Skip to main content

Control Surfaces

Status: PUBLIC_CONTRACT_DRAFT. Individual surfaces carry their own maturity. Not a production-live availability claim.

What Is a Control Surface?

A control surface is a path to interact with Zen Mesh. Every surface reads and writes the same Configuration Contract — the contract is the source of truth, not any single surface. Surfaces differ in audience, auth model, and write permissions, but they do not differ in contract validation or audit.

Customer API and MCP are not globally read-only. Write status is determined at the endpoint-group or tool-group level, not globally.

Control Surface Overview

SurfaceAudienceBase path / protocolReadsWritesMaturity
UI (Dashboard)Operators, evaluatorsWeb app at app.zen-mesh.ioYesYes (app-scoped)INTERNAL_ONLY
Customer APIDevelopers, CI/CD/v1/... RESTYesPermissioned, scoped, auditedWIRED_SANDBOX
MCPAI agents, operatorsMCP protocolYes (default-on)Disabled by default, per-tool-group enablementPUBLIC_CONTRACT_DRAFT
CLIAdministratorshermes commandYesYesWIRED_SANDBOX
Git (Contract)GitOps workflowsGit repositoryPlannedPlannedPLANNED (V1.1)
Dashboard/BFFDashboard UI only/api/bff/v1YesYes (dashboard-scoped)INTERNAL_ONLY

UI (Dashboard)

The primary interactive surface for operators and evaluators. The dashboard provides visual management of endpoints, targets, flows, traffic, DLQ, retry, traces, payloads, and evidence.

  • Reads: Yes, full read access
  • Writes: Yes, through app-scoped operations
  • Auth: Session-based (OIDC) or API key
  • Status: INTERNAL_ONLY — app-facing, not a public customer API

Customer API

The programmable REST API for developers, CI/CD pipelines, and programmatic management. Endpoint groups carry individual read/write statuses. Operations require API key authentication, tenant scoping, and appropriate scopes.

  • Reads: Yes, per-endpoint-group availability
  • Writes: Permissioned, scoped, audited, idempotent where relevant
  • Auth: Bearer JWT or API key in Authorization header
  • Status: WIRED_SANDBOX (runtime APIs), PLANNED (GA contract)

See API Overview, Authentication, Write Safety.

MCP (Model Context Protocol)

The AI agent control surface. MCP provides read and write tools for AI agents, operators, and internal tooling. Read tools are default-on. Write tools are disabled by default and must be explicitly enabled per tool group by an operator.

  • Reads: Yes, default-on per V1 policy
  • Writes: Disabled by default, per-tool-group enablement
  • Auth: MCP API key with scopes
  • Status: PUBLIC_CONTRACT_DRAFT

See MCP Overview, MCP V1 Policy.

CLI

The command-line surface for administrators and scripting. The CLI provides direct access to Zen Mesh operations from the terminal.

  • Reads: Yes
  • Writes: Yes
  • Auth: API key or session
  • Status: WIRED_SANDBOX

Git (Contract / GitOps)

The declarative GitOps surface. Planned for V1.1 as a Business+ capability. Git as a Configuration Contract control surface would allow managing Zen Mesh resources through Git repositories with pull-request-based workflows.

  • Reads: Planned
  • Writes: Planned (V1.1)
  • Auth: Git credentials + contract validation
  • Status: PLANNED

Dashboard/BFF API

The internal app-facing API used by the dashboard UI. This is not a public customer contract and should not be consumed directly by external integrations. It exists for the dashboard and may change without notice.

  • Reads: Yes (app-scoped)
  • Writes: Yes (app-scoped)
  • Auth: Session, BFF API key
  • Status: INTERNAL_ONLY

Which Surface Should I Use?

GoalRecommended surface
Interactive explorationUI (Dashboard)
Programmatic integrationCustomer API
AI agent or operator automationMCP
Scripting and admin tasksCLI
GitOps / infrastructure-as-codeGit (planned)

Non-Claims

  • Customer API is not globally read-only — read/write is endpoint-group level
  • MCP is not globally read-only — write tools exist but are disabled by default
  • The Dashboard/BFF API is not a public customer contract
  • GitOps is planned for V1.1, not available in V1
  • API availability does not imply production-live or GA status
  • Write permissions are gated by scopes, tenant authorization, and plan gates