REST API Reference

Overview¶

This document is generated from the live FastAPI OpenAPI schema and serves as the contract-oriented REST reference. WebSocket endpoints are documented separately and are not part of OpenAPI.

Swagger UI: /api/docs
ReDoc: /api/redoc
OpenAPI JSON: /api/openapi.json

Authentication¶

Security Schemes¶

APIKeyHeader: type=apiKey, in=header
HTTPBearer: type=http, scheme=bearer

Supplemental Contract Coverage¶

The generated OpenAPI export remains the source of truth for the bulk catalog below. The following routes are listed explicitly to keep the written reference aligned with the live runtime for newer governance, active-project, and dashboard-control surfaces:

Agent Context and Recall¶

POST /api/v1/agent/context-sync-repair
GET /api/v1/agent-context/sessions/{session_id}/task
GET /api/v1/agent-context/sessions/{session_id}/task/why
GET /api/v1/agent-context/sessions/{session_id}/context/why
POST /api/v1/agent-context/sessions/{session_id}/recall-feedback
POST /api/v1/agent-context/sessions/{session_id}/memory/dismiss
GET /api/v1/agent-context/stories/task-capsules
GET /api/v1/agent-context/tasks/next
GET /api/v1/agent-context/knowledge/policy
PUT /api/v1/agent-context/knowledge/policy
POST /api/v1/agent-context/knowledge/policy/reset
POST /api/v1/agent-context/knowledge/review

User Administration¶

GET /api/v1/auth/users
POST /api/v1/auth/users
GET /api/v1/auth/users/{user_id}
PATCH /api/v1/auth/users/{user_id}
POST /api/v1/auth/users/{user_id}/activate
POST /api/v1/auth/users/{user_id}/deactivate
POST /api/v1/auth/users/{user_id}/reset-password
GET /api/v1/auth/users/{user_id}/access
PUT /api/v1/auth/users/{user_id}/access

AI FinOps Dashboard¶

GET /api/v2/dashboard/ai-finops/overview
GET /api/v2/dashboard/ai-finops/usage
GET /api/v2/dashboard/ai-finops/usage/{request_id}
GET /api/v2/dashboard/ai-finops/budgets
POST /api/v2/dashboard/ai-finops/budgets
PUT /api/v2/dashboard/ai-finops/budgets/{budget_id}
GET /api/v2/dashboard/ai-finops/policies
POST /api/v2/dashboard/ai-finops/policies
PUT /api/v2/dashboard/ai-finops/policies/{policy_id}
GET /api/v2/dashboard/ai-finops/catalog
POST /api/v2/dashboard/ai-finops/catalog
PUT /api/v2/dashboard/ai-finops/catalog/{card_id}
POST /api/v2/dashboard/ai-finops/catalog/estimate
GET /api/v2/dashboard/ai-finops/incidents
GET /api/v2/dashboard/ai-finops/optimization
POST /api/v2/dashboard/ai-finops/optimization/what-if
POST /api/v2/dashboard/ai-finops/export

Security Dashboard Control Plane¶

GET /api/v2/dashboard/security/overview
GET /api/v2/dashboard/security/dlp/config
PUT /api/v2/dashboard/security/dlp/config
POST /api/v2/dashboard/security/dlp/test-scan
GET /api/v2/dashboard/security/dlp/activity
GET /api/v2/dashboard/security/siem/config
PUT /api/v2/dashboard/security/siem/config
GET /api/v2/dashboard/security/siem/stats
POST /api/v2/dashboard/security/siem/test-dispatch
POST /api/v2/dashboard/security/siem/flush
GET /api/v2/dashboard/security/siem/events
GET /api/v2/dashboard/security/audit-log
GET /api/v2/dashboard/security/audit-log/{entry_id}
POST /api/v2/dashboard/security/audit-log/export
POST /api/v2/dashboard/cross-repo/run

Project, Group, Repository, and Documentation Governance¶

GET /api/v1/documentation/projects/{project_name}/facts-metrics
PATCH /api/v1/groups/{group_id}/users/{user_id}
GET /api/v1/groups/{group_id}/users/{user_id}/project-access
PUT /api/v1/groups/{group_id}/users/{user_id}/project-access
POST /api/v1/projects/{project_id}/switch
GET /api/v1/projects/active/effective
POST /api/v1/repositories/provider-connections/{connection_id}/health-check

Endpoint Catalog¶

Tag: `Agent Client Protocol`¶

GET /api/v1/acp/health¶

Summary: Acp Health
Description: ACP health check. Returns agent status and capabilities.
Operation ID: acp_health_api_v1_acp_health_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> ACPHealthResponse

GET /api/v1/acp/info¶

Summary: Acp Info
Description: ACP agent information. Returns agent metadata for discovery.
Operation ID: acp_info_api_v1_acp_info_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

POST /api/v1/acp/rpc¶

Summary: Acp Rpc
Description: ACP JSON-RPC endpoint. Handles all ACP method calls over HTTP. Authentication is optional but enables session persistence.
Operation ID: acp_rpc_api_v1_acp_rpc_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> JSONRPCRequest (required)
Responses:
200: Successful Response; application/json -> JSONRPCResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/acp/sessions¶

Summary: List Sessions
Description: List active ACP sessions for current user. Requires authentication.
Operation ID: list_sessions_api_v1_acp_sessions_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/acp/sessions/{session_id}¶

Summary: Delete Session
Description: Delete an ACP session. Requires authentication and ownership.
Operation ID: delete_session_api_v1_acp_sessions__session_id__delete
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/acp/stats¶

Summary: Acp Stats
Description: Get ACP statistics. Returns session and connection stats.
Operation ID: acp_stats_api_v1_acp_stats_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Audit Diff`¶

