l17728 · l17728 · May 20, 2026 · May 19, 2026 · May 19, 2026 · May 19, 2026
diff --git a/api/openapi.yaml b/api/openapi.yaml
@@ -166,7 +166,7 @@

  # ========== Tasks ==========
  /tasks:
    get:
      tags: [tasks]
      summary: List tasks
      operationId: listTasks
@@ -194,7 +194,7 @@
              schema: {$ref: '#/components/schemas/RbacDenied'}
        '429': {$ref: '#/components/responses/RateLimited'}

    post:
      tags: [tasks]
      summary: Create download task
      operationId: createTask
@@ -296,7 +296,7 @@
    parameters:
      - $ref: '#/components/parameters/TaskId'

    get:
      tags: [tasks]
      summary: Get task by ID
      operationId: getTask
@@ -315,7 +315,7 @@
        '404':
          description: Task not found or cross-tenant ID (existence not leaked)

    patch:
      tags: [tasks]
      summary: Update task (priority only)
      operationId: updateTask
@@ -368,7 +368,7 @@
  /tasks/{taskId}/cancel:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    post:
      tags: [tasks]
      summary: Cancel task (async)
      operationId: cancelTask
@@ -402,7 +402,7 @@
  /tasks/{taskId}/retry:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    post:
      tags: [tasks]
      summary: Retry failed subtasks
      operationId: retrySubtasks
@@ -448,7 +448,7 @@
  /tasks/{taskId}/upgrade:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    post:
      tags: [tasks]
      summary: Upgrade to new revision (incremental)
      operationId: upgradeTask
@@ -472,7 +472,7 @@
  /tasks/{taskId}/subtasks:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    get:
      tags: [subtasks]
      summary: List subtasks of a task
      operationId: listSubtasks
@@ -495,7 +495,7 @@
  /tasks/{taskId}/source-allocation:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    get:
      tags: [tasks]
      summary: View source allocation (multi-source visualization)
      operationId: getSourceAllocation
@@ -509,7 +509,7 @@
  /tasks/{taskId}/events:
    parameters:
      - $ref: '#/components/parameters/TaskId'
    get:
      tags: [tasks]
      summary: Task event log
      operationId: getTaskEvents
@@ -644,6 +644,24 @@
                       controller_state: { type: string, enum: [standby] }
 
   # ========== Executors ==========
+  /executors:
+    get:
+      tags: [executors]
+      summary: List executors visible to the principal (UI-SP3)
+      operationId: listExecutors
+      parameters:
+        - in: query
+          name: status
+          schema:
+            type: string
+            enum: [joining, healthy, degraded, suspect, faulty]
+      responses:
+        '200':
+          description: Executors visible to the principal
+          content:
+            application/json:
+              schema: {$ref: '#/components/schemas/ExecutorListResponse'}
+
   /executors/register:
     post:
       tags: [executors]
@@ -1289,10 +1307,15 @@
             application/json:
               schema:
                 type: object
+                required: [items]
                 properties:
                   items:
                     type: array
                     items: {$ref: '#/components/schemas/AuditEntry'}
+                  next_cursor:
+                    type: string
+                    nullable: true
+                    description: Opaque cursor for the next page; null when no more rows.
 
   # ========== Storage Backends ==========
   /storage-backends:
@@ -2499,7 +2522,11 @@
     ExecutorRead:
       type: object
       required: [id, status, health_score, epoch]
-      description: Returned by /join and /heartbeat to confirm registration.
+      description: |
+        Returned by /join, /heartbeat, and the browser-facing /executors list.
+        UI-SP3 extends this with optional/nullable fields needed by the
+        Executors page; pre-existing consumers (mTLS /join, /heartbeat) are
+        unaffected because all new fields are nullable / optional.
       properties:
         id:
           type: string
@@ -2515,6 +2542,42 @@
           type: integer
           minimum: 0
           description: Current epoch (fence token). Increments on every /join.
+        host_id:
+          type: string
+          nullable: true
+          description: Physical host identifier (groups co-located executors).
+        tenant_id:
+          type: integer
+          format: int64
+          nullable: true
+          description: Owning tenant; null for shared-infra executors.
+        last_heartbeat_at:
+          type: string
+          format: date-time
+          nullable: true
+        nic_speed_gbps:
+          type: integer
+          nullable: true
+        disk_free_gb:
+          type: integer
+          format: int64
+          nullable: true
+        disk_total_gb:
+          type: integer
+          format: int64
+          nullable: true
+        created_at:
+          type: string
+          format: date-time
+          nullable: true
+
+    ExecutorListResponse:
+      type: object
+      required: [items]
+      properties:
+        items:
+          type: array
+          items: {$ref: '#/components/schemas/ExecutorRead'}
 
     StorageConfig:
       type: object

diff --git a/docs/operator/web-ui.md b/docs/operator/web-ui.md
@@ -106,3 +106,26 @@ actions are not exposed (no endpoints); the file table uses a height-capped
 `el-table` (true `el-table-v2` windowing is a documented follow-up); the event
 log reads existing `audit_log` rows only; real-time push (SSE/WS) arrives in
 UI-SP5 with no view changes.
+
+## UI-SP3 — Infrastructure & Governance
+
+Four new pages backed by **two additive read-only endpoints** (zero migration):
+
+- `GET /api/v1/audit/log` — tenant-scoped audit search (filters: action prefix,
+  actor_user_id, from/to time range; cursor-paginated; matches the on-disk
+  `searchAuditLog` contract).
+- `GET /api/v1/executors` — browser-facing executor list (own-tenant +
+  shared-infra view; `system_admin` sees all). Lives in a new module
+  (`src/dlw/api/executors_read.py`) because the existing `api/executors.py` is
+  mTLS-only per `tools/lint_invariants.py:check_no_bearer_on_executor_routes`.
+
+Pages: **/executors** (host-grouped list + status filter), **/audit** (filterable +
+cursor pagination), **/quota** (3 cards over the existing `/quota/current`),
+**/settings** (frontend-only: principal info from `stores/session.ts`,
+theme/locale from `stores/ui.ts`, controller state from `/health/active`).
+
+**Known deferrals** (intentional, no backend support today): executor
+drain/restart, metrics history, heartbeat history; HF-token rotation;
+license-policy CRUD; source-driver registration; maintenance mode;
+`/quota/usage` (declared but no backing tables); ML forecast; chargeback PDF;
+real-time audit tail (UI-SP5).