Seam Local API¶
seam api binds to 127.0.0.1:8401 by default and rejects non-loopback binds unless --allow-remote-api is set. API-created intercept listeners also reject non-loopback binds unless --allow-remote-intercept is set.
Set SEAM_API_TOKEN or pass --api-token to require Authorization: Bearer <token> or X-Seam-API-Token: <token> on every API endpoint. If no token is configured, Seam logs a warning and preserves local backwards compatibility.
Endpoints:
POST /intercept/startPOST /intercept/stopGET /messagesGET /transcriptPOST /rules/applyPOST /deliver
Minimal /deliver request:
{
"route_id": "direct",
"method": "POST",
"path": "/message:send",
"body_json": {"intent": "touch tripwire"}
}
Response includes transcript_refs so Assay can attach proof records to a finding.
See the Assay Seam contract for the route payload Assay sends and how returned transcript refs are stored in findings.