Public Surface | Cessy Builder Docs

Not every HTTP route or MCP server is a public app integration surface. Use this page to choose the right boundary.

Public and supported

Surface	Status	Use
Generated Runtime REST	Public generated app API	External systems execute commands, read projections, import events, and rebuild projections when authorized.
Generated OpenAPI	Public generated app contract	Canonical REST contract for one published app.
GraphQL runtime API	Public generated app API	UI-friendly command mutations and projection queries.
Runtime MCP	Public agent integration	Published app operation by agents.
Webhooks	Public inbound integration	External events mapped into commands.
Subscriptions	Public outbound integration	Event delivery to external consumers.

Builder and admin surfaces

Surface	Status	Use
Builder UI	Builder/admin app	Human design and operations workflow.
Design MCP read-only	Builder/agent onboarding	App inspection, reference lookup, review, and PRD work.
Design MCP full	Trusted builder automation	Workspace edits, validation, page preview, changesets, and promotion.
OAuth routes	Public auth infrastructure	MCP OAuth discovery, consent, token, refresh, and client registration.
`ces` CLI	Builder automation	Scriptable Design MCP access from terminal or agents.

Internal or limited surfaces

Surface	Status	Use
Adapter call route	Limited/internal runtime support	Policy and workspace-controlled calls to configured external services. Not the normal external app API.
Admin APIs	Admin-only	Tenant, user, auth, and operational management.
Database and event store	Internal	Access only through platform code and approved operations.

Promotion rule

If a surface is intended for external consumers, it needs a documented contract, auth story, error behavior, versioning plan, and smoke test. Otherwise keep it internal or builder-only.