{
  "protocol": "HHTTPS — Human-verified HTTPS",
  "version": "0.5.0",
  "initiative": "iamhmn",
  "contact": "daniel.hannuschka@tweakz.de",
  "github": "github.com/dhannus/HHTTPS",
  "demo": "https://hhttps.org",
  "features": [
    "webauthn",
    "roles-esco-dynamic",
    "email-verification",
    "refresh-tokens",
    "token-revocation",
    "machine-tokens",
    "webhooks",
    "jwks",
    "discovery",
    "postgres-persistence"
  ],
  "security": {
    "algorithm": "ES256",
    "helmet": true,
    "rateLimiting": true,
    "revocation": true,
    "persistence": "postgres"
  },
  "stats": {
    "registeredPasskeys": 27,
    "activeTokens": 0,
    "activeRefreshTokens": 14,
    "activeSessions": 0,
    "revokedTokens": 49,
    "machineOperators": 19
  },
  "roles_model": "esco-dynamic",
  "base_identity": {
    "id": "citizen",
    "label": "Citizen",
    "icon": "🧑"
  },
  "endpoints": {
    "GET  /.well-known/hhttps-configuration": "Discovery",
    "GET  /.well-known/jwks.json": "Public key (JWKS)",
    "POST /hhttps/check": "★ Human/machine + role check",
    "GET  /hhttps/roles": "Role registry (15 roles)",
    "POST /hhttps/webauthn/register/{start,finish}": "Passkey registration",
    "POST /hhttps/webauthn/auth/{start,finish}": "Passkey authentication",
    "POST /hhttps/token/refresh": "Refresh access token",
    "POST /hhttps/session/email/start": "Create email-only session (no WebAuthn required)",
    "POST /hhttps/email/send": "Send email verification",
    "GET  /hhttps/email/verify": "Confirm email",
    "POST /hhttps/role/declare": "Declare role → token",
    "POST /hhttps/revoke": "Revoke token",
    "POST /hhttps/validate": "Validate token",
    "POST /hhttps/machine/{register,token}": "Machine token issuance",
    "GET/POST/DELETE /hhttps/webhooks": "Webhook management",
    "GET  /hhttps/stats": "Public aggregated stats"
  }
}