GET /api/v1/audit/{project_id}/diff¶

Summary: Diff findings between two runs
Description: Compare findings between two analysis runs (GOST 8.9).
Operation ID: diff_findings_api_v1_audit__project_id__diff_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
run1 in query (string, required) - First run ID (baseline)
run2 in query (string, required) - Second run ID (current)
hide_fp in query (boolean, optional) - Hide suppressed findings
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DiffResultResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/audit/{project_id}/diff/latest¶

Summary: Diff findings between last two runs
Description: Compare the last two analysis runs for the project.
Operation ID: diff_latest_api_v1_audit__project_id__diff_latest_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
hide_fp in query (boolean, optional) - Hide suppressed findings
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DiffResultResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/audit/{project_id}/scopes¶

Summary: Get analysis scopes configuration
Description: Return current analysis scope configuration for the project.
Operation ID: get_scopes_api_v1_audit__project_id__scopes_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ScopeConfigResponse
422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/audit/{project_id}/scopes¶

Summary: Update analysis scopes configuration
Description: Update analysis scope configuration for the project.
Operation ID: update_scopes_api_v1_audit__project_id__scopes_put
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ScopeUpdateRequest (required)
Responses:
200: Successful Response; application/json -> ScopeConfigResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Audit Progress`¶

GET /api/v1/audit/analysis-status¶

Summary: Full scan schedule status
Description: Return last full scan timestamp and deadline status.
Operation ID: get_analysis_status_api_v1_audit_analysis_status_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project in query (string, optional) - Project name
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> AnalysisStatusResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/audit/markup-status¶

Summary: Markup status for latest findings
Description: Return unreviewed and overdue findings for the latest run.
Operation ID: get_markup_status_api_v1_audit_markup_status_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project in query (string, optional) - Project name
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> MarkupStatusResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/audit/progress¶

Summary: Audit progress report
Description: Return progress metrics for a date range.
Operation ID: get_audit_progress_api_v1_audit_progress_get
Security: HTTPBearer, APIKeyHeader
Parameters:
from in query (string, required)
to in query (string, required)
project in query (string, optional) - Project name
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> AuditProgressResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Authentication`¶

GET /api/v1/auth/api-keys¶

Summary: List API keys
Description: Get all API keys for the current user.
Operation ID: list_api_keys_api_v1_auth_api_keys_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

Portfolio Dashboard Runtime Notes¶

The portfolio dashboard product path relies on these routes in addition to the generated endpoint catalog:

GET /api/v2/dashboard/portfolio/compare-periods
GET /api/v2/dashboard/saved-views
POST /api/v2/dashboard/saved-views
GET /api/v2/dashboard/saved-views/{view_id}
DELETE /api/v2/dashboard/saved-views/{view_id}
POST /api/v2/dashboard/subscriptions
POST /api/v2/dashboard/export

POST /api/v1/auth/api-keys¶

Summary: Create API key
Description: Generate a new API key for programmatic access.
Operation ID: create_api_key_api_v1_auth_api_keys_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ApiKeyCreate (required)
Responses:
200: Successful Response; application/json -> ApiKeyResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/auth/api-keys/{key_id}¶

Summary: Revoke API key
Description: Revoke an API key.
Operation ID: revoke_api_key_api_v1_auth_api_keys__key_id__delete
Parameters:
key_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/ldap¶

Summary: LDAP authentication
Description: Authenticate using LDAP/Active Directory.
Operation ID: ldap_login_api_v1_auth_ldap_post
Parameters:
None
Request Body:
application/json -> LDAPAuthRequest (required)
Responses:
200: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/ldap/status¶

Summary: LDAP status
Description: Check LDAP connection status.
Operation ID: ldap_status_api_v1_auth_ldap_status_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

POST /api/v1/auth/login¶

Summary: Login
Description: Authenticate with username/password and get JWT tokens.
Operation ID: login_alias_api_v1_auth_login_post
Parameters:
None
Request Body:
application/json -> TokenRequest (required)
Responses:
200: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/auth/logout¶

Summary: Logout
Description: Invalidate current tokens.
Operation ID: logout_api_v1_auth_logout_delete
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/me¶

Summary: Get current user
Description: Return the authenticated user profile.
Operation ID: get_current_profile_api_v1_auth_me_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> UserProfileResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/providers¶

Summary: List OAuth providers
Description: Get list of available OAuth providers.
Operation ID: list_oauth_providers_api_v1_auth_oauth_providers_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> array

POST /api/v1/auth/oauth/token¶

Summary: OAuth 2.0 Token Endpoint
Description: RFC 6749-compatible token endpoint. Supports grant_type=password and grant_type=refresh_token. Designed for Claude Code MCP automatic token refresh and other OAuth-compatible clients.
Operation ID: oauth_token_api_v1_auth_oauth_token_post
Parameters:
grant_type in query (object, optional)
username in query (object, optional)
password in query (object, optional)
refresh_token_param in query (object, optional)
Request Body:
application/json -> object (optional)
Responses:
200: Successful Response; application/json -> OAuthTokenResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/{provider}¶

Summary: Start OAuth flow
Description: Redirect to OAuth provider for authentication.
Operation ID: oauth_start_api_v1_auth_oauth__provider__get
Parameters:
provider in path (string, required)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/oauth/{provider}/callback¶

Summary: OAuth callback
Description: Handle OAuth callback from provider.
Operation ID: oauth_callback_api_v1_auth_oauth__provider__callback_get
Parameters:
provider in path (string, required)
code in query (string, required)
state in query (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/refresh¶

Summary: Refresh JWT token
Description: Get new access token using refresh token.
Operation ID: refresh_token_api_v1_auth_refresh_post
Parameters:
None
Request Body:
application/json -> RefreshTokenRequest (required)
Responses:
200: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/register¶

