REST API Reference

Overview

This document is generated from the live FastAPI OpenAPI schema and serves as the contract-oriented REST reference. WebSocket endpoints are documented separately and are not part of OpenAPI.

  • Swagger UI: /api/docs
  • ReDoc: /api/redoc
  • OpenAPI JSON: /api/openapi.json

Authentication

Security Schemes

  • APIKeyHeader: type=apiKey, in=header
  • HTTPBearer: type=http, scheme=bearer

Supplemental Contract Coverage

The generated OpenAPI export remains the source of truth for the bulk catalog below. The following routes are listed explicitly to keep the written reference aligned with the live runtime for newer governance, active-project, and dashboard-control surfaces:

Agent Context and Recall

  • GET /api/v1/agent-context/sessions/{session_id}/task
  • GET /api/v1/agent-context/sessions/{session_id}/task/why
  • GET /api/v1/agent-context/sessions/{session_id}/context/why
  • POST /api/v1/agent-context/sessions/{session_id}/recall-feedback
  • POST /api/v1/agent-context/sessions/{session_id}/memory/dismiss
  • GET /api/v1/agent-context/stories/task-capsules
  • GET /api/v1/agent-context/tasks/next
  • GET /api/v1/memory/knowledge
  • GET /api/v1/memory/knowledge/source-refresh/plan
  • GET /api/v1/memory/knowledge/review-plan
  • GET /api/v1/memory/knowledge/policy

User Administration

  • GET /api/v1/admin/identity/users
  • POST /api/v1/admin/identity/users
  • GET /api/v1/admin/identity/users/{user_id}
  • PATCH /api/v1/admin/identity/users/{user_id}
  • POST /api/v1/admin/identity/users/{user_id}/activate
  • POST /api/v1/admin/identity/users/{user_id}/deactivate
  • POST /api/v1/admin/identity/users/{user_id}/reset-password
  • GET /api/v1/admin/identity/users/{user_id}/access
  • PUT /api/v1/admin/identity/users/{user_id}/access

AI FinOps Dashboard

  • GET /api/v1/finance/ai-finops/overview
  • GET /api/v1/finance/ai-finops/usage
  • GET /api/v1/finance/ai-finops/usage/{request_id}
  • GET /api/v1/finance/ai-finops/budgets
  • POST /api/v1/finance/ai-finops/budgets
  • PUT /api/v1/finance/ai-finops/budgets/{budget_id}
  • GET /api/v1/finance/ai-finops/policies
  • POST /api/v1/finance/ai-finops/policies
  • PUT /api/v1/finance/ai-finops/policies/{policy_id}
  • GET /api/v1/finance/ai-finops/catalog
  • POST /api/v1/finance/ai-finops/catalog
  • PUT /api/v1/finance/ai-finops/catalog/{card_id}
  • POST /api/v1/finance/ai-finops/catalog/estimate
  • GET /api/v1/finance/ai-finops/incidents
  • GET /api/v1/finance/ai-finops/optimization
  • POST /api/v1/finance/ai-finops/optimization/what-if
  • POST /api/v1/finance/ai-finops/export

Security Dashboard Control Plane

  • GET /api/v1/security/overview
  • GET /api/v1/security/dlp/config
  • PUT /api/v1/security/dlp/config
  • GET /api/v1/security/dlp/activity
  • GET /api/v1/security/siem/config
  • PUT /api/v1/security/siem/config
  • GET /api/v1/security/siem/stats
  • GET /api/v1/security/siem/events
  • GET /api/v1/security/audit-log
  • GET /api/v1/security/audit-log/{entry_id}
  • POST /api/v1/traceability/cross-repo/run

Project, Group, Repository, and Documentation Governance

  • GET /api/v1/documentation/projects/{project_name}/facts-metrics
  • GET /api/v1/documentation/projects/{project_name}/package
  • GET /api/v1/documentation/projects/{project_name}/document
  • PATCH /api/v1/groups/{group_id}/users/{user_id}
  • GET /api/v1/groups/{group_id}/users/{user_id}/project-access
  • PUT /api/v1/groups/{group_id}/users/{user_id}/project-access
  • POST /api/v1/projects/{project_id}/switch
  • GET /api/v1/projects/active/effective
  • POST /api/v1/repositories/provider-connections/{connection_id}/health-check

Docs-Sync REST Coverage Index

The following REST route names are emitted by static interface discovery and are listed exactly so docs-sync can verify REST coverage.

