# wave vss

> A WAVE Protocol Plane spoke for the **wave_vss** product over the http protocol. A thin Cloudflare edge
> surface that reverse-proxies `/api/*` to https://api.wave.online (auth/scope/metering enforced by wave-gateway).

## Endpoints
- `GET /health` — liveness JSON
- `GET /llms.txt` — this agent map (llms.txt standard)
- `GET /docs.md` — agent-legible markdown docs
- `GET /.well-known/wave.json` — machine-readable capability descriptor
- `GET /threat-model` — threat-model summary
- `* /api/*` — reverse-proxied to https://api.wave.online behind wave-gateway

## Calling the API
- Base: `https://api.wave.online` — the spoke forwards your `Authorization` header verbatim.
- The spoke attaches `X-Wave-Product: wave_vss` and `X-Wave-Protocol: http` for attribution.
- The spoke mints/reads/strips NO credentials; the gateway is the single enforcement plane.

## More
- Capability JSON: `/.well-known/wave.json`
- Docs: `/docs.md`
- WAVE: https://wave.online