Summary: Register local user
Description: Create a local user account and return JWT tokens.
Operation ID: register_api_v1_auth_register_post
Parameters:
None
Request Body:
application/json -> RegisterRequest (required)
Responses:
201: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/service-accounts¶

Summary: List service accounts
Description: List configured service accounts without credential secrets.
Operation ID: list_service_accounts_api_v1_auth_service_accounts_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/service-accounts¶

Summary: Create service account
Description: Create a scoped service account and issue its initial credential.
Operation ID: create_service_account_api_v1_auth_service_accounts_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ServiceAccountCreate (required)
Responses:
201: Successful Response; application/json -> ServiceAccountCreatedResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/service-accounts/action-catalog¶

Summary: Get machine action catalog
Description: Return the canonical versioned action catalog and policy templates for machine access.
Operation ID: get_service_account_action_catalog_api_v1_auth_service_accounts_action_catalog_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ActionCatalogResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/auth/service-accounts/{service_account_id}¶

Summary: Get service account
Description: Get a single service account without credential secrets.
Operation ID: get_service_account_api_v1_auth_service_accounts__service_account_id__get
Parameters:
service_account_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ServiceAccountDetailsResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/service-accounts/{service_account_id}/credentials/{credential_id}/revoke¶

Summary: Revoke service account credential
Description: Revoke one credential while keeping the service account active.
Operation ID: revoke_service_account_credential_api_v1_auth_service_accounts__service_account_id__credentials__credential_id__revoke_post
Parameters:
service_account_id in path (string, required)
credential_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/service-accounts/{service_account_id}/deactivate¶

Summary: Deactivate service account
Description: Disable a service account and revoke its active credentials.
Operation ID: deactivate_service_account_api_v1_auth_service_accounts__service_account_id__deactivate_post
Parameters:
service_account_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/service-accounts/{service_account_id}/rotate¶

Summary: Rotate service account credential
Description: Issue a new credential without revoking existing ones.
Operation ID: rotate_service_account_credential_api_v1_auth_service_accounts__service_account_id__rotate_post
Parameters:
service_account_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ServiceAccountCreatedResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/auth/token¶

Summary: Get JWT token
Description: Authenticate with username/password and get JWT tokens.
Operation ID: login_api_v1_auth_token_post
Parameters:
None
Request Body:
application/json -> TokenRequest (required)
Responses:
200: Successful Response; application/json -> TokenResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `CPG Data`¶

GET /api/v1/cpg/method-detail¶

Summary: Detailed method info
Description: Returns method metrics, callers, callees, security findings, and taint paths.
Operation ID: cpg_method_detail_api_v1_cpg_method_detail_get
Parameters:
name in query (string, required) - Method name
project_id in query (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> MethodDetailResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/cpg/methods¶

Summary: Methods in a file
Description: Returns methods with metrics for a given filename.
Operation ID: cpg_methods_api_v1_cpg_methods_get
Parameters:
filename in query (string, required) - Source file path
project_id in query (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> MethodsResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/cpg/pattern-results¶

Summary: Pattern scan results
Description: Returns stored pattern findings filtered by category and/or filename.
Operation ID: cpg_pattern_results_api_v1_cpg_pattern_results_get
Parameters:
project_id in query (object, optional)
category in query (object, optional)
filename in query (object, optional)
limit in query (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PatternResultsResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/cpg/stats¶

Summary: CPG project statistics
Description: Returns file/method counts, security findings count, and top complex methods.
Operation ID: cpg_stats_api_v1_cpg_stats_get
Parameters:
project_id in query (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> CPGStatsResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Changelog`¶

POST /api/v1/changelog/generate¶

Summary: Generate changelog
Description: Generate a changelog from git commit history between two refs.
Operation ID: generate_changelog_api_v1_changelog_generate_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ChangelogRequest (required)
Responses:
200: Successful Response; application/json -> ChangelogResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Chat`¶

POST /api/v1/chat¶

Summary: Send chat message
Description: Send a query to the CodeGraph system and get a response.
Operation ID: chat_api_v1_chat_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ChatRequest (required)
Responses:
200: Successful Response; application/json -> ChatResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/chat/scenarios¶

Summary: List available scenarios
Description: Get list of available analysis scenarios.
Operation ID: list_scenarios_api_v1_chat_scenarios_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/chat/scenarios/{scenario_id}¶

Summary: Get scenario info
Description: Get information about a specific scenario.
Operation ID: get_scenario_api_v1_chat_scenarios__scenario_id__get
Parameters:
scenario_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/chat/stream¶

Summary: Stream chat response
Description: Send a query and receive streaming response via SSE.
Operation ID: chat_stream_api_v1_chat_stream_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ChatRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Code Context`¶

POST /api/v1/context/completion¶

Summary: Get completion context
Description: Prefix-matched symbols and import suggestions for code completion.
Operation ID: get_completion_api_v1_context_completion_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> CompletionRequest (required)
Responses:
200: Successful Response; application/json -> CompletionResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/context/navigate¶

Summary: Navigate to symbol
Description: Find definition, references, and call hierarchy for a symbol.
Operation ID: navigate_symbol_api_v1_context_navigate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> NavigateRequest (required)
Responses:
200: Successful Response; application/json -> NavigateResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/context/suggestions¶

Summary: Get code suggestions at cursor
Description: Returns callers, callees, types for the method at the given position.
Operation ID: get_suggestions_api_v1_context_suggestions_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SuggestionsRequest (required)
Responses:
200: Successful Response; application/json -> SuggestionsResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/context/test-hints¶

Summary: Get test generation hints
Description: Analyze method context for test generation.
Operation ID: get_test_hints_api_v1_context_test_hints_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> TestHintsRequest (required)
Responses:
200: Successful Response; application/json -> TestHintsResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Code Optimization`¶

