API
Onprest exposes capabilities through REST and MCP. It also exposes OpenAPI metadata generated from the agent-side capability.yaml.
All public API surfaces use API key authentication except /healthz. REST, MCP, and OpenAPI are filtered by capability authorization.