SWAMP SERVE

swamp serve starts a WebSocket API server for remote workflow and model execution. Clients connect over WebSocket, authenticate with tokens or OAuth, and execute commands against the server's repository.

Core Concepts

Concept	Role
Server	`swamp serve` instance exposing a WebSocket API
Token	Named credential that binds a principal identity to the server
Grant	Authorization rule: subject + effect (allow/deny) + actions + resource
Group	Named collection of principals for batch grant assignment
Policy snapshot	Compiled set of active grants and groups, rebuilt on reload
Principal	Identity in a grant subject: `user:<id>`, `group:<name>`, `idp-group:<slug>`

In This Section

Access Commands — CLI reference for swamp access subcommands: tokens, grants, groups, checks
Authorization — the grant model: subjects, effects, actions, resource selectors, CEL conditions, deny-wins
Serve Flags — swamp serve flags, environment variables, and credential storage

← PreviousTLS and Proxies Next →Access Commands