POST /api/v1/optimize/analyze¶

Summary: Analyze for optimizations
Description: Analyze files for optimization opportunities.
Operation ID: analyze_code_api_v1_optimize_analyze_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> OptimizationAnalyzeRequest (required)
Responses:
200: Successful Response; application/json -> OptimizationAnalyzeResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/optimize/apply-all¶

Summary: Apply approved optimizations
Description: Apply all approved optimization suggestions.
Operation ID: apply_approved_api_v1_optimize_apply_all_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ApplyResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/optimize/approve¶

Summary: Approve suggestions
Description: Approve optimization suggestions for application.
Operation ID: approve_suggestions_api_v1_optimize_approve_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ApproveRequest (required)
Responses:
200: Successful Response; application/json -> ApprovalResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/optimize/history¶

Summary: Get optimization history
Description: Get history of applied optimizations.
Operation ID: get_history_api_v1_optimize_history_get
Security: HTTPBearer, APIKeyHeader
Parameters:
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/optimize/patterns¶

Summary: List optimization patterns
Description: List available optimization patterns.
Operation ID: list_patterns_api_v1_optimize_patterns_get
Security: HTTPBearer, APIKeyHeader
Parameters:
category in query (object, optional) - Filter by category
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/optimize/reject¶

Summary: Reject suggestions
Description: Reject optimization suggestions.
Operation ID: reject_suggestions_api_v1_optimize_reject_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ApproveRequest (required)
Responses:
200: Successful Response; application/json -> ApprovalResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/optimize/suggestions/{suggestion_id}¶

Summary: Get suggestion details
Description: Get details of a specific optimization suggestion.
Operation ID: get_suggestion_api_v1_optimize_suggestions__suggestion_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
suggestion_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SuggestionResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/optimize/undo¶

Summary: Undo last optimization
Description: Undo the most recently applied optimization.
Operation ID: undo_last_api_v1_optimize_undo_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> OptimizationUndoResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Code Review`¶

POST /api/v1/review¶

Summary: Plugin review (simplified)
Description: Simplified review endpoint for opencode-codegraph plugin. Accepts diff content and returns security findings + impact analysis. Restricted to localhost.
Operation ID: review_for_plugin_api_v1_review_post
Parameters:
None
Request Body:
application/json -> PluginReviewRequest (required)
Responses:
200: Successful Response; application/json -> PluginReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/commit-message¶

Summary: Generate commit message
Description: Generate a conventional commit message from a diff.
Operation ID: generate_commit_message_api_v1_review_commit_message_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> CommitMessageRequest (required)
Responses:
200: Successful Response; application/json -> CommitMessageResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/gitverse¶

Summary: Review GitVerse PR
Description: Review a GitVerse Pull Request.
Operation ID: review_gitverse_pr_api_v1_review_gitverse_post
Security: HTTPBearer, APIKeyHeader
Parameters:
X-GitVerse-Token in header (object, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> GitVersePRReviewRequest (required)
Responses:
200: Successful Response; application/json -> ReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/mr¶

Summary: Review GitLab MR
Description: Review a GitLab Merge Request.
Operation ID: review_gitlab_mr_api_v1_review_mr_post
Security: HTTPBearer, APIKeyHeader
Parameters:
X-GitLab-Token in header (object, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> GitLabMRReviewRequest (required)
Responses:
200: Successful Response; application/json -> ReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/patch¶

Summary: Review patch
Description: Review a git diff/patch for issues and best practices.
Operation ID: review_patch_api_v1_review_patch_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> PatchReviewRequest (required)
Responses:
200: Successful Response; application/json -> ReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/pr¶

Summary: Review GitHub PR
Description: Review a GitHub Pull Request.
Operation ID: review_github_pr_api_v1_review_pr_post
Security: HTTPBearer, APIKeyHeader
Parameters:
X-GitHub-Token in header (object, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> GitHubPRReviewRequest (required)
Responses:
200: Successful Response; application/json -> ReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/sourcecraft¶

Summary: Review SourceCraft MR
Description: Review a SourceCraft Merge Request.
Operation ID: review_sourcecraft_mr_api_v1_review_sourcecraft_post
Security: HTTPBearer, APIKeyHeader
Parameters:
X-SourceCraft-Token in header (object, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SourceCraftMRReviewRequest (required)
Responses:
200: Successful Response; application/json -> ReviewResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/review/summary¶

Summary: Generate MR summary
Description: Generate a structured summary for a merge request diff.
Operation ID: generate_summary_api_v1_review_summary_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SummaryRequest (required)
Responses:
200: Successful Response; application/json -> SummaryResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Compliance GOST`¶

GET /api/v1/compliance/gost-56939/{project_id}¶

Summary: Get Compliance Report
Description: Get full compliance report for a project.
Operation ID: get_compliance_report_api_v1_compliance_gost_56939__project_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
include_traceability in query (boolean, optional) - Include traceability matrix
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ComplianceReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/gost-56939/{project_id}/checklist¶

Summary: Get Checklist
Description: Get artifact checklist for a project.
Operation ID: get_checklist_api_v1_compliance_gost_56939__project_id__checklist_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
process_filter in query (object, optional) - Comma-separated process IDs
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/gost-56939/{project_id}/delta¶

Summary: Get Delta
Description: Get delta between two compliance assessments.
Operation ID: get_delta_api_v1_compliance_gost_56939__project_id__delta_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
old in query (string, required) - Old report ID
new in query (string, required) - New report ID
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> src__api__routers__compliance_gost__DeltaResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/compliance/gost-56939/{project_id}/evaluate¶

Summary: Evaluate Compliance
Description: Trigger compliance evaluation and optionally save to history.
Operation ID: evaluate_compliance_api_v1_compliance_gost_56939__project_id__evaluate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ComplianceEvaluateRequest (optional)
Responses:
200: Successful Response; application/json -> ComplianceReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/gost-56939/{project_id}/export¶