  • GET /src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:12
  • DELETE /gitverse/projects/{project_name}/bindingsrc/api/routers/dashboard_domains/dashboard_v2_gitverse.py:276
  • DELETE /logoutsrc/api/routers/auth_suite/auth_local_routes.py:1148
  • DELETE /personal-memory/interaction-profile/{employee_id}src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:249
  • DELETE /personal-memory/{memory_uri:path}src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:298
  • DELETE /saved-views/{view_id}src/api/routers/dashboard_domains/dashboard_v2_notifications.py:595
  • DELETE /subscriptions/{sub_id}src/api/routers/dashboard_domains/dashboard_v2_notifications.py:395
  • GET /ai-finops/billing-recordssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:357
  • GET /ai-finops/billing-sync/yandexsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:395
  • GET /ai-finops/budgetssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:128
  • GET /ai-finops/catalogsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:186
  • GET /ai-finops/fx-ratessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:303
  • GET /ai-finops/incidentssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:261
  • GET /ai-finops/model-portfoliosrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:222
  • GET /ai-finops/optimizationsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:414
  • GET /ai-finops/overviewsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:79
  • GET /ai-finops/policiessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:159
  • GET /ai-finops/reconciliationsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:385
  • GET /ai-finops/recurring-costssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:269
  • GET /ai-finops/tax-profilessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:330
  • GET /ai-finops/usagesrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:88
  • GET /ai-finops/usage/{request_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:119
  • GET /api-keyssrc/api/routers/auth_suite/auth_machine_routes.py:97
  • GET /api/v1/admin/runtime/deployment-profiles/statussrc/api/routers/project_suite/deployment_profiles.py:32
  • GET /api/v1/admin/runtime/deployment-profiles/{profile_id}/enforcesrc/api/routers/project_suite/deployment_profiles.py:46
  • GET /api/v1/admin/runtime/deployment-profiles/{profile_id}/readinesssrc/api/routers/project_suite/deployment_profiles.py:38
  • GET /api/v1/admin/runtime/healthsrc/api/routers/project_suite/managed_runtime.py:57
  • GET /api/v1/admin/runtime/sessions/{session_id}/commandssrc/api/routers/project_suite/managed_runtime.py:113
  • GET /api/v1/admin/runtime/statussrc/api/routers/project_suite/managed_runtime.py:51
  • GET /api/v1/projects/{project_id}/business-graphsrc/api/routers/project_suite/projects.py:621
  • GET /api/v1/projects/{project_id}/business-graph/contextsrc/api/routers/project_suite/projects.py:750
  • GET /api/v1/admin/access/audit-eventssrc/api/routers/query_support/workspace_access.py:297
  • GET /api/v1/admin/access/decisionsrc/api/routers/query_support/workspace_access.py:277
  • GET /api/v1/admin/access/effective-accesssrc/api/routers/query_support/workspace_access.py:263
  • GET /api/v1/admin/access/team-agentssrc/api/routers/query_support/workspace_access.py:119
  • GET /api/v1/admin/access/teamssrc/api/routers/query_support/workspace_access.py:87
  • GET /assistants/{assistant_id}/memory-policysrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:356
  • GET /audit-report-jobs/{job_id}src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:1009
  • GET /bindingssrc/api/routers/project_suite/repositories_onboarding_routes.py:370
  • GET /bindings/{binding_id}src/api/routers/project_suite/repositories_onboarding_routes.py:388
  • GET /bindings/{binding_id}/review-snapshotssrc/api/routers/project_suite/repositories_sync_routes.py:433
  • GET /bindings/{binding_id}/slicessrc/api/routers/project_suite/repositories_onboarding_routes.py:591
  • GET /bindings/{binding_id}/subprojectssrc/api/routers/project_suite/repositories_onboarding_routes.py:728
  • GET /bindings/{binding_id}/subprojects/discoversrc/api/routers/project_suite/repositories_onboarding_routes.py:696
  • GET /bindings/{binding_id}/sync-jobssrc/api/routers/project_suite/repositories_sync_routes.py:147
  • GET /bulk-import/batchessrc/api/routers/project_suite/repositories_onboarding_routes.py:862
  • GET /bulk-import/batches/{batch_id}src/api/routers/project_suite/repositories_onboarding_routes.py:903
  • GET /api/v1/employee-tasks/cases/{case_id}/handoff-chainsrc/api/routers/digital_employee_suite/digital_employees_governance_routes.py:351
  • GET /comparesrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:450
  • GET /compliance/heatmapsrc/api/routers/dashboard_domains/dashboard_v2_compliance_heatmap.py:265
  • GET /api/v1/admin/workforce/control-tower/{project_key}src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:418
  • GET /cross-reposrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:491
  • GET /deliveriessrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:408
  • GET /deliveries/pendingsrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:477
  • GET /deliveries/summarysrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:463
  • GET /discoversrc/api/routers/project_suite/repositories_onboarding_routes.py:121
  • GET /engineering/dora/aggregatessrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:238
  • GET /engineering/integration-profilessrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:154
  • GET /engineering/integration-profiles/{profile_id}src/api/routers/dashboard_domains/dashboard_v2_engineering.py:164
  • GET /event-catalogsrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:536
  • GET /gitverse/overviewsrc/api/routers/dashboard_domains/dashboard_v2_gitverse.py:141
  • GET /knowledgesrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:146
  • GET /knowledge/policysrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:705
  • GET /knowledge/review-plansrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:251
  • GET /knowledge/source-refresh/plansrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:223
  • GET /ldap/statussrc/api/routers/auth_suite/auth_external_routes.py:404
  • GET /mesrc/api/routers/auth_suite/auth_local_routes.py:240
  • GET /memory/scopessrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:41
  • GET /memory/shelfsrc/api/routers/agent_context_suite/agent_context_memory_routes.py:216
  • GET /metrics/mappingsrc/api/routers/dashboard_core/dashboard_v2_metrics.py:87
  • GET /oauth/providerssrc/api/routers/auth_suite/auth_external_routes.py:49
  • GET /oauth/{provider}src/api/routers/auth_suite/auth_external_routes.py:86
  • GET /oauth/{provider}/callbacksrc/api/routers/auth_suite/auth_external_routes.py:129
  • GET /personal-memorysrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:85
  • GET /personal-memory/interaction-profilesrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:167
  • GET /personal-memory/settingssrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:53
  • GET /personal-memory/tombstonessrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:128
  • GET /portfoliosrc/api/routers/project_suite/repositories_sync_routes.py:43
  • GET /portfolio/compare-periodssrc/api/routers/dashboard_core/dashboard_v2_history.py:143
  • GET /api/v1/employee-tasks/prd-delivery/{case_id}/statussrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:269
  • GET /projects/{project_name}/basissrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:300
  • GET /projects/{project_name}/dorasrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:226
  • GET /projects/{project_name}/dora/comparesrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:293
  • GET /projects/{project_name}/dora/snapshotssrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:276
  • GET /projects/{project_name}/drilldownsrc/api/routers/dashboard_core/dashboard_v2_history.py:189
  • GET /projects/{project_name}/healthsrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:265
  • GET /projects/{project_name}/releasessrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:73
  • GET /projects/{project_name}/stabilitysrc/api/routers/dashboard_domains/dashboard_v2_engineering.py:130
  • GET /projects/{project_name}/trendssrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:425
  • GET /provider-connectionssrc/api/routers/project_suite/repositories_onboarding_routes.py:91
  • GET /red-zonesrc/api/routers/dashboard_core/dashboard_v2_red_zone.py:716
  • GET /releases/{project_name}/comparesrc/api/routers/dashboard_core/dashboard_v2_history.py:171
  • GET /review-snapshots/{snapshot_id}/jobssrc/api/routers/project_suite/repositories_sync_routes.py:488
  • GET /rolessrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:339
  • GET /roles/{role_id}/chartersrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:347
  • GET /saved-viewssrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:549
  • GET /saved-views/{view_id}src/api/routers/dashboard_domains/dashboard_v2_notifications.py:582
  • GET /sca/overviewsrc/api/routers/dashboard_domains/dashboard_v2_sca.py:53
  • GET /security/audit-logsrc/api/routers/dashboard_domains/dashboard_v2_security.py:222
  • GET /security/audit-log/{entry_id}src/api/routers/dashboard_domains/dashboard_v2_security.py:257
  • GET /security/dlp/activitysrc/api/routers/dashboard_domains/dashboard_v2_security.py:128
  • GET /security/dlp/configsrc/api/routers/dashboard_domains/dashboard_v2_security.py:84
  • GET /security/overviewsrc/api/routers/dashboard_domains/dashboard_v2_security.py:75
  • GET /security/siem/configsrc/api/routers/dashboard_domains/dashboard_v2_security.py:142
  • GET /security/siem/eventssrc/api/routers/dashboard_domains/dashboard_v2_security.py:208
  • GET /security/siem/statssrc/api/routers/dashboard_domains/dashboard_v2_security.py:168
  • GET /service-accountssrc/api/routers/auth_suite/auth_machine_routes.py:309
  • GET /service-accounts/action-catalogsrc/api/routers/auth_suite/auth_machine_routes.py:191
  • GET /service-accounts/{service_account_id}src/api/routers/auth_suite/auth_machine_routes.py:345
  • GET /sessions/{session_id}/commit-statussrc/api/routers/agent_context_suite/agent_context_sharing_routes.py:137
  • GET /sessions/{session_id}/context/whysrc/api/routers/agent_context_suite/agent_context_session_routes.py:288
  • GET /sessions/{session_id}/tasksrc/api/routers/agent_context_suite/agent_context_session_routes.py:205
  • GET /sessions/{session_id}/task/whysrc/api/routers/agent_context_suite/agent_context_session_routes.py:238
  • GET /snapshotssrc/api/routers/dashboard_core/dashboard_v2_snapshots.py:225
  • GET /snapshots/policysrc/api/routers/dashboard_core/dashboard_v2_snapshots.py:273
  • GET /snapshots/{project_name}/compare-periodssrc/api/routers/dashboard_core/dashboard_v2_history.py:115
  • GET /snapshots/{project_name}/diffsrc/api/routers/dashboard_core/dashboard_v2_history.py:91
  • GET /snapshots/{project_name}/trendssrc/api/routers/dashboard_core/dashboard_v2_history.py:59
  • GET /snapshots/{snapshot_id}src/api/routers/dashboard_core/dashboard_v2_snapshots.py:282
  • GET /subscriptionssrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:140
  • GET /surface-refresh-jobs/{job_id}src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:790
  • GET /sync-jobssrc/api/routers/project_suite/repositories_sync_routes.py:79
  • GET /sync-jobs/backlogsrc/api/routers/project_suite/repositories_sync_routes.py:121
  • GET /api/v1/employee-tasks/tasks/{task_id}/workflowsrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:133
  • GET /userssrc/api/routers/auth_suite/auth_local_routes.py:260
  • GET /users/{user_id}src/api/routers/auth_suite/auth_local_routes.py:351
  • GET /users/{user_id}/accesssrc/api/routers/auth_suite/auth_local_routes.py:558
  • GET /{employee_id}src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:410
  • GET /{employee_id}/control-planesrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:541
  • GET /{employee_id}/pinned-profilesrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:622
  • GET /{employee_id}/presencesrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:522
  • GET /{employee_id}/skillssrc/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:95
