Run it headless: the services
How to stand LegalWork up without the desktop shell — the orchestrator that supervises everything, the workspace API it fronts, and the chat bridge.
Endpoints
GET /healthGET /statusGET /capabilitiesGET /whoamiGET /workspacesGET /workspace/:id/configPATCH /workspace/:id/configGET /workspace/:id/eventsPOST /workspace/:id/engine/reloadGET /workspace/:id/pluginsPOST /workspace/:id/pluginsDELETE /workspace/:id/plugins/:nameGET /workspace/:id/skillsPOST /workspace/:id/skillsGET /workspace/:id/mcpPOST /workspace/:id/mcpDELETE /workspace/:id/mcp/:nameGET /workspace/:id/commandsPOST /workspace/:id/commandsDELETE /workspace/:id/commands/:nameGET /workspace/:id/auditGET /workspace/:id/exportPOST /workspace/:id/import/previewPOST /workspace/:id/import
Token management (host/owner auth):
GET /tokensPOST /tokens(body:{ "scope": "owner"|"collaborator"|"viewer", "label"?: string })DELETE /tokens/:id
Inbox/outbox:
POST /workspace/:id/inbox(multipart upload into.opencode/legalwork/inbox/)GET /workspace/:id/artifactsGET /workspace/:id/artifacts/:artifactIdPOST /workspace/:id/files/sessionsPOST /files/sessions/:sessionId/renewDELETE /files/sessions/:sessionIdGET /files/sessions/:sessionId/catalog/snapshotGET /files/sessions/:sessionId/catalog/eventsPOST /files/sessions/:sessionId/read-batchPOST /files/sessions/:sessionId/write-batchPOST /files/sessions/:sessionId/ops
Toy UI (static assets served by the server):
GET /uiGET /w/:id/uiGET /ui/assets/*
OpenCode proxy:
GET|POST|... /opencode/*GET|POST|... /w/:id/opencode/*
OpenCode Router proxy:
GET|POST|... /opencode-router/*GET|POST|... /w/:id/opencode-router/*
Auth policy:
GET /opencode-router/healthrequires client auth.- All other
/opencode-router/*endpoints require host/owner auth.