> ## Documentation Index > Fetch the complete documentation index at: https://smithers-feat-claude-workflow-mirror.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Server & Gateway API > Host Smithers workflows over HTTP and WebSocket via a single-run server, a single-workflow serve app, and the multi-run Gateway control plane. Three host surfaces ship from `packages/server`, each a tighter fit for a different deployment. * **`startServer`**: a self-contained HTTP server with REST routes for run lifecycle, SSE event streams, and approvals. One server, many workflows by path. Reach for it when you want a plain HTTP API and no client SDK. * **`createServeApp`**: a Hono app bound to one already-loaded workflow and run. This is what `bunx smithers-orchestrator up --serve` mounts. Compose it into a larger Hono app or call `app.fetch` in tests. * **`Gateway`**: the headless control plane. Authenticate once, stream events over WebSocket with resume-on-reconnect, decide approvals, inject signals, run cron schedules, and serve many registered workflows. This is the surface the [Gateway client](/reference/gateway-client) and custom UIs talk to. ```ts theme={null} import { startServer, createServeApp, Gateway } from "smithers-orchestrator"; ``` `createServeApp` needs a `SmithersDb` adapter and a loaded `SmithersWorkflow`; both come from your workflow module (`new SmithersDb(workflow.db)`). The `Gateway` is constructed with `new Gateway(opts)`, then you `register()` workflows and `listen()`. ## startServer Boot a listening `http.Server` exposing REST run lifecycle, SSE streams, and approval routes. Synchronous: it returns the bound server immediately. ```ts theme={null} function startServer(opts?: ServerOptions): import("node:http").Server; ``` Port to bind. Database handle. When set, enables `GET /v1/runs` and approvals listing. Bearer token required on every route except `/health`. Falls back to `process.env.SMITHERS_API_KEY`; auth is disabled when neither is set. Maximum accepted request body size. Larger bodies get `PAYLOAD_TOO_LARGE`. Sandbox root that workflow paths and tools resolve against. Paths outside it are rejected with `WORKFLOW_PATH_OUTSIDE_ROOT`. Allow network access from the built-in `bash` tool. Maximum time (ms) the HTTP parser may take to receive complete request headers. Mitigates slowloris. Maximum time (ms) to receive and parse a single request, body included. A listening Node `http.Server`. `headersTimeout` and `requestTimeout` are applied to it to bound slow header/body uploads. The full route table (run start/resume/cancel, SSE events, frames, approvals, signals, `/metrics`) lives in [Server Mode](/integrations/server). ```ts theme={null} const server = startServer({ port: 7331, authToken: process.env.SMITHERS_API_KEY, rootDir: process.cwd(), }); ``` **Source** [`index.js`](https://github.com/smithersai/smithers/blob/main/packages/server/src/index.js) · [`ServerOptions.ts`](https://github.com/smithersai/smithers/blob/main/packages/server/src/ServerOptions.ts) · **Tests** [`server.test.js`](https://github.com/smithersai/smithers/blob/main/packages/server/tests/server.test.js) · **See also** [Server Mode](/integrations/server), [Control-plane deployment](/deployment/control-plane) ## createServeApp Build a Hono app for a single, already-loaded workflow and run. Returns a standard Hono app: mount it with `Bun.serve`, route it into another Hono app, or drive `app.fetch` directly in tests. This backs `bunx smithers-orchestrator up --serve`. ```ts theme={null} function createServeApp(opts: ServeOptions): import("hono").Hono; ``` The loaded workflow instance. Smithers DB adapter, e.g. `new SmithersDb(workflow.db)`. The active run id this app serves. Shared cancellation controller. Aborting it cancels the served run. Bearer token for every route except `/health`. Falls back to `SMITHERS_API_KEY`; disabled when unset. Accepts `Authorization: Bearer` or `x-smithers-key`. Expose `/metrics` (Prometheus exposition). A Hono app. Routes (`/health`, run status, SSE events, approvals, signals, `/metrics`) are documented in [Serve Mode](/integrations/serve). ```ts