<aside>

Using it

Every request must carry the token:

TOKEN="...paste from log..."

# Get the current player + world state
curl -H "Authorization: Bearer $TOKEN" <http://localhost:25580/state>

# Send chat
curl -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \\
     -d '{"text":"hi"}' <http://localhost:25580/chat/send>

# Run a slash command and capture its 800ms reply window
curl -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \\
     -d '{"command":"time query daytime"}' <http://localhost:25580/command>

For browser-based clients the token can also go on the query string (?token=...) - useful where setting headers is awkward.

The full endpoint reference lives in the ThrallHttpServer KDoc and in docs/thrall-bot-prompt.md. The headline endpoints are:

• GET /state — full snapshot (player, world, inventory, nearby blocks/entities)
• POST /actions — batched action sequence with wait / screenshot / includeState flags
• POST /command, /chat/send, /look, /move, /jump, /sneak, /attack, /use, /hotbar, /hover
• POST /menu/open, /menu/interact
• POST /screenshot — base64 PNG of the current framebuffer
• GET /worlds, POST /world/{join,create,leave}
• GET /servers, POST /server/{add,join,connect,leave}
• POST /auth/{start,complete,logout}, GET /auth/status — Microsoft → Minecraft account auth
• GET /chat/stream — long-poll the chat ring buffer

A local test harness lives at test/index.html - open it in a browser, paste your token into the topbar, and you can poke every endpoint without writing any code.

</aside>