Skip to main content
Puntego’s public worker surface is small on purpose.

Boot

  • POST /boot
  • Resolves the tenant manifest, consent directive, and visitor JWT.
  • Returns 503 when the global killswitch is enabled.

Chat

  • POST /chat
  • Requires Authorization: Bearer <visitor-jwt>.
  • Enforces visitor and tenant rate limits.
  • In production rollout mode, chat is allowed only for tenants listed in GP_PRODUCTION_TENANTS.
  • POST /consent
  • Persists the visitor consent decision together with region, policy version, and override source.

Dashboard tenant APIs

  • /api/tenants/:tenantId/*
  • Protected by Better Auth session cookies.
  • Organization-scoped middleware blocks cross-tenant access attempts.
  • GET /api/tenants/:tenantId/runtime-map returns the current knowledge, workflow, action-manifest, privacy, repair-queue, and agent-lane state used by the owner agent.
  • GET /api/tenants/:tenantId/agent-home returns the owner-visible runtime pack: guardrails, guide tools, declared targets, model lanes, memory policy, and recommended next actions.

Browser capture context

POST /chat may include capture_context alongside dom_digest and optional viewport_screenshot. The worker sanitizes it before prompt assembly. It contains page metadata, viewport/document dimensions, selected text, focused target, and ranked DOM-backed targets with viewport boxes. This gives the guide structured web context without accepting arbitrary browser control.

Voice

  • GET /transcribe-token mints a visitor-scoped speech token or mock token.
  • POST /transcribe accepts browser-recorded audio and uses the configured request-response transcription model.
  • POST /tts streams speech audio from the selected voice provider.