Summary: Export Report
Description: Export compliance report in specified format.
Operation ID: export_report_api_v1_compliance_gost_56939__project_id__export_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
format in query (string, optional) - Export format: gost|markdown|json
language in query (string, optional) - Language: ru|en
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/gost-56939/{project_id}/history¶

Summary: Get History
Description: Get compliance assessment history for a project.
Operation ID: get_history_api_v1_compliance_gost_56939__project_id__history_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/gost-56939/{project_id}/traceability¶

Summary: Get Traceability
Description: Get traceability matrix for a project.
Operation ID: get_traceability_api_v1_compliance_gost_56939__project_id__traceability_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Compliance GOST 57580`¶

GET /api/v1/compliance/{project_id}/report-57580¶

Summary: Get Report 57580
Description: Generate GOST R 57580.3 report.
Operation ID: get_report_57580_api_v1_compliance__project_id__report_57580_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
type in query (string, optional)
language in query (string, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/{project_id}/report-57580/delta¶

Summary: Get Report Delta
Description: Compare two reports (delta).
Operation ID: get_report_delta_api_v1_compliance__project_id__report_57580_delta_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
old in query (string, required) - Old report ID
new in query (string, required) - New report ID
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> src__api__routers__compliance_57580__DeltaResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/compliance/{project_id}/report-57580/generate¶

Summary: Generate Report
Description: Generate and optionally save a report.
Operation ID: generate_report_api_v1_compliance__project_id__report_57580_generate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
type in query (string, optional)
save_history in query (boolean, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/{project_id}/report-57580/history¶

Summary: Get Report History
Description: Get report history.
Operation ID: get_report_history_api_v1_compliance__project_id__report_57580_history_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/compliance/{project_id}/report-57580/{report_id}¶

Summary: Get Report By Id
Description: Get stored report by ID.
Operation ID: get_report_by_id_api_v1_compliance__project_id__report_57580__report_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
report_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Composition`¶

POST /api/v1/composition/apply¶

Summary: Apply Edit
Description: Apply a pending edit from a composite workflow session. Args: request: Apply request with session ID and finding ID Returns: CompositionApplyResponse with result of the apply operation
Operation ID: apply_edit_api_v1_composition_apply_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> CompositionApplyRequest (required)
Responses:
200: Successful Response; application/json -> CompositionApplyResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/composition/config¶

Summary: Get Config
Description: Get composition configuration. Returns the current configuration for composite workflows. Returns: ConfigResponse with configuration details
Operation ID: get_config_api_v1_composition_config_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ConfigResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/composition/conflicts/{session_id}¶

Summary: Get Conflicts
Description: Get conflict information for a session. Returns detected conflicts and their resolutions. Args: session_id: Session ID from query response Returns: ConflictListResponse with conflict details
Operation ID: get_conflicts_api_v1_composition_conflicts__session_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ConflictListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/composition/query¶

Summary: Composite Query
Description: Execute a composite workflow query. Invokes the specified orchestrator (S18 or S19) which orchestrates multiple sub-scenarios for comprehensive analysis. Args: request: Query request with orchestrator and optional parameters Returns: CompositeQueryResponse with unified findings and metadata
Operation ID: composite_query_api_v1_composition_query_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> CompositeQueryRequest (required)
Responses:
200: Successful Response; application/json -> CompositeQueryResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/composition/scenarios¶

Summary: List Scenarios
Description: List available scenarios for composition. Returns information about scenarios that can be orchestrated. Returns: Dictionary with scenario metadata
Operation ID: list_scenarios_api_v1_composition_scenarios_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/composition/session/{session_id}¶

Summary: Get Session
Description: Get full session state. Returns the complete state of a composite workflow session. Args: session_id: Session ID from query response Returns: Session state dictionary
Operation ID: get_session_api_v1_composition_session__session_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/composition/session/{session_id}¶

Summary: Delete Session
Description: Delete a session. Args: session_id: Session ID to delete Returns: Confirmation message
Operation ID: delete_session_api_v1_composition_session__session_id__delete
Security: HTTPBearer, APIKeyHeader
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Dashboard`¶

GET /api/v1/dashboard/dead-code¶

Summary: Dead code listing
Description: Get paginated list of dead (unreachable) methods.
Operation ID: get_dead_code_api_v1_dashboard_dead_code_get
Security: HTTPBearer, APIKeyHeader
Parameters:
limit in query (integer, optional)
offset in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DeadCodeResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dashboard/quality-trends¶

Summary: Quality trends
Description: Get quality metric trends over time.
Operation ID: get_quality_trends_api_v1_dashboard_quality_trends_get
Security: HTTPBearer, APIKeyHeader
Parameters:
days in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> QualityTrendsResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dashboard/security-posture¶

Summary: Security posture
Description: Get security findings summary by severity.
Operation ID: get_security_posture_api_v1_dashboard_security_posture_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SecurityPostureResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dashboard/tech-debt¶

Summary: Technical debt summary
Description: Get aggregated technical debt metrics including dead code and complexity.
Operation ID: get_tech_debt_api_v1_dashboard_tech_debt_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> TechDebtResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Dashboard V2`¶

GET /api/v2/dashboard/audit-report-jobs/{job_id}¶

Summary: Get Audit Report Job
Description: Return background audit report job status.
Operation ID: get_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
job_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> AuditReportJobResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/audit-report-jobs/{job_id}/download¶

Summary: Download Audit Report Job
Description: Download the generated markdown for a completed audit report job.
Operation ID: download_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__download_get
Security: HTTPBearer, APIKeyHeader
Parameters:
job_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/compare¶