  • GET /api/v1/admin/workforce/{employee_id}/skills/proposalssrc/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:64
  • GET /api/v1/admin/workforce/{employee_id}/skills/proposals/{proposal_id}src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:80
  • GET /api/v1/admin/workforce/{employee_id}/skills/{skill_id}src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:270
  • PATCH /personal-memory/{memory_uri:path}src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:274
  • PATCH /provider-connections/{connection_id}src/api/routers/project_suite/repositories_onboarding_routes.py:168
  • PATCH /subscriptions/{sub_id}src/api/routers/dashboard_domains/dashboard_v2_notifications.py:211
  • PATCH /users/{user_id}src/api/routers/auth_suite/auth_local_routes.py:370
  • POST /ai-finops/billing-recordssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:366
  • POST /ai-finops/billing-sync/yandex/refreshsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:403
  • POST /ai-finops/budgetssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:136
  • POST /ai-finops/catalogsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:194
  • POST /ai-finops/catalog/estimatesrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:252
  • POST /ai-finops/catalog/refreshsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:213
  • POST /ai-finops/exportsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:432
  • POST /ai-finops/fx-ratessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:311
  • POST /ai-finops/model-portfoliosrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:230
  • POST /ai-finops/optimization/what-ifsrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:423
  • POST /ai-finops/policiessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:167
  • POST /ai-finops/recurring-costssrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:277
  • POST /ai-finops/tax-profilessrc/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:338
  • POST /api-keyssrc/api/routers/auth_suite/auth_machine_routes.py:46
  • POST /api/v1/admin/runtime/deployment-profiles/exceptionssrc/api/routers/project_suite/deployment_profiles.py:64
  • POST /api/v1/admin/runtime/poolssrc/api/routers/project_suite/managed_runtime.py:63
  • POST /api/v1/admin/runtime/sessions/startsrc/api/routers/project_suite/managed_runtime.py:76
  • POST /api/v1/admin/runtime/sessions/{session_id}/commands/decidesrc/api/routers/project_suite/managed_runtime.py:97
  • POST /api/v1/admin/runtime/sessions/{session_id}/stopsrc/api/routers/project_suite/managed_runtime.py:91
  • POST /api/v1/projects/{project_id}/business-graph/sourcessrc/api/routers/project_suite/projects.py:694
  • POST /api/v1/admin/access/grantssrc/api/routers/query_support/workspace_access.py:233
  • POST /api/v1/admin/access/membershipssrc/api/routers/query_support/workspace_access.py:159
  • POST /api/v1/admin/access/skill-bundlessrc/api/routers/query_support/workspace_access.py:185
  • POST /api/v1/admin/access/team-agentssrc/api/routers/query_support/workspace_access.py:133
  • POST /api/v1/admin/access/teamssrc/api/routers/query_support/workspace_access.py:99
  • POST /api/v1/admin/access/tool-policiessrc/api/routers/query_support/workspace_access.py:209
  • POST /bindings/{binding_id}/archivesrc/api/routers/project_suite/repositories_onboarding_routes.py:527
  • POST /bindings/{binding_id}/deletesrc/api/routers/project_suite/repositories_onboarding_routes.py:559
  • POST /bindings/{binding_id}/force-rebuildsrc/api/routers/project_suite/repositories_sync_routes.py:247
  • POST /bindings/{binding_id}/pausesrc/api/routers/project_suite/repositories_onboarding_routes.py:463
  • POST /bindings/{binding_id}/reconcilesrc/api/routers/project_suite/repositories_sync_routes.py:187
  • POST /bindings/{binding_id}/resumesrc/api/routers/project_suite/repositories_onboarding_routes.py:495
  • POST /bindings/{binding_id}/subprojects/importsrc/api/routers/project_suite/repositories_onboarding_routes.py:773
  • POST /bindings/{binding_id}/sync-identitysrc/api/routers/project_suite/repositories_onboarding_routes.py:423
  • POST /bulk-importsrc/api/routers/project_suite/repositories_onboarding_routes.py:823
  • POST /cross-repo/runsrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:509
  • POST /exportsrc/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:536
  • POST /gitverse/projects/{project_name}/bindingsrc/api/routers/dashboard_domains/dashboard_v2_gitverse.py:190
  • POST /gitverse/projects/{project_name}/validatesrc/api/routers/dashboard_domains/dashboard_v2_gitverse.py:157
  • POST /api/v1/employee-tasks/handoffssrc/api/routers/digital_employee_suite/digital_employees_governance_routes.py:239
  • POST /api/v1/employee-tasks/handoffs/{handoff_id}/acceptsrc/api/routers/digital_employee_suite/digital_employees_governance_routes.py:265
  • POST /api/v1/employee-tasks/handoffs/{handoff_id}/completesrc/api/routers/digital_employee_suite/digital_employees_governance_routes.py:319
  • POST /api/v1/employee-tasks/handoffs/{handoff_id}/rejectsrc/api/routers/digital_employee_suite/digital_employees_governance_routes.py:290
  • POST /importsrc/api/routers/project_suite/repositories_onboarding_routes.py:313
  • POST /knowledge/deprecatesrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:769
  • POST /knowledge/policy/resetsrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:748
  • POST /knowledge/reviewsrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:803
  • POST /knowledge/review-plan/applysrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:673
  • POST /knowledge/source-refresh/applysrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:641
  • POST /ldapsrc/api/routers/auth_suite/auth_external_routes.py:270
  • POST /memory/conflictssrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:323
  • POST /memory/shelfsrc/api/routers/agent_context_suite/agent_context_memory_routes.py:206
  • POST /oauth/tokensrc/api/routers/auth_suite/auth_local_routes.py:948
  • POST /personal-memorysrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:103
  • POST /personal-memory/interaction-profile/learnsrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:208
  • POST /personal-memory/interaction-profile/previewsrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:233
  • POST /personal-memory/promotionssrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:144
  • POST /api/v1/employee-tasks/prd-delivery/{case_id}/executesrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:202
  • POST /api/v1/employee-tasks/prd-delivery/{case_id}/startsrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:237
  • POST /provider-connectionssrc/api/routers/project_suite/repositories_onboarding_routes.py:43
  • POST /recallsrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:366
  • POST /recall-feedbacksrc/api/routers/agent_context_suite/agent_context_memory_routes.py:772
  • POST /recall/explainsrc/api/routers/agent_context_suite/agent_context_memory_routes.py:746
  • POST /refreshsrc/api/routers/auth_suite/auth_local_routes.py:853
  • POST /review-snapshots/{snapshot_id}/expiresrc/api/routers/project_suite/repositories_sync_routes.py:571
  • POST /review-snapshots/{snapshot_id}/rerunsrc/api/routers/project_suite/repositories_sync_routes.py:528
  • POST /saved-viewssrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:569
  • POST /service-accountssrc/api/routers/auth_suite/auth_machine_routes.py:221
  • POST /sessions/opensrc/api/routers/agent_context_suite/agent_context_session_routes.py:62
  • POST /sessions/{session_id}/accept-handoffsrc/api/routers/agent_context_suite/agent_context_sharing_routes.py:64
  • POST /sessions/{session_id}/archivesrc/api/routers/agent_context_suite/agent_context_session_routes.py:698
  • POST /sessions/{session_id}/browsesrc/api/routers/agent_context_suite/agent_context_session_routes.py:582
  • POST /sessions/{session_id}/closesrc/api/routers/agent_context_suite/agent_context_session_routes.py:675
  • POST /sessions/{session_id}/commitsrc/api/routers/agent_context_suite/agent_context_session_routes.py:644
  • POST /sessions/{session_id}/fetchsrc/api/routers/agent_context_suite/agent_context_session_routes.py:371
  • POST /sessions/{session_id}/memory/dismisssrc/api/routers/agent_context_suite/agent_context_session_routes.py:531
  • POST /sessions/{session_id}/messagessrc/api/routers/agent_context_suite/agent_context_session_routes.py:339
  • POST /sessions/{session_id}/readsrc/api/routers/agent_context_suite/agent_context_session_routes.py:549
  • POST /sessions/{session_id}/recall-feedbacksrc/api/routers/agent_context_suite/agent_context_session_routes.py:514
  • POST /sessions/{session_id}/reject-handoffsrc/api/routers/agent_context_suite/agent_context_sharing_routes.py:88
  • POST /api/v1/admin/context-sessions/{session_id}/share-revocationssrc/api/routers/agent_context_suite/agent_context_sharing_routes.py:221
  • POST /sessions/{session_id}/sharesrc/api/routers/agent_context_suite/agent_context_sharing_routes.py:32
  • POST /sessions/{session_id}/used-contextsrc/api/routers/agent_context_suite/agent_context_session_routes.py:616
  • POST /snapshotssrc/api/routers/dashboard_core/dashboard_v2_snapshots.py:196
  • POST /snapshots/comparesrc/api/routers/dashboard_core/dashboard_v2_snapshots.py:298
  • POST /snapshots/{snapshot_id}/exportsrc/api/routers/dashboard_core/dashboard_v2_snapshots.py:358
  • POST /subscriptionssrc/api/routers/dashboard_domains/dashboard_v2_notifications.py:161
  • POST /surface-refresh/{surface_id}src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:620
  • POST /sync-jobs/{job_id}/replaysrc/api/routers/project_suite/repositories_sync_routes.py:387
  • POST /taskssrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:22
  • POST /api/v1/employee-tasks/tasks/{task_id}/approval-decisionsrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:115
  • POST /api/v1/employee-tasks/tasks/{task_id}/checklist/generatesrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:152
  • POST /api/v1/employee-tasks/tasks/{task_id}/pre-completionsrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:176
  • POST /api/v1/admin/employee-runtime/temporal/governance-readinesssrc/api/routers/digital_employee_suite/digital_employees_topology_routes.py:738
  • POST /tokensrc/api/routers/auth_suite/auth_local_routes.py:136
  • POST /userssrc/api/routers/auth_suite/auth_local_routes.py:302
  • POST /users/{user_id}/activatesrc/api/routers/auth_suite/auth_local_routes.py:441
  • POST /users/{user_id}/deactivatesrc/api/routers/auth_suite/auth_local_routes.py:475
  • POST /users/{user_id}/reset-passwordsrc/api/routers/auth_suite/auth_local_routes.py:515
  • PUT /ai-finops/billing-records/{billing_record_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:375
  • PUT /ai-finops/budgets/{budget_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:146
  • PUT /ai-finops/catalog/{card_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:203
  • PUT /ai-finops/fx-rates/{fx_rate_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:320
  • PUT /ai-finops/model-portfolio/{portfolio_entry_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:239
  • PUT /ai-finops/policies/{policy_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:176
  • PUT /ai-finops/recurring-costs/{recurring_cost_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:288
  • PUT /ai-finops/tax-profiles/{tax_profile_id}src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:347
  • PUT /api/v1/projects/{project_id}/business-graphsrc/api/routers/project_suite/projects.py:642
  • PUT /api/v1/projects/{project_id}/preferencesrc/api/routers/project_suite/projects.py:539
  • PUT /bindings/{binding_id}/slicessrc/api/routers/project_suite/repositories_onboarding_routes.py:636
  • PUT /knowledge/policysrc/api/routers/agent_context_suite/agent_context_knowledge_routes.py:726
  • PUT /personal-memory/interaction-profilesrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:183
  • PUT /personal-memory/settingssrc/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:67
  • PUT /security/dlp/configsrc/api/routers/dashboard_domains/dashboard_v2_security.py:92
  • PUT /security/siem/configsrc/api/routers/dashboard_domains/dashboard_v2_security.py:150
  • PUT /users/{user_id}/accesssrc/api/routers/auth_suite/auth_local_routes.py:598
  • list_digital_employeessrc/api/routers/digital_employee_suite/digital_employees_profile_routes.py:12

