Route Map

All routes are prefixed by the API’s base path. The Next.js proxy strips the /api prefix before forwarding to the Rust service.

`/health` — No authentication

Method	Path	Handler	Description
GET	`/health/api`	`api_health`	Returns `{ status, version, uptime_seconds }`
GET	`/health/intelligence`	`intelligence_health`	Proxies `Health.Check` gRPC call to Intelligence

Method	Path	Handler	Rate Limit
GET	`/auth/oauth/{provider}/authorize`	`oauth_authorize`	Standard
GET	`/auth/oauth/{provider}/callback`	`oauth_callback`	Standard
POST	`/auth/signin`	`signin`	Standard
POST	`/auth/signup`	`signup`	Standard
POST	`/auth/signout`	`signout`	Standard
POST	`/auth/refresh`	`refresh`	Standard
GET	`/auth/verify-email`	`verify_get`	Standard
POST	`/auth/verify-email`	`verify_post`	Standard
POST	`/auth/forgot-password`	`forgot_password`	Sensitive
POST	`/auth/reset-password`	`reset_password`	Sensitive
POST	`/auth/resend-verification`	`resend_verification`	Sensitive
POST	`/auth/recover-account`	`recover_account`	Sensitive

Rate limit tiers:

Method	Path	Handler	Description
POST	`/contact`	`handle_contact`	Sends contact form submission via email to site admin

Request body: { name, email, subject, message } — all fields required, validated as non-empty.

Rate limit: Strict (~3 req/min, burst 3, per IP). Uses strict_rate_limiter().

Method	Path	Handler	Description
GET	`/user/me`	`me`	Returns current user profile
PATCH	`/user/update-profile`	`update_profile`	Updates name, username, avatar_url, and supports one-way `contributor_opt_in=true`
POST	`/user/change-password`	`change_password`	Requires `current_password` + `new_password`
DELETE	`/user/delete-account`	`delete_account`	Soft-deletes user (`deleted_at = NOW()`)
GET	`/user/list-sessions`	`list_sessions`	Returns all active sessions
DELETE	`/user/revoke-session/{session_id}`	`revoke_session`	Invalidates specific session

Method	Path	Handler	Description
POST	`/chat/conversations`	`create_conversation`	Creates conversation row in DB
GET	`/chat/conversations`	`list_conversations`	Cursor-paginated; sorted by `updated_at DESC`
GET	`/chat/conversations/{id}`	`get_conversation`	Returns conversation + messages from `chat_messages`
PATCH	`/chat/conversations/{id}`	`update_conversation`	Updates `title`, `metadata`
DELETE	`/chat/conversations/{id}`	`delete_conversation`	Deletes conversation + cascades to messages
POST	`/chat/conversations/{id}/generate-title`	`generate_conversation_title`	gRPC: `Chat.GenerateTitle`
POST	`/chat/conversations/{id}/messages`	`send_message`	gRPC: `Chat.SendMessage` → JSON response
POST	`/chat/conversations/{id}/stream`	`stream_chat`	gRPC: `Chat.StreamChat` → SSE stream

Method	Path	Handler	Description
GET	`/admin/users`	`list_users`	`?search=&limit=&offset=`
GET	`/admin/users/{id}`	`get_user`	Single user details
DELETE	`/admin/users/{id}`	`delete_user`	Hard-deletes user
PATCH	`/admin/users/{id}/role`	`update_user_role`	`{ role: "user" \| "contributor" \| "admin" }`
GET	`/admin/stats`	`get_stats`	Platform-wide statistics

Method	Path	Handler	Access	Description
POST	`/resources/submissions`	`submit_resource`	Contributor or Admin	Submit a knowledge resource for review
GET	`/resources/submissions/mine`	`list_my_submissions`	Contributor or Admin	List own submissions
GET	`/resources/submissions`	`list_queue`	Admin	Queue listing (`?status=&limit=&offset=`)
POST	`/resources/submissions/{id}/review`	`review_submission`	Admin	Approve/reject submission and optionally ingest
POST	`/resources`	`add_resource`	Admin	Direct ingestion via gRPC `ResourceService.AddResource`
GET	`/resources`	`list_resources`	Admin	Indexed resources (`?resource_type=&status=&limit=&cursor=`)
GET	`/resources/{id}`	`get_resource_status`	Admin	gRPC `ResourceService.GetResourceStatus`
DELETE	`/resources/{id}`	`delete_resource`	Admin	gRPC `ResourceService.DeleteResource`