SDK and CLI reference
How the collector syncs Mend delivery state, how to verify what is being served, and how to disable Mend for an environment.
Mend needs no configuration in your collector. The TypeScript SDK, the Python SDK, and the Go CLI all sync Mend delivery state automatically over the same connection they already use to ship telemetry, using the same API key and base URL. There is nothing to install and nothing to turn on.
This page covers the wire mechanism, how to see what is actually being served, and how to disable Mend.
The Pulse header and delivery state
Every collector keeps an in-memory copy of its environment's
delivery-state document: the active shims, the running canaries, and the
kill switch. It learns when that document changes from the Spanly-Pulse
response header on ordinary ingest responses, and fetches the new document
in the background.
The mechanism, the endpoints, and the fail-open rules are documented once on the Pulse page. In short:
- Every authenticated ingest response carries
Spanly-Pulse: <digest>, the content hash of the current delivery state. GET /mend/state/currentreturns{ "digest": "<digest>" }.GET /mend/state/:digestreturns the delivery-state document, content addressed and immutable.
Both endpoints live on the same base URL as /collect and use the same
Authorization: Bearer <api key> header, so they add no new auth surface.
Fetching runs in the background and never blocks or delays a flush or an MCP message. Any failure keeps the last known-good state, and with no state at all the collector serves your manifest untouched. See Trust and safety for the full list of fail-open guarantees.
Verifying what is served
Mend is designed so you never have to trust it blindly. Two views tell you exactly what is on your wire:
-
Delivery state, from the source. Call
GET /mend/state/currentto get the current digest, thenGET /mend/state/:digestwith your API key to read the exact document your collectors are consuming: every active shim, every running canary, and the kill-switch flag. This is the same bytes the SDK and CLI fetch.DIGEST=$(curl -s https://ingest.us.spanly.com/mend/state/current \ -H "Authorization: Bearer $SPANLY_API_KEY" | jq -r .digest) curl -s "https://ingest.us.spanly.com/mend/state/$DIGEST" \ -H "Authorization: Bearer $SPANLY_API_KEY" | jqUse
ingest.eu.spanly.comfor an EU-region key. -
Exposure log, from the dashboard. Every rewritten
tools/listresponse is logged with the shims applied, the canary and arm if any, and whether the overlay actually applied. The Shims and Canaries views render from that served-truth record, so you can see what real sessions received rather than what was intended.
Disabling Mend
The way to disable Mend for an environment is the kill switch. Flip it from the Mend settings in your project (organization-admin only). While it is on, the delivery-state document your collectors fetch carries no shims and no canaries, so every manifest is served untouched. The change reaches your collectors within one Pulse cycle, which is one flush; see the kill-switch section of Trust and safety for the propagation bound and how in-flight sessions are handled. An environment left in the default suggest mode also serves nothing automatically, because no shim or canary exists until a human creates one.
Note. There is currently no environment-variable opt-out to disable Mend directly in the SDK or CLI process. Control is server-side: the kill switch (and suggest mode) fully disable serving for an environment. A dedicated in-process opt-out is a planned follow-up.