autonomy-orchestrator serve

Start the control-plane HTTP API (event ingestion + SQLite storage)

Synopsis

Starts an HTTP service on --listen that stores incoming telemetry events.

The control plane holds observational authority only: it stores events as
received and derives nothing from them (v1.13 §1.2.3).

Endpoints:
  POST /v1/events   — ingest a JSON batch: {"events":[{...}, ...]}
                      Required fields per event: event_id, event_type, node_id, timestamp
                      Optional fields: lock_fingerprint, release_id
                      Returns: {"received":N,"inserted":N,"deduped":N}
  GET  /v1/events   — query stored events (newest first)
                      Optional query params: node_id, event_type, limit (default 100, max 1000)
                      Returns: {"events":[...], "count":N}
  GET  /v1/health   — liveness probe: {"status":"ok"}

TLS / mTLS:
  When --tls-cert-file and --tls-key-file are provided the server listens
  with TLS.  Adding --tls-ca-file enables mutual TLS: the server requires
  a valid client certificate signed by the specified CA.  Without TLS flags
  the server runs plain HTTP (suitable for development and localhost).
  Adding --tls-crl-file enables fail-closed client certificate revocation
  checks against the provided CRL. Running servers hot-reload the CRL when the
  file changes on disk. Optional repeated --tls-crl-sync-url turns on pull-based
  CRL distribution from one or more control-plane endpoints. Use
  --tls-crl-sync-min-sources to require matching CRLs from multiple publishers
  before accepting an update.

Idempotency: duplicate event_id values are silently ignored. Batch order is
preserved; logical event order is determined by insertion order, not timestamp.

Error responses:
  400  malformed JSON or missing required field
  405  method not allowed
  503  SQLite writer busy beyond busy_timeout
  507  disk full
  (fatal) SQLITE_CORRUPT — process exits immediately

Usage

autonomy-orchestrator serve [flags]

Options

      --data-dir string                  data directory for SQLite storage (default: XDG_CACHE_HOME/autonomyops/orchestrator)
      --listen string                    TCP address to listen on (default "0.0.0.0:8888")
      --log-format string                log output format: "json" (machine-readable) or "text" (human-readable) (default "json")
      --log-level string                 minimum log level: "debug", "info", "warn", "error" (default "info")
      --metrics-addr string              Prometheus metrics listen address (e.g. ":9090"); empty disables metrics
      --tls-ca-file string               path to a CA certificate (PEM) for client verification (enables mTLS)
      --tls-cert-file string             path to the server TLS certificate (PEM); enables TLS when set with --tls-key-file
      --tls-crl-file string              path to a CRL file (PEM) used to reject revoked client certificates; requires --tls-ca-file
      --tls-crl-server-name string       optional TLS server name override for --tls-crl-sync-url
      --tls-crl-sync-interval duration   CRL pull interval when --tls-crl-sync-url is set; 0 disables background refresh after the initial sync (default 1m0s)
      --tls-crl-sync-min-sources int     minimum number of CRL publishers that must agree before a synced CRL is accepted (default 1)
      --tls-crl-sync-url strings         optional control-plane CRL endpoint to pull into --tls-crl-file before startup and on a timer (repeat to define the publisher set)
      --tls-key-file string              path to the server TLS private key (PEM)