Live API — calls /api/keyman/bootstrap & /api/keyman/login. Token stored in sessionStorage for the Vault POC (coffee_keyman_session). Stack write-up: repo COFFEE-SERVER/KEYMAN-VAULT-BROWSER-INTEGRATION.md.

Coffee.Keyman()

Bootstrap or sign in — same Coffee server you opened this page from

·

Create identity

Owner account for this Coffee server (see KEYMAN-ARC).

How will you use this crib?

Sets policy.enforce on the server: Local = vault/file APIs stay open until you tighten policy later. Remote = enforce immediately.

Local / LAN only

Electron or same-machine — Keyman can stay softer until you expose anything.

Tunnel or remote access

Public URL ⇒ lock vault/file routes with Keyman before you ship (KEYMAN-ARC §5).

You’re set

Session token is in this browser tab. Open Vault POC — requests include Authorization: Bearer … automatically.

Open Vault POC Keyman route console (POC)

Sign in

POST /api/keyman/login — token saved for Vault POC.

Route lockdown mock · Homescreen · Vault POC