Endpoint Catalog

Tag: Agent Client Protocol

POST /api/v1/admin/runtime/acp/rpc

  • Summary: Acp Rpc
  • Description: ACP JSON-RPC endpoint. Handles all ACP method calls over HTTP. Authentication is optional but enables session persistence.
  • Operation ID: acp_rpc_api_v1_acp_rpc_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> JSONRPCRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> JSONRPCResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/acp/sessions

  • Summary: List Sessions
  • Description: List active ACP sessions for current user. Requires authentication.
  • Operation ID: list_sessions_api_v1_acp_sessions_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/admin/runtime/acp/sessions/{session_id}

  • Summary: Delete Session
  • Description: Delete an ACP session. Requires authentication and ownership.
  • Operation ID: delete_session_api_v1_acp_sessions__session_id__delete
  • Parameters:
  • session_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Audit Diff

GET /api/v1/admin/runtime/audit/{project_id}/diff

  • Summary: Diff findings between two runs
  • Description: Compare findings between two analysis runs (GOST 8.9).
  • Operation ID: diff_findings_api_v1_audit__project_id__diff_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • run1 in query (string, required) - First run ID (baseline)
  • run2 in query (string, required) - Second run ID (current)
  • hide_fp in query (boolean, optional) - Hide suppressed findings
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> DiffResultResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/audit/{project_id}/diff/latest

  • Summary: Diff findings between last two runs
  • Description: Compare the last two analysis runs for the project.
  • Operation ID: diff_latest_api_v1_audit__project_id__diff_latest_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • hide_fp in query (boolean, optional) - Hide suppressed findings
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> DiffResultResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/audit/{project_id}/scopes

  • Summary: Get analysis scopes configuration
  • Description: Return current analysis scope configuration for the project.
  • Operation ID: get_scopes_api_v1_audit__project_id__scopes_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ScopeConfigResponse
  • 422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/admin/runtime/audit/{project_id}/scopes

  • Summary: Update analysis scopes configuration
  • Description: Update analysis scope configuration for the project.
  • Operation ID: update_scopes_api_v1_audit__project_id__scopes_put
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ScopeUpdateRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> ScopeConfigResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Audit Progress

GET /api/v1/admin/runtime/audit/analysis-status

  • Summary: Full scan schedule status
  • Description: Return last full scan timestamp and deadline status.
  • Operation ID: get_analysis_status_api_v1_audit_analysis_status_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project in query (string, optional) - Project name
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> AnalysisStatusResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/audit/markup-status

  • Summary: Markup status for latest findings
  • Description: Return unreviewed and overdue findings for the latest run.
  • Operation ID: get_markup_status_api_v1_audit_markup_status_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project in query (string, optional) - Project name
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> MarkupStatusResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/audit/progress

  • Summary: Audit progress report
  • Description: Return progress metrics for a date range.
  • Operation ID: get_audit_progress_api_v1_audit_progress_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • from in query (string, required)
  • to in query (string, required)
  • project in query (string, optional) - Project name
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> AuditProgressResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Authentication

GET /api/v1/me/api-keys

  • Summary: List API keys
  • Description: Get all API keys for the current user.
  • Operation ID: list_api_keys_api_v1_auth_api_keys_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

Portfolio Dashboard Runtime Notes

The portfolio dashboard product path relies on these routes in addition to the generated endpoint catalog:

  • GET /api/v1/traceability/portfolio/compare-periods
  • GET /api/v1/traceability/saved-views
  • POST /api/v1/traceability/saved-views
  • GET /api/v1/traceability/saved-views/{view_id}
  • DELETE /api/v1/traceability/saved-views/{view_id}
  • POST /api/v1/traceability/subscriptions
  • POST /api/v1/traceability/export

POST /api/v1/me/api-keys

  • Summary: Create API key
  • Description: Generate a new API key for programmatic access.
  • Operation ID: create_api_key_api_v1_auth_api_keys_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> ApiKeyCreate (required)
  • Responses:
  • 200: Successful Response; application/json -> ApiKeyResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/me/api-keys/{key_id}

  • Summary: Revoke API key
  • Description: Revoke an API key.
  • Operation ID: revoke_api_key_api_v1_auth_api_keys__key_id__delete
  • Parameters:
  • key_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/ldap

  • Summary: LDAP authentication
  • Description: Authenticate using LDAP/Active Directory.
  • Operation ID: ldap_login_api_v1_auth_ldap_post
  • Parameters:
  • None
  • Request Body:
  • application/json -> LDAPAuthRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> TokenResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/ldap/status

  • Summary: LDAP status
  • Description: Check LDAP connection status.
  • Operation ID: ldap_status_api_v1_auth_ldap_status_get
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object

DELETE /api/v1/me/logout

  • Summary: Logout
  • Description: Invalidate current tokens.
  • Operation ID: logout_api_v1_auth_logout_delete
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/me

  • Summary: Get current user
  • Description: Return the authenticated user profile.
  • Operation ID: get_current_profile_api_v1_auth_me_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> UserProfileResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/providers

  • Summary: List OAuth providers
  • Description: Get list of available OAuth providers.
  • Operation ID: list_oauth_providers_api_v1_auth_oauth_providers_get
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array