Summary: Compare Projects
Description: Compare 2-10 projects across audit dimensions.
Operation ID: compare_projects_api_v2_dashboard_compare_get
Security: HTTPBearer, APIKeyHeader
Parameters:
projects in query (string, required) - Comma-separated project names (2-10)
dimensions in query (object, optional) - Comma-separated Q numbers (default: all 12)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> CrossProjectComparison
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/compliance/heatmap¶

Summary: Get Compliance Heatmap
Description: Compliance heatmap — projects x processes matrix.
Operation ID: get_compliance_heatmap_api_v2_dashboard_compliance_heatmap_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
service_type in query (object, optional) - Filter by service type
standard in query (string, optional) - gost-56939 | gost-57580
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ComplianceHeatmapResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/cross-repo¶

Summary: Get Cross Repo
Description: Cross-repository analysis overview.
Operation ID: get_cross_repo_api_v2_dashboard_cross_repo_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
analysis_type in query (string, optional) - summary | duplications | dependencies
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> CrossRepoResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/deliveries¶

Summary: List Notification Deliveries
Description: List delivery attempts for the current user’s notification subscriptions.
Operation ID: list_notification_deliveries_api_v2_dashboard_deliveries_get
Parameters:
limit in query (integer, optional)
status in query (string, optional) - sent | failed
channel in query (string, optional) - telegram | slack | email
event_type in query (string, optional) - Notification event type
project_name in query (string, optional) - Filter by project name
is_test in query (object, optional) - Filter test deliveries
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/deliveries/pending¶

Summary: List Pending Notification Deliveries
Description: List queued notification deliveries that have not been flushed yet.
Operation ID: list_pending_notification_deliveries_api_v2_dashboard_deliveries_pending_get
Parameters:
limit in query (integer, optional)
channel in query (string, optional) - telegram | slack | email
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/deliveries/process-pending¶

Summary: Process Pending Notification Deliveries
Description: Manually process pending notification deliveries that are already due.
Operation ID: process_pending_notification_deliveries_api_v2_dashboard_deliveries_process_pending_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PendingDeliveryProcessResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/deliveries/summary¶

Summary: Get Notification Delivery Summary
Description: Aggregate delivery and pending queue state for the current user.
Operation ID: get_notification_delivery_summary_api_v2_dashboard_deliveries_summary_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> NotificationDeliverySummaryResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/event-catalog¶

Summary: Get Notification Event Catalog
Description: Return versioned notification event catalog.
Operation ID: get_notification_event_catalog_api_v2_dashboard_event_catalog_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> NotificationEventCatalogResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/export¶

Summary: Export Dashboard
Description: Export dashboard data in various formats (json, markdown, gost, pdf).
Operation ID: export_dashboard_api_v2_dashboard_export_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ExportRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/metrics¶

Summary: Dashboard Metrics
Description: Export dashboard metrics in Prometheus text format. Scrapes all project health scores and updates Prometheus gauges, then returns the standard Prometheus text exposition.
Operation ID: dashboard_metrics_api_v2_dashboard_metrics_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/metrics/mapping¶

Summary: Dashboard Metrics Mapping
Description: Export canonical dashboard metric samples for Grafana and automation.
Operation ID: dashboard_metrics_mapping_api_v2_dashboard_metrics_mapping_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
language in query (object, optional) - Filter by language
domain in query (object, optional) - Filter by domain
service_type in query (object, optional) - Filter by service type
min_risk in query (object, optional) - Minimum risk level filter
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DashboardMetricsMappingResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/portfolio¶

Summary: Get Portfolio
Description: Portfolio overview — aggregated health across all projects.
Operation ID: get_portfolio_api_v2_dashboard_portfolio_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
language in query (object, optional) - Filter by language
domain in query (object, optional) - Filter by domain
service_type in query (object, optional) - Filter by service type
min_risk in query (object, optional) - Minimum risk level filter
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PortfolioSummary
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/projects¶

Summary: Get Projects Catalog
Description: Full catalog of registered dashboard projects with current health metrics.
Operation ID: get_projects_catalog_api_v2_dashboard_projects_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
language in query (object, optional) - Filter by language
domain in query (object, optional) - Filter by domain
service_type in query (object, optional) - Filter by service type
min_risk in query (object, optional) - Minimum risk level filter
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectCatalogResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/projects/health¶

Summary: Get Batch Health
Description: Batch project health scores (max 50 projects).
Operation ID: get_batch_health_api_v2_dashboard_projects_health_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> BatchHealthRequest (required)
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/projects/{project_name}/audit-report-jobs¶

Summary: Create Audit Report Job
Description: Start a fresh audit report as a background job.
Operation ID: create_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> AuditReportJobCreate (required)
Responses:
202: Successful Response; application/json -> AuditReportJobResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/projects/{project_name}/audit-report-jobs/latest¶

Summary: Get Latest Audit Report Job
Description: Return the latest audit report job for the current caller and project.
Operation ID: get_latest_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_latest_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/projects/{project_name}/drilldown¶

Summary: Get Project Drilldown
Description: Expand a project/category pair into findings and source locations where available.
Operation ID: get_project_drilldown_api_v2_dashboard_projects__project_name__drilldown_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
category in query (string, required) - security | compliance | compliance-57580-maturity | compliance-57580-capabilities | compliance-57580-risk | release | sca | audit-total-methods | audit-dead-methods | audit-avg-complexity | audit-max-complexity | audit-doc-coverage | audit-dependency-cycles
limit in query (integer, optional) - Max items
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DrilldownResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/projects/{project_name}/health¶

