Talero Node HTTP and REST Surface

Top-Level Semantics

/health is liveness.
/ready is strict local runtime readiness. It is not release approval.
/events is an SSE delivery channel, not durable storage or a replay queue.
/metrics and /prom/metrics exist in the contract but should normally stay private/operator-only unless deliberately fronted and hardened.

Public dashboards should prefer public JSON summaries such as health, readiness, confidence, network health, risk, finalized head, and watchtower status over raw Prometheus exposure.

Public-Safe REST Routes

Route	Method	Public profile behavior	Category	Notes
`/api/bootnodes`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/checkpoint/history`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/checkpoint/latest`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/confidence`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/fees/forecast`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/finality/estimate`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/health`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/intents/validate`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/metrics`	GET	Minimal public status or compatibility surface.	Minimal	normally keep private/operator-only
`/api/network/health`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/network/risk`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/nodes`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/ready`	GET	Minimal public status or compatibility surface.	Minimal	local runtime readiness, not release approval
`/api/receipt/:hash/finality-bundle`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/route/hints`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/txs`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/address/:addr`	GET	Public profile can mask, bound, or deny according to privacy policy.	AddressSensitive	privacy policy can mask or deny
`/api/v1/address/:addr/txs`	GET	Public profile can mask, bound, or deny according to privacy policy.	AddressSensitive	privacy policy can mask or deny
`/api/v1/block/hash/:hash`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/block/hash/:hash/txs`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/block/height/:height`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/block/height/:height/txs`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/blocks`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/bootnodes`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/canonical/height/:height`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/checkpoint/history`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/checkpoint/latest`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/confidence`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/fees`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/fees/forecast`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/finality/estimate`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/v1/finalized`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/fork/tips`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/forks/height/:height`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/head`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/head/stream`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/health`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/intents/validate`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/v1/logs`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/metrics`	GET	Minimal public status or compatibility surface.	Minimal	normally keep private/operator-only
`/api/v1/network/health`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/network/risk`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/nodes`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/pq/compliance-report`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/pq/maturity`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/ready`	GET	Minimal public status or compatibility surface.	Minimal	local runtime readiness, not release approval
`/api/v1/receipt/:hash`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/receipt/:hash/finality-bundle`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/receipts`	POST	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/reorgs`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/reorgs/:id`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/route/hints`	POST	Public-safe diagnostic summary; safe mode and quotas still apply.	DiagnosticsSafe	public-safe contract route
`/api/v1/search`	GET	Public profile can mask, bound, or deny according to privacy policy.	AddressSensitive	privacy policy can mask or deny
`/api/v1/stats`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/tx/:hash`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/txbundle`	POST	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/txs`	GET, POST	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	public-safe contract route
`/api/v1/validators`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/v1/watchtower/status`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/validators`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/api/watchtower/status`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/events`	GET	Public read surface, subject to quotas and runtime safety gates.	PublicChainRead	SSE delivery channel, not durable storage
`/health`	GET	Minimal public status or compatibility surface.	Minimal	public-safe contract route
`/metrics`	GET	Minimal public status or compatibility surface.	Minimal	normally keep private/operator-only
`/prom/metrics`	GET	Minimal public status or compatibility surface.	Minimal	normally keep private/operator-only
`/ready`	GET	Minimal public status or compatibility surface.	Minimal	local runtime readiness, not release approval

Diagnostics and Activity Are Restricted

DiagnosticsRestricted routes are trusted/operator-oriented and are not generic public-safe routes.

Route	Method	Public profile behavior	Category	Notes
`/api/activity/events`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/activity/hints`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/diagnostics/modules`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/diagnostics/node`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/v1/activity/events`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/v1/activity/hints`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/v1/diagnostics/modules`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route
`/api/v1/diagnostics/node`	GET	Trusted/operator-oriented diagnostics; not public-safe.	DiagnosticsRestricted	public-safe contract route

Metrics Exposure

The contract marks metrics paths as present. Public operators should still treat Prometheus output as private by default because metrics can reveal operational shape, labels, counters, or traffic patterns. Hardened public status pages should consume bounded JSON summaries instead.

Talero node HTTP and REST surface

Top-Level Semantics

Public-Safe REST Routes

Diagnostics and Activity Are Restricted

Metrics Exposure