POST /api/v1/auth/oauth/token

  • Summary: OAuth 2.0 Token Endpoint
  • Description: RFC 6749-compatible token endpoint. Supports grant_type=password and grant_type=refresh_token. Designed for Claude Code MCP automatic token refresh and other OAuth-compatible clients.
  • Operation ID: oauth_token_api_v1_auth_oauth_token_post
  • Parameters:
  • grant_type in query (object, optional)
  • username in query (object, optional)
  • password in query (object, optional)
  • refresh_token_param in query (object, optional)
  • Request Body:
  • application/json -> object (optional)
  • Responses:
  • 200: Successful Response; application/json -> OAuthTokenResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/{provider}

  • Summary: Start OAuth flow
  • Description: Redirect to OAuth provider for authentication.
  • Operation ID: oauth_start_api_v1_auth_oauth__provider__get
  • Parameters:
  • provider in path (string, required)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/{provider}/callback

  • Summary: OAuth callback
  • Description: Handle OAuth callback from provider.
  • Operation ID: oauth_callback_api_v1_auth_oauth__provider__callback_get
  • Parameters:
  • provider in path (string, required)
  • code in query (string, required)
  • state in query (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> TokenResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/refresh

  • Summary: Refresh JWT token
  • Description: Get new access token using refresh token.
  • Operation ID: refresh_token_api_v1_auth_refresh_post
  • Parameters:
  • None
  • Request Body:
  • application/json -> RefreshTokenRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> TokenResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/identity/service-accounts

  • Summary: List service accounts
  • Description: List configured service accounts without credential secrets.
  • Operation ID: list_service_accounts_api_v1_auth_service_accounts_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/admin/identity/service-accounts

  • Summary: Create service account
  • Description: Create a scoped service account and issue its initial credential.
  • Operation ID: create_service_account_api_v1_auth_service_accounts_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> ServiceAccountCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> ServiceAccountCreatedResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/identity/service-accounts/action-catalog

  • Summary: Get machine action catalog
  • Description: Return the canonical versioned action catalog and policy templates for machine access.
  • Operation ID: get_service_account_action_catalog_api_v1_auth_service_accounts_action_catalog_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ActionCatalogResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/identity/service-accounts/{service_account_id}

  • Summary: Get service account
  • Description: Get a single service account without credential secrets.
  • Operation ID: get_service_account_api_v1_auth_service_accounts__service_account_id__get
  • Parameters:
  • service_account_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ServiceAccountDetailsResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/admin/identity/service-accounts/{service_account_id}/credentials/{credential_id}/revoke

  • Summary: Revoke service account credential
  • Description: Revoke one credential while keeping the service account active.
  • Operation ID: revoke_service_account_credential_api_v1_auth_service_accounts__service_account_id__credentials__credential_id__revoke_post
  • Parameters:
  • service_account_id in path (string, required)
  • credential_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/admin/identity/service-accounts/{service_account_id}/deactivate

  • Summary: Deactivate service account
  • Description: Disable a service account and revoke its active credentials.
  • Operation ID: deactivate_service_account_api_v1_auth_service_accounts__service_account_id__deactivate_post
  • Parameters:
  • service_account_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/admin/identity/service-accounts/{service_account_id}/rotate

  • Summary: Rotate service account credential
  • Description: Issue a new credential without revoking existing ones.
  • Operation ID: rotate_service_account_credential_api_v1_auth_service_accounts__service_account_id__rotate_post
  • Parameters:
  • service_account_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ServiceAccountCreatedResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/token

  • Summary: Get JWT token
  • Description: Authenticate with username/password and get JWT tokens.
  • Operation ID: login_api_v1_auth_token_post
  • Parameters:
  • None
  • Request Body:
  • application/json -> TokenRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> TokenResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Dashboard V2

GET /api/v1/traceability/audit-report-jobs/{job_id}

  • Summary: Get Audit Report Job
  • Description: Return background audit report job status.
  • Operation ID: get_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • job_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> AuditReportJobResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/audit-report-jobs/{job_id}/download

  • Summary: Download Audit Report Job
  • Description: Download the generated markdown for a completed audit report job.
  • Operation ID: download_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__download_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • job_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/compare

  • Summary: Compare Projects
  • Description: Compare 2-10 projects across audit dimensions.
  • Operation ID: compare_projects_api_v2_dashboard_compare_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • projects in query (string, required) - Comma-separated project names (2-10)
  • dimensions in query (object, optional) - Comma-separated Q numbers (default: all 12)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> CrossProjectComparison
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/heatmap

  • Summary: Get Compliance Heatmap
  • Description: Compliance heatmap — projects x processes matrix.
  • Operation ID: get_compliance_heatmap_api_v1_compliance_heatmap_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • service_type in query (object, optional) - Filter by service type
  • standard in query (string, optional) - gost-56939 | gost-57580
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ComplianceHeatmapResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/cross-repo

  • Summary: Get Cross Repo
  • Description: Cross-repository analysis overview.
  • Operation ID: get_cross_repo_api_v1_traceability_cross_repo_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • analysis_type in query (string, optional) - summary | duplications | dependencies
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> CrossRepoResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/deliveries

  • Summary: List Notification Deliveries
  • Description: List delivery attempts for the current user’s notification subscriptions.
  • Operation ID: list_notification_deliveries_api_v1_traceability_deliveries_get
  • Parameters:
  • limit in query (integer, optional)
  • status in query (string, optional) - sent | failed
  • channel in query (string, optional) - telegram | slack | email
  • event_type in query (string, optional) - Notification event type
  • project_name in query (string, optional) - Filter by project name
  • is_test in query (object, optional) - Filter test deliveries
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/deliveries/pending

  • Summary: List Pending Notification Deliveries
  • Description: List queued notification deliveries that have not been flushed yet.
  • Operation ID: list_pending_notification_deliveries_api_v1_traceability_deliveries_pending_get
  • Parameters:
  • limit in query (integer, optional)
  • channel in query (string, optional) - telegram | slack | email
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/deliveries/summary

  • Summary: Get Notification Delivery Summary
  • Description: Aggregate delivery and pending queue state for the current user.
  • Operation ID: get_notification_delivery_summary_api_v1_traceability_deliveries_summary_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> NotificationDeliverySummaryResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/event-catalog

  • Summary: Get Notification Event Catalog
  • Description: Return versioned notification event catalog.
  • Operation ID: get_notification_event_catalog_api_v1_traceability_event_catalog_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> NotificationEventCatalogResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/export

  • Summary: Export Dashboard
  • Description: Export dashboard data in various formats (json, markdown, gost, pdf).
  • Operation ID: export_dashboard_api_v2_dashboard_export_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ExportRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/metrics

  • Summary: Dashboard Metrics
  • Description: Export dashboard metrics in Prometheus text format. Scrapes all project health scores and updates Prometheus gauges, then returns the standard Prometheus text exposition.
  • Operation ID: dashboard_metrics_api_v2_dashboard_metrics_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/metrics/mapping

  • Summary: Dashboard Metrics Mapping
  • Description: Export canonical dashboard metric samples for Grafana and automation.
  • Operation ID: dashboard_metrics_mapping_api_v1_traceability_metrics_mapping_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • language in query (object, optional) - Filter by language
  • domain in query (object, optional) - Filter by domain
  • service_type in query (object, optional) - Filter by service type
  • min_risk in query (object, optional) - Minimum risk level filter
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> DashboardMetricsMappingResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/portfolio

  • Summary: Get Portfolio
  • Description: Portfolio overview — aggregated health across all projects.
  • Operation ID: get_portfolio_api_v2_dashboard_portfolio_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • language in query (object, optional) - Filter by language
  • domain in query (object, optional) - Filter by domain
  • service_type in query (object, optional) - Filter by service type
  • min_risk in query (object, optional) - Minimum risk level filter
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> PortfolioSummary
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/projects

  • Summary: Get Projects Catalog
  • Description: Full catalog of registered dashboard projects with current health metrics.
  • Operation ID: get_projects_catalog_api_v2_dashboard_projects_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • language in query (object, optional) - Filter by language
  • domain in query (object, optional) - Filter by domain
  • service_type in query (object, optional) - Filter by service type
  • min_risk in query (object, optional) - Minimum risk level filter
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectCatalogResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/projects/{project_name}/audit-report-jobs