theme={null} import { SmithersDb, createServeApp } from "smithers-orchestrator"; const abort = new AbortController(); const app = createServeApp({ workflow, adapter: new SmithersDb(workflow.db), runId: "RUN_ID", abort, authToken: process.env.SMITHERS_API_KEY, }); Bun.serve({ port: 7331, fetch: app.fetch }); ``` **Source** [`serve.js`](https://github.com/smithersai/smithers/blob/main/packages/server/src/serve.js) · [`ServeOptions.ts`](https://github.com/smithersai/smithers/blob/main/packages/server/src/ServeOptions.ts) · **Tests** [`serve.test.js`](https://github.com/smithersai/smithers/blob/main/packages/server/tests/serve.test.js) · **See also** [Serve Mode](/integrations/serve), [Server Mode](/integrations/server) ## Gateway The multi-run control plane. Construct it, `register()` one or more workflows, then `listen()`. It serves RPC over `POST /v1/rpc/` (and `POST /rpc`) and over WebSocket on the same origin, with a `/health`, `/metrics`, `/workflows`, and per-workflow webhook endpoints. The RPC methods (`launchRun`, `getRun`, `listRuns`, `submitApproval`, `submitSignal`, cron, time-travel, and more) are documented per method; see [`launchRun`](/rpc/launch-run) for the request/response and scope shape they share. ```ts theme={null} class Gateway { constructor(options?: GatewayOptions); register(key: string, workflow: SmithersWorkflow, options?: GatewayRegisterOptions): this; extend(namespace: string, definition: unknown): this; listen(options?: { port?: number; host?: string; path?: string }): Promise; close(): Promise; } ``` `register`, `extend`, and the constructor are chainable. `listen` defaults to port `7331`; pass `path` for a Unix socket. `close` aborts active runs, drains inflight work, and tears down connections and the scheduler. ```ts theme={null} import { Gateway } from "smithers-orchestrator"; const gateway = new Gateway({ heartbeatMs: 15_000, auth: { mode: "token", tokens: { "operator-token": { role: "operator", scopes: ["*"] } }, }, }); gateway.register("deploy", deploy, { schedule: "0 8 * * 1-5" }); await gateway.listen({ port: 7331 }); ``` ### GatewayOptions Wire protocol version advertised to clients. Feature flags advertised on `/health` and in the connect handshake. WebSocket heartbeat interval. Also clamps the cron poll interval (1 s to 15 s). Authentication mode. Omit to leave the gateway unauthenticated. See [auth](#gatewayauthconfig) below. Custom gateway-level UI. `true` mounts the built-in operator console at `/`. See [UI config](#ui-config) below. Absolute path to the workspace root that holds `.smithers/` and `smithers.db`. Disk-backed registry reads (e.g. the `listPrompts` RPC) resolve against it. Defaults to `process.cwd()`. Built-in operator browser console. Set `false` to disable. Per-gateway defaults. See [defaults](#defaults) below. Maximum accepted body for `POST /rpc`. Maximum size of a single WebSocket frame. Maximum concurrent connections. Over-limit upgrades get `503`. Per-run replay window for run event streams, in frames. Bridge persisted run events from the workspace DB into live streams for runs executed by another process. Poll interval (ms) for the out-of-process event bridge. Maximum time (ms) to receive complete request headers. Applied to the Node HTTP server on `listen()`. Maximum time (ms) to receive and parse a single request. #### GatewayAuthConfig A discriminated union on `mode`. Runs started through an authenticated gateway expose `ctx.auth = { triggeredBy, role, scopes, createdAt }`. Map of bearer token to its grant. Role assigned to requests bearing this token. Granted scopes; `["*"]` grants all. Stable user id recorded as the actor. Identifier for the token, for revocation and audit. Issue time (epoch ms). Expiry time (epoch ms); past tokens are rejected. Revocation time (epoch ms); revoked tokens are rejected. Origin allowlist (defense-in-depth). `[]` enforces no check. When non-empty, a request or WebSocket upgrade whose browser `Origin` header is not on the list is rejected; requests with no `Origin` (server-to-server / CLI) are allowed. Validates `alg=HS256`, HMAC, `iss`, `aud`, `exp`, `nbf`. Expected `iss` claim. Accepted `aud` claim(s). HS256 shared secret. Claim holding scopes (array or space/comma-separated string). Claim holding the role. Claim holding the user id. Role used when the role claim is absent. Scopes used when the scope claim is absent. Allowed `exp`/`nbf` skew. Negative values clamp to 0. Origin allowlist (defense-in-depth). `[]` enforces no check. When non-empty, a request or WebSocket upgrade whose browser `Origin` header is not on the list is rejected; requests with no `Origin` (server-to-server / CLI) are allowed. Identity is read from request headers. Only safe behind a proxy you control (Cloudflare Access, an internal API gateway) that strips and rewrites these headers. Headers read as `[user, scopes, role]`. Origin allowlist (defense-in-depth), enforced the same way across all auth modes. `[]` enforces no check. When non-empty, a request or WebSocket upgrade whose browser `Origin` header is not on the list is rejected; requests with no `Origin` (server-to-server / CLI) are allowed. Role used when the role header is absent. Scopes used when the scopes header is absent. #### UI config `true` mounts the built-in operator console. Otherwise an object: Browser entry module for the React app. Smithers bundles it with Bun and serves it from the gateway origin. Mount path. Gateway-level UI defaults to `/`; workflow-level UI (via `register`) defaults to `/workflows/`. Document title for the generated HTML shell. JSON-serializable boot data exposed to the browser. URL path for the built-in operator console. Document title for the generated HTML shell. JSON-serializable boot data exposed to the browser. #### defaults Default tool exposure for CLI-launched agents. Default for the out-of-process event bridge when the top-level option is unset. Default bridge poll interval (ms) when the top-level option is unset. ### register Register a workflow under `key`. Wires up its DB tables, optional cron schedule, webhook config, and embedded UI bundle. Returns `this`, so calls chain. A schedule writes a cron row keyed `gateway:`; cron-fired runs get `ctx.auth.role = "system"`, `triggeredBy = "cron:gateway"`, `scopes = ["*"]`. Workflow key. Becomes the path segment for workflow-level UI and webhooks. The loaded workflow instance. Cron expression. Fires the workflow on schedule. Inbound webhook config for `POST /webhooks/`. See below. Workflow-level UI, mounted at `/workflows/` by default. Shared secret for HMAC signature verification. Header carrying the request signature. Prefix stripped from the signature value before comparison (e.g. `"sha256="`). Map a verified webhook into a run signal. Signal name delivered to the run. JSON path to a correlation id used to match the target run. JSON path to an explicit run id in the payload. JSON path to the sub-payload delivered with the signal. Start a new run from a verified webhook. Whether a webhook may launch a run. JSON path to the sub-payload used as the run input. ### listen / close TCP port to bind. Host/interface to bind. Unix socket path. When set, `port`/`host` are ignored. Resolves once the server is bound and the scheduler and event bridge have started. Aborts active runs, awaits inflight work, closes connections, and stops the scheduler and watchers. **Source** [`gateway.js`](https://github.com/smithersai/smithers/blob/main/packages/server/src/gateway.js) · [`GatewayOptions.ts`](https://github.com/smithersai/smithers/blob/main/packages/server/src/GatewayOptions.ts) · [`GatewayAuthConfig.ts`](https://github.com/smithersai/smithers/blob/main/packages/server/src/GatewayAuthConfig.ts) · **Tests** [`gateway.test.jsx`](https://github.com/smithersai/smithers/blob/main/packages/server/tests/gateway.test.jsx) · **See also** [Gateway](/integrations/gateway), [Control-plane deployment](/deployment/control-plane), [`launchRun`](/rpc/launch-run), [Gateway client](/reference/gateway-client) *** For the full route tables and wire shapes, see [Server Mode](/integrations/server), [Serve Mode](/integrations/serve), and [Gateway](/integrations/gateway). The exact type definitions are mirrored in the [Types reference](/reference/types).