Summary: Get Project Health
Description: Single project health score with optional detail sections.
Operation ID: get_project_health_api_v2_dashboard_projects__project_name__health_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
include_sections in query (boolean, optional) - Include 12 audit sections
include_processes in query (boolean, optional) - Include 25 GOST processes
include_checks in query (boolean, optional) - Include release gate checks
include_sca in query (boolean, optional) - Include SCA details
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectHealthScore
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/projects/{project_name}/trends¶

Summary: Get Trends
Description: Historical trends for a project.
Operation ID: get_trends_api_v2_dashboard_projects__project_name__trends_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
period in query (string, optional) - 7d | 30d | 90d | 180d | 1y
metrics in query (object, optional) - Comma-separated: health,audit,compliance,findings,coverage
granularity in query (string, optional) - daily | weekly | monthly | auto
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> TrendsResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/red-zone¶

Summary: Get Red Zone
Description: Red zone items — critical issues requiring immediate attention.
Operation ID: get_red_zone_api_v2_dashboard_red_zone_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
service_type in query (object, optional) - Filter by service type
severity in query (string, optional) - Comma-separated severities
offset in query (integer, optional) - Pagination offset
limit in query (integer, optional) - Max items
category in query (object, optional) - security | compliance | release | sca | quality
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RedZoneResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/releases/{project_name}/compare¶

Summary: Get Release Comparison
Description: Compare two release gate runs and attach nearest snapshot deltas when available.
Operation ID: get_release_comparison_api_v2_dashboard_releases__project_name__compare_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
from_run_id in query (string, optional) - Older release run ID
to_run_id in query (string, optional) - Newer release run ID
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ReleaseComparisonResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/saved-views¶

Summary: List Saved Views
Description: List saved dashboard views for the current user.
Operation ID: list_saved_views_api_v2_dashboard_saved_views_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/saved-views¶

Summary: Create Saved View
Description: Create a saved dashboard view for later reuse.
Operation ID: create_saved_view_api_v2_dashboard_saved_views_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SavedViewCreate (required)
Responses:
201: Successful Response; application/json -> SavedViewResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/saved-views/{view_id}¶

Summary: Get Saved View
Description: Get a saved dashboard view by ID.
Operation ID: get_saved_view_api_v2_dashboard_saved_views__view_id__get
Parameters:
view_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SavedViewResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v2/dashboard/saved-views/{view_id}¶

Summary: Delete Saved View
Description: Delete a saved dashboard view.
Operation ID: delete_saved_view_api_v2_dashboard_saved_views__view_id__delete
Parameters:
view_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/sca/overview¶

Summary: Get Sca Overview
Description: SCA/SBOM portfolio overview — vulnerabilities across all projects.
Operation ID: get_sca_overview_api_v2_dashboard_sca_overview_get
Security: HTTPBearer, APIKeyHeader
Parameters:
group_id in query (object, optional) - Filter by group
organization in query (object, optional) - Filter by organization
team in query (object, optional) - Filter by team
environment in query (object, optional) - Filter by environment
criticality in query (object, optional) - Filter by system criticality
service_type in query (object, optional) - Filter by service type
severity in query (object, optional) - Filter by severity
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ScaPortfolioResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/snapshots¶

Summary: List Snapshots
Description: List snapshots limited to the current project or group access scope.
Operation ID: list_snapshots_api_v2_dashboard_snapshots_get
Security: HTTPBearer, APIKeyHeader
Parameters:
scope in query (string, optional) - project | group
project_name in query (string, optional) - Project name for project scope
group_id in query (string, optional) - Group ID for group scope
limit in query (object, optional) - Maximum items to return
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SnapshotListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/snapshots¶

Summary: Create Snapshot
Description: Create a manual snapshot for the current project or group context.
Operation ID: create_snapshot_api_v2_dashboard_snapshots_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SnapshotCreateRequest (required)
Responses:
200: Successful Response; application/json -> SnapshotResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/snapshots/compare¶

Summary: Compare Snapshots
Description: Compare snapshots by IDs or by project/timestamp pair.
Operation ID: compare_snapshots_api_v2_dashboard_snapshots_compare_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SnapshotCompareRequest (required)
Responses:
200: Successful Response; application/json -> SnapshotDiffResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/snapshots/{project_name}/compare-periods¶

Summary: Get Period Comparison
Description: Compare two adjacent snapshot-backed periods for a project.
Operation ID: get_period_comparison_api_v2_dashboard_snapshots__project_name__compare_periods_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
baseline_period in query (string, optional) - Older window: 7d | 30d | 90d | 180d | 1y
comparison_period in query (string, optional) - Newer window: 7d | 30d | 90d | 180d | 1y
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PeriodComparisonResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/snapshots/{project_name}/diff¶

Summary: Get Snapshot Diff
Description: Compare two materialized snapshots, defaulting to the latest pair.
Operation ID: get_snapshot_diff_api_v2_dashboard_snapshots__project_name__diff_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
from_timestamp in query (string, optional) - Older snapshot timestamp
to_timestamp in query (string, optional) - Newer snapshot timestamp
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SnapshotDiffResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/snapshots/{project_name}/trends¶

Summary: Get Snapshot Trends
Description: Get trends from snapshot store (faster than live adapter queries).
Operation ID: get_snapshot_trends_api_v2_dashboard_snapshots__project_name__trends_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_name in path (string, required)
period in query (string, optional) - 7d | 30d | 90d | 180d | 1y
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> TrendsResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/snapshots/{snapshot_id}/export¶

Summary: Export Snapshot
Description: Export a snapshot or a compare report derived from it.
Operation ID: export_snapshot_api_v2_dashboard_snapshots__snapshot_id__export_post
Security: HTTPBearer, APIKeyHeader
Parameters:
snapshot_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SnapshotExportRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v2/dashboard/subscriptions¶

Summary: List Subscriptions
Description: List notification subscriptions for the current user.
Operation ID: list_subscriptions_api_v2_dashboard_subscriptions_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/subscriptions¶

