POST /audit-source/spawn
Register and start a source-audit agent for any source type.
Method POST Path /api/zeq/audit-source/spawn Auth Bearer key + cookie Group Audit Source
Request
{
"slug": "zeq07255875560",
"source_type": "http_webhook" | "filesystem_watch" | "generic_polling" |
"mongo_change_stream" | "postgres_logical" | "s3_notification" |
"mqtt" | "redis_keyspace" | "kafka_consumer",
"source_config": { /* adapter-specific */ },
"display_name": "GitHub webhooks",
"narration_credential_id": null
}
narration_credential_id is optional — set to a BYOK credential UUID and the narrator daemon will write a plain-English forensic explanation for every event.
Response
{
"ok": true,
"agentId": "<uuid>",
"zid": "ZID-XXXXXXXX",
"displayName": "GitHub webhooks",
"status": "running"
}
Examples
Universal HTTP webhook — anything that can POST:
curl -X POST https://zeqapi.com/api/zeq/audit-source/spawn \
-H "Authorization: Bearer $ZEQ_KEY" \
-H "Content-Type: application/json" \
-d '{
"slug": "zeq07255875560",
"source_type": "http_webhook",
"source_config": { "secret": "shared-hmac-secret-32chars" },
"display_name": "GitHub webhooks"
}'
Filesystem watch — any directory on any device:
curl -X POST https://zeqapi.com/api/zeq/audit-source/spawn \
-H "Authorization: Bearer $ZEQ_KEY" \
-d '{
"slug": "zeq07255875560",
"source_type": "filesystem_watch",
"source_config": { "path": "/var/log/myapp", "recursive": true },
"display_name": "Production logs"
}'
Generic HTTP polling — any sensor / status page / legacy API:
curl -X POST https://zeqapi.com/api/zeq/audit-source/spawn \
-d '{
"slug": "zeq07255875560",
"source_type": "generic_polling",
"source_config": {
"url": "https://api.example.com/status",
"intervalZeqonds": 10,
"emitOn": "change"
}
}'
Reference
- Source:
shared/api-core/src/routes/dataSourceAudit.ts - Engine:
shared/api-core/src/lib/dataSourceAudit/orchestrator.ts
Phase-locked at 1.287 Hz. Awaiting next Zeqond.