hzel
Concepts

Architecture

High-level architecture of the hzel platform.

Overview

hzel is made up of two surfaces you interact with:

  • Dashboard — the web UI for managing containers, viewing logs, and configuring your account.
  • API — the REST and WebSocket interface at api.hzel.org. Everything the dashboard does is also available through the API.

All container operations are handled by the hzel backend. You never interact with the underlying infrastructure directly — the API is the only interface.

Request Flow

When you make an API request:

  1. Your token is verified and your identity is confirmed.
  2. Ownership and permissions are checked before any action is taken.
  3. The requested operation is carried out on your container.
  4. The result is returned in the API response, and the action is written to the audit log.

For long-running operations (commands, terminal sessions), results are streamed back over WebSockets rather than held open in the HTTP response.

Container Isolation

Containers on hzel are unprivileged and isolated from each other and from the host. Each container has enforced CPU, memory, and network limits. You have full root access inside your own container and no visibility into others.

Audit Log

Every action taken on your account — container lifecycle events, authentication, API token management — is recorded with a timestamp and the identity of the actor. Logs are available through the dashboard and the API.

Authentication

How to authenticate with the hzel API.

Container Lifecycle

How containers are provisioned, managed, and destroyed.