HTTP Sidecar¶
CRP can run as a lightweight REST API server via python -m crp serve, enabling cross-process context sharing without embedding the Python library. This is useful for polyglot stacks - call CRP from Node.js, Go, Rust, or any language with HTTP support.
Status
The sidecar is available in the self-hosted SDK today. Managed SaaS sidecar endpoints are on the roadmap.
Quick start¶
# Start the sidecar (loopback only by default)
python -m crp serve
# Or specify host/port
python -m crp serve --port 8900
# With authentication (required for non-loopback)
python -m crp serve --bind-all --auth-token "your-secret-token"
Architecture¶
The sidecar uses Python's stdlib http.server - no extra dependencies beyond the CRP package.
Endpoints¶
Session lifecycle¶
| Method | Path | Description |
|---|---|---|
POST | /sessions | Create a new session |
GET | /sessions | List active sessions (owned only) |
GET | /sessions/:id/status | Get session status |
POST | /sessions/:id/close | Close and flush session |
Dispatch¶
| Method | Path | Description |
|---|---|---|
POST | /sessions/:id/dispatch | Standard dispatch |
POST | /sessions/:id/dispatch/tools | Tool-mediated dispatch |
POST | /sessions/:id/dispatch/reflexive | Reflexive dispatch |
POST | /sessions/:id/dispatch/progressive | Progressive dispatch |
POST | /sessions/:id/dispatch/stream-augmented | Stream-augmented |
POST | /sessions/:id/dispatch/agentic | Agentic dispatch |
Knowledge¶
| Method | Path | Description |
|---|---|---|
POST | /sessions/:id/ingest | Ingest external data |
GET | /sessions/:id/facts | Query extracted facts |
POST | /sessions/:id/facts/share | Share facts between sessions |
POST | /sessions/:id/facts/feedback | Boost/penalize/reject facts |
GET | /sessions/:id/envelope | Preview current envelope |
Operations¶
| Method | Path | Description |
|---|---|---|
GET | /health | Health check |
POST | /sessions/:id/providers | Register fallback provider |
POST | /sessions/:id/estimate | Estimate session cost |
Example: Node.js client¶
const response = await fetch('http://127.0.0.1:9470/sessions', { method: 'POST' });
const { session_id } = await response.json();
await fetch(`http://127.0.0.1:9470/sessions/${session_id}/ingest`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ text: 'CRP uses CKF for persistent knowledge.' }),
});
const answer = await fetch(`http://127.0.0.1:9470/sessions/${session_id}/dispatch`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
system_prompt: 'You are a helpful assistant.',
task_input: 'What is CKF?',
}),
});
console.log(await answer.json());
Security¶
- Binds to
127.0.0.1by default. --bind-allrequires--auth-tokenunless you explicitly pass--allow-unauthenticated.- Per-IP rate limiting (default 120 req/60s).
- No HTTPS - deploy behind a TLS reverse proxy for production.