Web Endpoints
HTTP routes (outside /mcp)
All non-MCP routes are handled in src/index.ts L3290-3470 (the fetch function). CORS headers are set on every response (see src/mcp.ts L3-11).
| Path | Method | Query | Returns | Source |
|---|---|---|---|---|
/ | GET | — | JSON health (name/version/endpoints/tools) | L3296 |
/healthz | GET | — | Same as / | L3296 |
/plot | GET | ?d=<base64url-gzipped-json> | SVG image | L3300-3317 |
/png | GET | ?d=<base64url-gzipped-json> | PNG image (resvg + pathified CJK) | L3320-3330 |
/multi_plot | GET | ?spec=<urlencoded-json> | SVG subplot grid | L3332-3342 |
/multi_plot.png | GET | ?spec=<urlencoded-json> | PNG subplot grid | L3344-3354 |
/s/{token} | GET | — | Short link render (PNG/SVG/HTML) | L3356-3366 |
/force.svg | GET | ?d=<...> | Force diagram SVG (simple) | L3368-3377 |
/force-analysis.svg | GET | ?d=<...> | Force analysis SVG (rich, axes/components/resultant) | L3379-3388 |
/circuit.svg | GET | ?d=<...> | Circuit diagram SVG | L3390-3399 |
/venn.svg | GET | ?d=<...> | Venn diagram SVG | L3401-3410 |
/c-memory.svg | GET | ?d=<...> | C memory layout SVG | L3412-3421 |
/shape3d.html | GET | ?d=<...> | Interactive 3D viewer HTML | L3423-3432 |
/mcp | POST | JSON-RPC 2.0 body | MCP response | L3434-3468 |
| (anything else) | — | — | 404 not_found | L3434-3436 |
The ?d= query parameter
All SVG/PNG endpoints accept a gzipped, base64-url encoded JSON spec. The encoding is implemented in src/utils.ts:
toCompressedBase64UrlFromJson(value)— compresses withCompressionStream("gzip"), then base64-url encodes. URL-safe (no+,/,=).parseCompressedBase64UrlJson(packed)— reverses the above.
The spec JSON shape is tool-specific (e.g. for /plot: {expr, x_min, x_max, points, title, xlabel, ylabel, annotations}). For /multi_plot, the shape is the MultiPlotResult from buildSubplot.
Short links
When buildShortUrl (src/index.ts L2306) computes a ?d= longer than 3600 chars, it falls back to storing the payload in KV and returning a short URL {origin}/s/{token}. The token is 8 chars of base32. Each token maps to a ShortLinkRecord in KV under short:{token} with TTL 30 days (SHORT_LINK_TTL_SECONDS = 60*60*24*30).
The renderShortLink function (L2383) dispatches based on record.path to the matching renderer: /png uses renderPngResponse, SVG paths return their respective render*Svg functions, /shape3d.html returns the HTML viewer.
CORS
Every response includes access-control-allow-origin: *, access-control-allow-methods: GET, POST, OPTIONS, and access-control-allow-headers: content-type, mcp-session-id. The OPTIONS method returns 204 with the same headers.
Cache headers
All image responses set cache-control: public, max-age=300 (5 minutes). KV writes also expire at 30 days, so a short link won't outlive its KV record.