  • Summary: Create Audit Report Job
  • Description: Start a fresh audit report as a background job.
  • Operation ID: create_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> AuditReportJobCreate (required)
  • Responses:
  • 202: Successful Response; application/json -> AuditReportJobResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/projects/{project_name}/audit-report-jobs/latest

  • Summary: Get Latest Audit Report Job
  • Description: Return the latest audit report job for the current caller and project.
  • Operation ID: get_latest_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_latest_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/projects/{project_name}/drilldown

  • Summary: Get Project Drilldown
  • Description: Expand a project/category pair into findings and source locations where available.
  • Operation ID: get_project_drilldown_api_v2_dashboard_projects__project_name__drilldown_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • category in query (string, required) - security | compliance | compliance-57580-maturity | compliance-57580-capabilities | compliance-57580-risk | release | sca | audit-total-methods | audit-dead-methods | audit-avg-complexity | audit-max-complexity | audit-doc-coverage | audit-dependency-cycles
  • limit in query (integer, optional) - Max items
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> DrilldownResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/projects/{project_name}/health

  • Summary: Get Project Health
  • Description: Single project health score with optional detail sections.
  • Operation ID: get_project_health_api_v2_dashboard_projects__project_name__health_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • include_sections in query (boolean, optional) - Include 12 audit sections
  • include_processes in query (boolean, optional) - Include 25 GOST processes
  • include_checks in query (boolean, optional) - Include release gate checks
  • include_sca in query (boolean, optional) - Include SCA details
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectHealthScore
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/projects/{project_name}/trends

  • Summary: Get Trends
  • Description: Historical trends for a project.
  • Operation ID: get_trends_api_v2_dashboard_projects__project_name__trends_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • period in query (string, optional) - 7d | 30d | 90d | 180d | 1y
  • metrics in query (object, optional) - Comma-separated: health,audit,compliance,findings,coverage
  • granularity in query (string, optional) - daily | weekly | monthly | auto
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> TrendsResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/red-zone

  • Summary: Get Red Zone
  • Description: Red zone items — critical issues requiring immediate attention.
  • Operation ID: get_red_zone_api_v2_dashboard_red_zone_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • service_type in query (object, optional) - Filter by service type
  • severity in query (string, optional) - Comma-separated severities
  • offset in query (integer, optional) - Pagination offset
  • limit in query (integer, optional) - Max items
  • category in query (object, optional) - security | compliance | release | sca | quality
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RedZoneResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/releases/{project_name}/compare

  • Summary: Get Release Comparison
  • Description: Compare two release gate runs and attach nearest snapshot deltas when available.
  • Operation ID: get_release_comparison_api_v2_dashboard_releases__project_name__compare_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • from_run_id in query (string, optional) - Older release run ID
  • to_run_id in query (string, optional) - Newer release run ID
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ReleaseComparisonResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/saved-views

  • Summary: List Saved Views
  • Description: List saved dashboard views for the current user.
  • Operation ID: list_saved_views_api_v1_traceability_saved_views_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/saved-views

  • Summary: Create Saved View
  • Description: Create a saved dashboard view for later reuse.
  • Operation ID: create_saved_view_api_v1_traceability_saved_views_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> SavedViewCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> SavedViewResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/saved-views/{view_id}

  • Summary: Get Saved View
  • Description: Get a saved dashboard view by ID.
  • Operation ID: get_saved_view_api_v1_traceability_saved_views__view_id__get
  • Parameters:
  • view_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> SavedViewResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/traceability/saved-views/{view_id}

  • Summary: Delete Saved View
  • Description: Delete a saved dashboard view.
  • Operation ID: delete_saved_view_api_v1_traceability_saved_views__view_id__delete
  • Parameters:
  • view_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/sca/overview

  • Summary: Get Sca Overview
  • Description: SCA/SBOM portfolio overview — vulnerabilities across all projects.
  • Operation ID: get_sca_overview_api_v1_security_sca_overview_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • group_id in query (object, optional) - Filter by group
  • organization in query (object, optional) - Filter by organization
  • team in query (object, optional) - Filter by team
  • environment in query (object, optional) - Filter by environment
  • criticality in query (object, optional) - Filter by system criticality
  • service_type in query (object, optional) - Filter by service type
  • severity in query (object, optional) - Filter by severity
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ScaPortfolioResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/snapshots

  • Summary: List Snapshots
  • Description: List snapshots limited to the current project or group access scope.
  • Operation ID: list_snapshots_api_v2_dashboard_snapshots_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • scope in query (string, optional) - project | group
  • project_name in query (string, optional) - Project name for project scope
  • group_id in query (string, optional) - Group ID for group scope
  • limit in query (object, optional) - Maximum items to return
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> SnapshotListResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/snapshots

  • Summary: Create Snapshot
  • Description: Create a manual snapshot for the current project or group context.
  • Operation ID: create_snapshot_api_v2_dashboard_snapshots_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> SnapshotCreateRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> SnapshotResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/snapshots/compare

  • Summary: Compare Snapshots
  • Description: Compare snapshots by IDs or by project/timestamp pair.
  • Operation ID: compare_snapshots_api_v2_dashboard_snapshots_compare_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> SnapshotCompareRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> SnapshotDiffResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/snapshots/{project_name}/compare-periods

  • Summary: Get Period Comparison
  • Description: Compare two adjacent snapshot-backed periods for a project.
  • Operation ID: get_period_comparison_api_v2_dashboard_snapshots__project_name__compare_periods_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • baseline_period in query (string, optional) - Older window: 7d | 30d | 90d | 180d | 1y
  • comparison_period in query (string, optional) - Newer window: 7d | 30d | 90d | 180d | 1y
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> PeriodComparisonResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/snapshots/{project_name}/diff

  • Summary: Get Snapshot Diff
  • Description: Compare two materialized snapshots, defaulting to the latest pair.
  • Operation ID: get_snapshot_diff_api_v2_dashboard_snapshots__project_name__diff_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • from_timestamp in query (string, optional) - Older snapshot timestamp
  • to_timestamp in query (string, optional) - Newer snapshot timestamp
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> SnapshotDiffResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/snapshots/{project_name}/trends

  • Summary: Get Snapshot Trends
  • Description: Get trends from snapshot store (faster than live adapter queries).
  • Operation ID: get_snapshot_trends_api_v2_dashboard_snapshots__project_name__trends_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_name in path (string, required)
  • period in query (string, optional) - 7d | 30d | 90d | 180d | 1y
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> TrendsResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/snapshots/{snapshot_id}/export

  • Summary: Export Snapshot
  • Description: Export a snapshot or a compare report derived from it.
  • Operation ID: export_snapshot_api_v2_dashboard_snapshots__snapshot_id__export_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • snapshot_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> SnapshotExportRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/traceability/subscriptions

  • Summary: List Subscriptions
  • Description: List notification subscriptions for the current user.
  • Operation ID: list_subscriptions_api_v1_traceability_subscriptions_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/traceability/subscriptions

  • Summary: Create Subscription
  • Description: Create a new notification subscription.
  • Operation ID: create_subscription_api_v1_traceability_subscriptions_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> SubscriptionCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> SubscriptionResponse
  • 422: Validation Error; application/json -> HTTPValidationError

PATCH /api/v1/traceability/subscriptions/{sub_id}

  • Summary: Update Subscription
  • Description: Update an existing notification subscription.
  • Operation ID: update_subscription_api_v1_traceability_subscriptions__sub_id__patch
  • Parameters:
  • sub_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> SubscriptionUpdate (required)
  • Responses:
  • 200: Successful Response; application/json -> SubscriptionResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/traceability/subscriptions/{sub_id}

  • Summary: Delete Subscription
  • Description: Delete a notification subscription.
  • Operation ID: delete_subscription_api_v1_traceability_subscriptions__sub_id__delete
  • Parameters:
  • sub_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Dependencies

The dependencies router is mounted under /api/v1/code. The canonical multi-project SCA contract uses project-scoped routes:

  • GET /api/v1/security/sca/projects/{project_name}/summary
  • GET /api/v1/security/sca/projects/{project_name}/dependencies
  • GET /api/v1/security/sca/projects/{project_name}/vulnerabilities
  • GET /api/v1/security/sca/projects/{project_name}/sbom
  • POST /api/v1/security/sca/projects/{project_name}/audit
  • GET /api/v1/security/sca/projects/{project_name}/gost-report

Legacy scan-scoped routes under /api/v1/deps/scan, /list, /graph, /check-vulnerabilities, /outdated, /licenses, /health-score, /sbom, /audit, /gost-report, and /sync-cache were retired by story #767; use the project-scoped routes above.

