Live · 3 planes · OpenAPI 3.0.3

One provenance engine. Fully callable.

All EpochCore services exposed as OpenAPI 3.0.3 endpoints — import into IBM watsonx Orchestrate, call directly from any agent, or use the browser tools below. Same infrastructure your watsonx agents hit today.

Q-Routed Conductor

qpc.q-routed.com

WORM ledger QPC ops Ed25519 ML-DSA-65 SLH-DSA-128f

checking…

PQC Sealing Dataplane

pqc.epochcoreqcs.com

ML-KEM-1024 ML-DSA-87 SLH-DSA-128f BLAKE3 IBM Key Protect

checking…

Watermark Scope Worker

watermark-scope-worker.epochcoreras.workers.dev

Cloudflare Worker Bearer-gated SSE stream COS sidecars

checking…

01 · API Catalog

All endpoints. Try any live.

Every response carries an x-epoch-dkap-ed25519 + x-epoch-dkap-mldsa envelope. Tenant header: x-tenant: epochcore-design-system

qpc.q-routed.com WORM ledger + quantum ops + signatures

GET /health Conductor health — three-state: worker, tunnel, dispatcher ▸

Returns live status of all three conductor layers. Envelope headers on every response confirm the signing chain is active.

GET https://qpc.q-routed.com/health Headers: x-tenant: epochcore-design-system Response 200: { "worker": true, "tunnel": true, "dispatcher": true }

POST /worm/propose Stage a new append-only ledger entry ▸

Proposes a new WORM entry. Returns an entry_id that must be passed to /worm/apply to commit.

POST https://qpc.q-routed.com/worm/propose Body: { "repo": "epochcore-design-system", "file": "output.mp4", "fix_type": "watermark", "description": "Watermarked + sealed asset" } Response 200: { "entry_id": "worm-xxxx", "status": "proposed" }

GET /worm/list List all WORM entries for a repo ▸

Returns all committed ledger entries for the specified repo, newest first.

GET https://qpc.q-routed.com/worm/list?repo=epochcore-design-system Response 200: [ { "entry_id": ..., "file": ..., "timestamp": ... }, ... ]

GET /qpc/qrng True quantum entropy — Hadamard on IBM Quantum hardware ▸

Generates provably non-PRNG random bits via quantum circuits on IBM Quantum hardware. Used to seed the entropy field in every receipt.

GET https://qpc.q-routed.com/qpc/qrng?bits=64 Response 200: { "entropy": "a3f8c2...", "bits": 64 }

GET /qpc/qccf Quantum coherence-compression fingerprint ▸

Fingerprints a SHA-256 payload through a controlled-unitary interference pattern. Returns a deterministic signature for stamping into sealed receipts.

GET https://qpc.q-routed.com/qpc/qccf?qubits=4&payload=a3f8c2 Response 200: { "fingerprint": "7e4a...", "qubits": 4, "ms": 120 }

GET /seal/pubkeys Live Ed25519 + ML-DSA-65 public keys for independent verification ▸

Returns the current signing public keys from the conductor. Use these to independently verify the envelope headers on any response.

GET https://qpc.q-routed.com/seal/pubkeys Response 200: { "ed25519": "base64...", "mldsa": "base64..." }

POST /qpc/qverify Triple-signature chain verify — Ed25519 + ML-DSA-65 + SLH-DSA-128f ▸

Verifies the full three-signature envelope chain for a sealed WORM entry. Pass/fail — mathematically certain.

POST https://qpc.q-routed.com/qpc/qverify Body: { "entry_id": "worm-xxxx" } Response 200: { "passed": true, "entry_id": "worm-xxxx" }

POST /worm/apply · /worm/verify Commit entry → record pass/fail — completes the propose→apply→verify chain ▸

After /worm/propose returns an entry_id, call /worm/apply to commit it, then /worm/verify to record the outcome. The full chain is the audit trail.

POST /worm/apply { "entry_id": "worm-xxxx" } POST /worm/verify { "entry_id": "worm-xxxx", "passed": true }

pqc.epochcoreqcs.com Post-quantum sealing — ML-KEM-1024, ML-DSA-87, IBM Key Protect HSM

GET / Capability manifest — all armed planes: KEM, DKAP, SLH-DSA, Key Protect ▸

Returns JSON capability manifest showing which PQC algorithms are armed. CORS-guarded by design — a 401/403 from the browser confirms it is deployed and protected (the correct posture for a sealing dataplane).

GET https://pqc.epochcoreqcs.com/ Response 200: { "ok": true, "kem_armed": true, "dkap_armed": true, "kp_armed": true, "slh_dsa128f_armed": true, "blake3_hashing": true, "subtree_anchoring": true }

CORS-guarded — browser probe degrades gracefully

watermark-scope-worker.epochcoreras.workers.dev Cloudflare Worker — watermark + seal a COS object scope, SSE stream, Bearer-gated

POST /watermark_scope Seal a COS scope — ML-DSA-87 + Key Protect HSM + .epochseal sidecars ▸

For every object in a COS scope: ML-DSA-87 dkapSeal → FIPS-140-2 Key Protect HSM custody → .epochseal sidecar written back to COS. Streams SSE progress. Bearer token required.

POST https://watermark-scope-worker.epochcoreras.workers.dev/watermark_scope Authorization: Bearer <token> Body: { "scope": "cos://bucket/prefix", "dry_run": false } Response 200: SSE stream — progress per object Response 401/403: Gate holding — deployed + protected ✓

Expects 401/403 — confirms worker is deployed

02 · OpenAPI Specs

Import into watsonx Orchestrate.

Each spec is OpenAPI 3.0.3 — paste the URL into the watsonx Orchestrate agent builder to add all capabilities as callable skills. Or download JSON and import locally.

Q-Routed Conductor

WORM ledger, QRNG, QCCF, triple-sig verify, pubkeys. 8 operations.

⬇ Download JSON ⎘ Copy to clipboard

PQC Sealing Dataplane

ML-KEM-1024, ML-DSA-87, SLH-DSA, Key Protect capability manifest.

⬇ Download JSON ⎘ Copy to clipboard

Watermark Scope Worker

Cloudflare Worker — COS scope sealing, ML-DSA-87, Bearer-gated SSE stream.

⬇ Download JSON ⎘ Copy to clipboard

watsonx Orchestrate import: Agent Builder → Tools → Add tool → API → Paste OpenAPI JSON → Save → all operations are immediately callable by your agent in plain language.

03 · Browser Tools