL in seconds. Demo default is 300 s so external control requests expire quickly and do not become a long-lived execution surface."},"provider_id":{"env":"EPISTEMES_PROVIDER_ID","value":"provider.cn-shanghai-01","source":"env","description":"Provider identifier stamped into route binding and policy bundle responses."},"ssp_pool_id":{"env":"EPISTEMES_SSP_POOL_ID","value":"ssp-pool.cn-shanghai-01","source":"env","description":"Trusted SSP pool identifier exposed through route binding."},"region_id":{"env":"EPISTEMES_REGION_ID","value":"cn-shanghai-1","source":"env","description":"Trusted region identifier exposed through route binding."},"service_provider_endpoint":{"env":"EPISTEMES_SSP_ENDPOINT","value":"wss://ssp.epistemes.cn/v1/session","source":"env","description":"Trusted SSP control-plane endpoint returned by authorize."},"hmac_secret":{"env":"EPISTEMES_GATEWAY_HMAC_SECRET","source":"env","using_default_dev_secret":false,"description":"Signing secret for login, invocation, and resume tokens. The value is intentionally not echoed back by the demo health endpoint."}},"warnings":[]}