Tag: Health

GET /api/v1/health

  • Summary: Full health check
  • Description: Returns detailed health status of all system components.
  • Operation ID: health_check_api_v1_health_get
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> HealthStatus

GET /api/v1/health/live

  • Summary: Liveness probe
  • Description: Kubernetes liveness probe endpoint. Returns 200 if service is running.
  • Operation ID: liveness_probe_api_v1_health_live_get
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object

GET /api/v1/health/ready

  • Summary: Readiness probe
  • Description: Kubernetes readiness probe endpoint. Returns 200 if service is ready to accept traffic.
  • Operation ID: readiness_probe_api_v1_health_ready_get
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object

Tag: Project Groups

GET /api/v1/groups

  • Summary: List Groups
  • Description: List project groups accessible by the current user. Admin users see all groups, regular users see only their groups.
  • Operation ID: list_groups_api_v1_groups_get
  • Parameters:
  • limit in query (integer, optional)
  • offset in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> GroupListResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/groups

  • Summary: Create Group
  • Description: Create a new project group. Only admin users can create groups.
  • Operation ID: create_group_api_v1_groups_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> GroupCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> GroupResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/groups/{group_id}

  • Summary: Get Group
  • Description: Get project group by ID.
  • Operation ID: get_group_api_v1_groups__group_id__get
  • Parameters:
  • group_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> GroupResponse
  • 422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/groups/{group_id}

  • Summary: Update Group
  • Description: Update project group. Requires admin access to the group.
  • Operation ID: update_group_api_v1_groups__group_id__put
  • Parameters:
  • group_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> GroupUpdate (required)
  • Responses:
  • 200: Successful Response; application/json -> GroupResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/groups/{group_id}

  • Summary: Delete Group
  • Description: Delete a project group. Only admin users can delete groups.
  • Operation ID: delete_group_api_v1_groups__group_id__delete
  • Parameters:
  • group_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/groups/{group_id}/users

  • Summary: List Group Users
  • Description: List users with access to a group.
  • Operation ID: list_group_users_api_v1_groups__group_id__users_get
  • Parameters:
  • group_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> UserAccessListResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/groups/{group_id}/users

  • Summary: Add Group User
  • Description: Add user access to a group. Requires admin access to the group.
  • Operation ID: add_group_user_api_v1_groups__group_id__users_post
  • Parameters:
  • group_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> UserAccessCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> UserAccessResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/groups/{group_id}/users/{user_id}

  • Summary: Remove Group User
  • Description: Remove user access from a group. Requires admin access to the group.
  • Operation ID: remove_group_user_api_v1_groups__group_id__users__user_id__delete
  • Parameters:
  • group_id in path (string, required)
  • user_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Project Import

DELETE /api/v1/import/cancel/{job_id}

  • Summary: Cancel import job
  • Description: Cancel a running import job.
  • Operation ID: cancel_import_api_v1_import_cancel__job_id__delete
  • Parameters:
  • job_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/jobs

  • Summary: List import jobs
  • Description: List all import jobs.
  • Operation ID: list_import_jobs_api_v1_import_jobs_get
  • Parameters:
  • status_filter in query (object, optional)
  • limit in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/languages

  • Summary: List supported languages
  • Description: Get list of supported programming languages for import.
  • Operation ID: get_supported_languages_api_v1_import_languages_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> SupportedLanguagesResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/import/start

  • Summary: Start project import
  • Description: Start asynchronous import of a new codebase.
  • Operation ID: start_import_api_v1_import_start_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> ImportProjectRequestAPI (required)
  • Responses:
  • 200: Successful Response; application/json -> ImportJobResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/status/{job_id}

  • Summary: Get import status
  • Description: Get current status of an import job.
  • Operation ID: get_import_status_api_v1_import_status__job_id__get
  • Parameters:
  • job_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectImportStatus
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Projects

GET /api/v1/projects

  • Summary: List Projects
  • Description: List projects accessible by the current user. If group_id is specified, list projects in that group only. Otherwise, list all projects from accessible groups.
  • Operation ID: list_projects_api_v1_projects_get
  • Parameters:
  • group_id in query (object, optional)
  • limit in query (integer, optional)
  • offset in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectListResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/projects

  • Summary: Create Project
  • Description: Create a new project in a group. Requires editor or admin access to the group.
  • Operation ID: create_project_api_v1_projects_post
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> ProjectCreate (required)
  • Responses:
  • 201: Successful Response; application/json -> ProjectResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/projects/active/current

  • Summary: Get Active Project
  • Description: Get the currently effective project for the caller. Returns the resolved project after workspace, user preference, group default, and access checks. Returns 403 for denied resolution and 409 for ambiguous resolution.
  • Operation ID: get_active_project_api_v1_projects_active_current_get
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/projects/{project_id}

  • Summary: Get Project
  • Description: Get project by ID.
  • Operation ID: get_project_api_v1_projects__project_id__get
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectResponse
  • 422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/projects/{project_id}

  • Summary: Update Project
  • Description: Update a project. Requires editor or admin access to the group.
  • Operation ID: update_project_api_v1_projects__project_id__put
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • application/json -> ProjectUpdate (required)
  • Responses:
  • 200: Successful Response; application/json -> ProjectResponse
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/projects/{project_id}

  • Summary: Delete Project
  • Description: Delete a project. Requires admin access to the group. Args: delete_collections: Also delete OpenViking vector collections.
  • Operation ID: delete_project_api_v1_projects__project_id__delete
  • Parameters:
  • project_id in path (string, required)
  • delete_collections in query (boolean, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/projects/{project_id}/activate

  • Summary: Activate Project
  • Description: Set a project as active in its group. This deactivates other projects in the same group.
  • Operation ID: activate_project_api_v1_projects__project_id__activate_post
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> ProjectResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Admin Runtime Release Gate

POST /api/v1/admin/runtime/release-gate/check

  • Summary: Run Gate Check
  • Description: Run release gate checks for the active project.
  • Operation ID: run_gate_check_api_v1_admin_runtime_release_gate_check_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ReleaseCheckRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> GateDecisionResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/release-gate/history

  • Summary: Get History
  • Description: Get gate decision history for the active project.
  • Operation ID: get_history_api_v1_admin_runtime_release_gate_history_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • limit in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/release-gate/profiles

  • Summary: List Profiles
  • Description: List available gate profiles.
  • Operation ID: list_profiles_api_v1_admin_runtime_release_gate_profiles_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/admin/runtime/release-gate/suppress

  • Summary: Create Suppression
  • Description: Create a finding suppression (accept risk).
  • Operation ID: create_suppression_api_v1_admin_runtime_release_gate_suppress_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> SuppressionRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> SuppressionResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/admin/runtime/release-gate/suppressions

  • Summary: List Suppressions
  • Description: List active suppressions for the active project.
  • Operation ID: list_suppressions_api_v1_admin_runtime_release_gate_suppressions_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/admin/runtime/release-gate/suppressions/{finding_id}

  • Summary: Delete Suppression
  • Description: Remove a finding suppression.
  • Operation ID: delete_suppression_api_v1_admin_runtime_release_gate_suppressions__finding_id__delete
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • finding_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 204: Successful Response
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Risk Indicators

GET /api/v1/security/risk/{project_id}/alerts

  • Summary: Get Risk Alerts
  • Description: Get recent risk alerts.
  • Operation ID: get_risk_alerts_api_v1_risk__project_id__alerts_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • last in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/risk/{project_id}/assess

  • Summary: Trigger Risk Assessment
  • Description: Trigger a full risk assessment calculation.
  • Operation ID: trigger_risk_assessment_api_v1_risk__project_id__assess_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RiskAssessmentReportResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/assessment

  • Summary: Get Risk Assessment
  • Description: Get full risk assessment report (SVR x STP).
  • Operation ID: get_risk_assessment_api_v1_risk__project_id__assessment_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RiskAssessmentReportResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/assessment/matrix

