UI mock — toggles & keys below are not connected to the live server. Target routes match server.js for when Keyman lands. Live login: KEYMAN2-LOGIN.

Coffee.Keyman()

Open via http://localhost:PORT/… — same host as Coffee Server

Checking server…

Route Lockdown

Preset groups (not all-or-nothing) — see KEYMAN-ARC.md. Examples below = real Coffee paths.

*

/api/file/*

list, read, raw, write, mkdir, delete — Vault sidecar

Keyman
*

/api/vault/*

status, init, root, revoke

Keyman
GET

/api/ping

Health / tunnel URL — often stays open (policy)

Open

API Access Keys

Future: programmatic tokens after login — samples below are fake.

Live bootstrap & login · Vault POC

Key Copied to Clipboard