Every sub-app exposes its full OpenAPI 3.1 spec at /api/openapi.json. One merged document for tooling. Auth via HMAC mesh signing or session cookie. Free for buyers, MCP clients, CI integrations.
| App | Status | Endpoints | Version | Tags | Spec |
|---|---|---|---|---|---|
| AdversarialAI | unreachable | 0 | — | spec.json | |
| CloudPulse | unreachable | 0 | — | spec.json | |
| EndpointPulse | unreachable | 0 | — | spec.json | |
| IdentityPulse | unreachable | 0 | — | spec.json | |
| PhishingPulse | unreachable | 0 | — | spec.json | |
| ResiliencePulse | unreachable | 0 | — | spec.json | |
| ThreatPulse | unreachable | 0 | — | spec.json |
| App | Status | Endpoints | Version | Tags | Spec |
|---|---|---|---|---|---|
| NexusAI | unreachable | 0 | — | spec.json |
| App | Status | Endpoints | Version | Tags | Spec |
|---|---|---|---|---|---|
| Talent Intel | unreachable | 0 | — | spec.json |
| App | Status | Endpoints | Version | Tags | Spec |
|---|---|---|---|---|---|
| Oracle | unreachable | 0 | — | spec.json |
| App | Status | Endpoints | Version | Tags | Spec |
|---|---|---|---|---|---|
| LedgerPulse | unreachable | 0 | — | spec.json |
Production (mesh-to-mesh): HMAC-SHA256 signing via X-Manera-Signature + X-Manera-Node + X-Manera-Timestamp + X-Manera-Nonce headers. See shared/mesh_auth.py.
Dev: X-User-Email header (production rejects).
Browser: Flask session cookie after standard signup at /start-trial.
Every Manera sub-app enforces a per-tier monthly Claude API budget. When exhausted, requests return HTTP 402 Payment Required with a JSON body matching BudgetExceeded in components.schemas. Upgrade via /pricing.
The embedded Swagger UI loads the merged spec at /api/openapi.merged.json. Pick an endpoint, fire a request, see the response.