  • Summary: Get Risk Assessment Matrix
  • Description: Get risk matrix (5x5 SVR x STP).
  • Operation ID: get_risk_assessment_matrix_api_v1_risk__project_id__assessment_matrix_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/assessment/register

  • Summary: Get Risk Assessment Register
  • Description: Get risk register sorted by risk score.
  • Operation ID: get_risk_assessment_register_api_v1_risk__project_id__assessment_register_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • top in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/assessment/{finding_id}

  • Summary: Get Risk Assessment Detail
  • Description: Get risk detail for a specific finding.
  • Operation ID: get_risk_assessment_detail_api_v1_risk__project_id__assessment__finding_id__get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • finding_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RiskEntryResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/risk/{project_id}/calculate

  • Summary: Trigger Risk Calculation
  • Description: Trigger a full risk recalculation.
  • Operation ID: trigger_risk_calculation_api_v1_risk__project_id__calculate_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RiskDashboardResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/checklist

  • Summary: Get Checklist
  • Description: Get self-assessment checklist.
  • Operation ID: get_checklist_api_v1_risk__project_id__checklist_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • level in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/dashboard

  • Summary: Get Risk Dashboard
  • Description: Get full risk dashboard: KIR + KPUR + alerts.
  • Operation ID: get_risk_dashboard_api_v1_risk__project_id__dashboard_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> RiskDashboardResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/events

  • Summary: Get Risk Events
  • Description: Get classified risk events.
  • Operation ID: get_risk_events_api_v1_risk__project_id__events_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • limit in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/risk/{project_id}/events/classify

  • Summary: Classify Events
  • Description: Batch classify all findings into risk events.
  • Operation ID: classify_events_api_v1_risk__project_id__events_classify_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/events/summary

  • Summary: Get Events Summary
  • Description: Get risk events summary by 4 dimensions.
  • Operation ID: get_events_summary_api_v1_risk__project_id__events_summary_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/kir

  • Summary: Get Kir Values
  • Description: Calculate and return current KIR values.
  • Operation ID: get_kir_values_api_v1_risk__project_id__kir_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/kir/{kir_id}/trend

  • Summary: Get Kir Trend
  • Description: Get KIR value history (trend).
  • Operation ID: get_kir_trend_api_v1_risk__project_id__kir__kir_id__trend_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • kir_id in path (string, required)
  • last in query (integer, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/kpur

  • Summary: Get Kpur Results
  • Description: Calculate and return KPUR results by 3 groups.
  • Operation ID: get_kpur_results_api_v1_risk__project_id__kpur_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> array
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/risk/{project_id}/threat-model-57580

  • Summary: Get Threat Model 57580
  • Description: Generate GOST R 57580.3 threat model.
  • Operation ID: get_threat_model_57580_api_v1_risk__project_id__threat_model_57580_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • project_id in path (string, required)
  • format in query (string, optional)
  • language in query (string, optional)
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Security

POST /api/v1/security/autofix

  • Summary: Generate security autofix suggestions
  • Description: Generates automated fix suggestions for security vulnerabilities found via taint analysis. Returns diffs without applying them (read-only).
  • Operation ID: generate_autofix_api_v1_security_autofix_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> AutofixRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> AutofixResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/classify

  • Summary: Classify finding as TP/FP
  • Description: Use CPG context and taint verification to classify a security finding.
  • Operation ID: classify_finding_api_v1_security_classify_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> FPClassifyRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> FPClassifyResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/scan-diff

  • Summary: Scan diff for security issues
  • Description: Scan a raw diff for security vulnerabilities without git subprocess.
  • Operation ID: scan_diff_api_v1_security_scan_diff_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ScanDiffRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> ScanDiffResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Threat Model

GET /api/v1/security/threat-model/dfd

  • Summary: Generate Data Flow Diagram
  • Description: Extract DFD from CPG and return as Mermaid or JSON.
  • Operation ID: get_dfd_api_v1_security_threat_model_dfd_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • format in query (string, optional) - Output format: mermaid|json
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> DFDResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/export

  • Summary: Export threat model in specified format
  • Description: Generate and export threat model as Markdown, GOST, SARIF, or JSON string.
  • Operation ID: export_threat_model_api_v1_security_threat_model_export_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ThreatModelGenerateRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> ThreatModelExportResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/generate

  • Summary: Generate STRIDE threat model
  • Description: Generates a complete STRIDE threat model from the project CPG. Includes DFD extraction, trust boundary detection, threat classification, and mitigation recommendations.
  • Operation ID: generate_threat_model_api_v1_security_threat_model_generate_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> ThreatModelGenerateRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> ThreatModelResponse
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/mitigations

  • Summary: List STRIDE mitigation recommendations
  • Description: Returns standard mitigations for each STRIDE category and CWE-specific recommendations.
  • Operation ID: list_mitigations_api_v1_security_threat_model_mitigations_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • category in query (object, optional) - STRIDE category filter
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/stride-mapping

  • Summary: CWE to STRIDE category mapping
  • Description: Returns the mapping of CWE IDs to STRIDE threat categories.
  • Operation ID: get_stride_mapping_api_v1_security_threat_model_stride_mapping_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/threats

  • Summary: List threats
  • Description: List threats from the generated threat model with optional filters.
  • Operation ID: list_threats_api_v1_security_threat_model_threats_get
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • severity in query (object, optional) - Filter by severity
  • category in query (object, optional) - Filter by STRIDE category
  • language in query (string, optional) - Output language
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> object
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/update

  • Summary: Incremental threat model update
  • Description: Compare new threat model against a previous version and compute delta.
  • Operation ID: update_threat_model_api_v1_security_threat_model_update_post
  • Security: HTTPBearer, APIKeyHeader
  • Parameters:
  • authorization in header (object, optional)
  • X-API-Key in header (object, optional)
  • X-Project-Id in header (object, optional)
  • Request Body:
  • application/json -> IncrementalUpdateRequest (required)
  • Responses:
  • 200: Successful Response; application/json -> src__api__routers__threat_model__DeltaResponse
  • 422: Validation Error; application/json -> HTTPValidationError

Tag: Webhooks

POST /api/v1/admin/runtime/webhooks/github

  • Summary: GitHub webhook receiver
  • Description: Receives push and PR events from GitHub.
  • Operation ID: receive_github_webhook_api_v1_webhooks_github_post
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 202: Successful Response; application/json -> WebhookResponse

POST /api/v1/admin/runtime/webhooks/gitlab

  • Summary: GitLab webhook receiver
  • Description: Receives push and MR events from GitLab.
  • Operation ID: receive_gitlab_webhook_api_v1_webhooks_gitlab_post
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 202: Successful Response; application/json -> WebhookResponse

POST /api/v1/webhooks/gitverse

  • Summary: GitVerse webhook receiver
  • Description: Receives push and PR events from GitVerse (GitHub-compatible format).
  • Operation ID: receive_gitverse_webhook_api_v1_webhooks_gitverse_post
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 202: Successful Response; application/json -> WebhookResponse

POST /api/v1/admin/runtime/webhooks/local

  • Summary: Local incremental CPG update
  • Description: Triggered by IDE plugins (OpenCode) after git commit for incremental CPG update.
  • Operation ID: receive_local_webhook_api_v1_webhooks_local_post
  • Parameters:
  • None
  • Request Body:
  • application/json -> LocalWebhookRequest (required)
  • Responses:
  • 202: Successful Response; application/json -> WebhookResponse
  • 422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/webhooks/sourcecraft

  • Summary: SourceCraft webhook receiver
  • Description: Receives push and MR events from SourceCraft.
  • Operation ID: receive_sourcecraft_webhook_api_v1_webhooks_sourcecraft_post
  • Parameters:
  • None
  • Request Body:
  • None
  • Responses:
  • 202: Successful Response; application/json -> WebhookResponse

GET /api/v1/admin/runtime/webhooks/status/{project_id}

  • Summary: Get CPG update status
  • Description: Returns the latest CPG update pipeline status for a project.
  • Operation ID: get_webhook_status_api_v1_webhooks_status__project_id__get
  • Parameters:
  • project_id in path (string, required)
  • Request Body:
  • None
  • Responses:
  • 200: Successful Response; application/json -> UpdateStatusResponse
  • 422: Validation Error; application/json -> HTTPValidationError