Route Organization
Routes are organized by module in backend/src/api/:
| File | Auth | Purpose |
|---|
browser.routes.ts | Clerk | Security test browser |
analytics.routes.ts | Clerk | Elasticsearch analytics |
agent-admin.routes.ts | Clerk | Agent management |
agent-device.routes.ts | Agent key | Device endpoints |
tests.routes.ts | Clerk | Build system, certificates |
defender.routes.ts | Clerk | Defender integration |
alerting.routes.ts | Clerk | Alert configuration |
Middleware Stack
- Helmet — Security headers
- CORS — Configurable origin restrictions
- Rate limiting — Per-endpoint budgets
- Clerk auth — JWT validation for web routes
- Agent auth — API key validation for device routes
- Error handler — Catches
AppError and unhandled errors
Rate Limits
| Endpoint Group | Limit |
|---|
| Enrollment | 5 / 15 min per IP |
| Device (heartbeat, tasks) | 100 / 15 min per agent |
| Binary download | 10 / 15 min per IP |
| Key rotation | 3 / 15 min per IP |
| Auth | 20 / 15 min per IP |