Silver Canon V.3 · API Surface

API Reference // ORCH & GCP Contracts

Governed endpoint contracts for readiness, GCP validation, cryptographic sealing, usage reporting and client-safe review.

SurfaceORCH / GCP

Contracts for governed runtime integration.

Route/google-cloud/soberania/aei-apireference

Canonical lowercase Google Cloud Soberania route.

BoundarymTLS + Gateway

No direct downstream GCP service access from the client.

PolicyPrivate by Default · No Seal · No Release

Visible on every Silver page.

Security Boundary

mTLS · AEI Canon CA · API Gateway

All endpoints require valid mutually authenticated TLS certificates issued by the internal AEI CANON CA. Requests originating outside the VPC must route through the approved API Gateway ingress. Direct access to downstream GCP services is strictly prohibited.

Endpoint Index

Operational Contracts

Method	Endpoint	Purpose	Exposure
GET	/ready	Health check and readiness probe.	Client-safe
POST	/one/validate/gcp	Validates payload structure against GCP schema.	Gated
POST	/gov/seal	Applies cryptographic governance seal.	Protected
POST	/gcp/report-usage	Submits telemetry and billing metrics.	Marketplace

Canonical Payloads

POST /gov/seal

Seal Payload{
  "request_id": "req_8f92b7c1-ae45",
  "timestamp": "2023-10-27T14:32:01Z",
  "payload": {
    "resource_ref": "gcp:compute:instance:prod-db-01",
    "policy_version": "v2.1.4",
    "attestation": {
      "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
      "method": "SHA-256"
    }
  },
  "client_meta": {
    "agent": "aei-cli/1.0",
    "region": "us-central1"
  }
}