Skip to content

Collector endpoints

Enrollment, lifecycle, certificate chain.

POST /v1/collectors/codes

Mint a one-shot enrollment code. Admin-scoped.

POST /v1/collectors/enroll

The installer's first call. Body: {code, hostname, platform}. Returns: per-collector token, registry credentials, image reference. The collector then writes the token to /etc/kilasec/collector.env and starts the container.

GET /v1/collectors

List enrolled collectors for this tenant.

GET /v1/collectors/{id}/status

Health + last-seen timestamp + recent-event count.

POST /v1/collectors/{id}/restart

Restart the collector via systemd. Live lifecycle phases stream back (since 1cf9978).

POST /v1/collectors/{id}/rebuild

Pull the latest image, then restart. Used for dev-loop iteration (since 8d86f3c).

GET /v1/collectors/{id}/pac-url

The PAC URL the customer hands to DHCP. Served by the collector itself at :9443 with a cert signed by the collector's mitmproxy CA.

GET /v1/collectors/{id}/ca

The collector's mitm CA certificate chain (public only — never the private key).

DELETE /v1/collectors/{id}

Revoke the collector. The container will start failing to authenticate within seconds and stop on its next restart. Use /v1/collectors/{id}/purge for the hard delete that also drops historical events.

POST /v1/collectors/purge-revoked

Bulk delete revoked collectors more than N days old (since 1fde493).

Documentation for kilasec — the AI Agent Firewall.