Running `federiq serve`

federiq serve exposes the engine as an HTTP service.

Endpoints

Method	Path	Purpose
GET	`/healthz`	Liveness probe — always 200
GET	`/metrics`	Prometheus exposition
GET	`/sources`	List attached source names
POST	`/query`	Execute SQL — `{"sql": "..."}` → JSON rows

/healthz and /metrics are always reachable. /sources and /query require the bearer token (see auth).

Running it

federiq serve --addr 0.0.0.0:7878 --token "$FEDERIQ_TOKEN" \
  --tls-cert /etc/federiq/cert.pem --tls-key /etc/federiq/key.pem

Without --tls-cert the server listens on plain HTTP and prints a loud warning — don't expose an unencrypted port to the internet.

Making requests

curl -H "authorization: Bearer $FEDERIQ_TOKEN" \
  -H "content-type: application/json" \
  -d '{"sql":"SELECT 1 AS n"}' \
  https://localhost:7878/query

Configuring via env

Variable	Effect
`FEDERIQ_SERVER_TOKEN`	Bearer token for inbound requests
`FEDERIQ_LOG_FORMAT`	`json` switches tracing to structured logs
`FEDERIQ_ROLE`	Caller role for policies
`FEDERIQ_REGION`	Caller region for policies

FederIQ

Running federiq serve

Endpoints

Running it

Making requests

Configuring via env

Running `federiq serve`