Summary: Create Subscription
Description: Create a new notification subscription.
Operation ID: create_subscription_api_v2_dashboard_subscriptions_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SubscriptionCreate (required)
Responses:
201: Successful Response; application/json -> SubscriptionResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/subscriptions/test¶

Summary: Test Subscription
Description: Send a test notification without saving subscription settings.
Operation ID: test_subscription_api_v2_dashboard_subscriptions_test_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SubscriptionTestRequest (required)
Responses:
200: Successful Response; application/json -> SubscriptionTestResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v2/dashboard/subscriptions/bootstrap¶

Summary: Bootstrap Notification Runtime
Description: Create or reuse a real project-scoped subscription and backfill first live notification records.
Operation ID: bootstrap_notification_runtime_api_v2_dashboard_subscriptions_bootstrap_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> NotificationBootstrapRequest (required)
Responses:
200: Successful Response; application/json -> NotificationBootstrapResponse
422: Validation Error; application/json -> HTTPValidationError

PATCH /api/v2/dashboard/subscriptions/{sub_id}¶

Summary: Update Subscription
Description: Update an existing notification subscription.
Operation ID: update_subscription_api_v2_dashboard_subscriptions__sub_id__patch
Parameters:
sub_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SubscriptionUpdate (required)
Responses:
200: Successful Response; application/json -> SubscriptionResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v2/dashboard/subscriptions/{sub_id}¶

Summary: Delete Subscription
Description: Delete a notification subscription.
Operation ID: delete_subscription_api_v2_dashboard_subscriptions__sub_id__delete
Parameters:
sub_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

Tag: `Demo`¶

POST /api/v1/demo/chat¶

Summary: Demo Chat
Description: Public demo endpoint for landing page. Rate limited to 30 requests per minute per IP.
Operation ID: demo_chat_api_v1_demo_chat_post
Parameters:
None
Request Body:
application/json -> DemoRequest (required)
Responses:
200: Successful Response; application/json -> DemoResponse
422: Validation Error; application/json -> HTTPValidationError
429: Rate limit exceeded
503: Demo endpoint disabled

GET /api/v1/demo/status¶

Summary: Demo Status
Description: Check if demo endpoint is enabled and view configuration.
Operation ID: demo_status_api_v1_demo_status_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

Tag: `Dependencies`¶

The dependencies router is mounted under /api/v1/deps. The canonical multi-project SCA contract uses project-scoped routes:

GET /api/v1/deps/projects/{project_name}/summary
GET /api/v1/deps/projects/{project_name}/dependencies
GET /api/v1/deps/projects/{project_name}/vulnerabilities
GET /api/v1/deps/projects/{project_name}/sbom
POST /api/v1/deps/projects/{project_name}/audit
GET /api/v1/deps/projects/{project_name}/gost-report

Legacy scan-scoped routes under /api/v1/deps/scan, /list, /graph, /check-vulnerabilities, /licenses, /health-score, /sbom, /audit, and /sync-cache remain available for explicit scan-first workflows.

POST /api/v1/deps/audit¶

Summary: Audit dependencies
Description: Audit dependencies for known vulnerabilities.
Operation ID: audit_dependencies_api_v1_deps_audit_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> AuditRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/deps/check-vulnerabilities¶

Summary: Check vulnerabilities
Description: Check dependencies for known vulnerabilities.
Operation ID: check_vulnerabilities_api_v1_deps_check_vulnerabilities_post
Security: HTTPBearer, APIKeyHeader
Parameters:
severity_threshold in query (object, optional) - Minimum severity to report (low, medium, high, critical)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> VulnCheckResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/gost-report¶

Summary: GOST 5.16 report
Description: Generate GOST R 56939-2024 section 5.16.3 composition analysis report.
Operation ID: gost_report_api_v1_deps_gost_report_get
Security: HTTPBearer, APIKeyHeader
Parameters:
language in query (string, optional) - Report language (ru, en)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/graph¶

Summary: Get dependency graph
Description: Get the dependency graph in JSON format.
Operation ID: get_graph_api_v1_deps_graph_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> GraphResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/health-score¶

Summary: Get health score
Description: Calculate dependency health score.
Operation ID: get_health_score_api_v1_deps_health_score_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/licenses¶

Summary: Check licenses
Description: Check dependency licenses for compliance.
Operation ID: check_licenses_api_v1_deps_licenses_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> LicenseSummaryResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/list¶

Summary: List dependencies
Description: List dependencies from the last scan.
Operation ID: list_dependencies_api_v1_deps_list_get
Security: HTTPBearer, APIKeyHeader
Parameters:
direct_only in query (boolean, optional) - Only direct dependencies
dev_only in query (boolean, optional) - Only dev dependencies
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/outdated¶

Summary: Check outdated packages
Description: Check for outdated packages.
Operation ID: check_outdated_api_v1_deps_outdated_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/deps/sbom¶

Summary: Export SBOM
Description: Export Software Bill of Materials.
Operation ID: export_sbom_api_v1_deps_sbom_get
Security: HTTPBearer, APIKeyHeader
Parameters:
format in query (string, optional) - SBOM format (spdx, cyclonedx)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/deps/scan¶

Summary: Scan project
Description: Scan a project for dependencies.
Operation ID: scan_project_api_v1_deps_scan_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ScanRequest (required)
Responses:
200: Successful Response; application/json -> ScanResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/deps/sync-cache¶

Summary: Sync vulnerability cache
Description: Sync local vulnerability cache.
Operation ID: sync_cache_api_v1_deps_sync_cache_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SyncCacheRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Documentation Generation`¶

POST /api/v1/documentation/generate¶

Summary: Generate full documentation
Description: Generate all documentation sections, save to disk, and index in ChromaDB.
Operation ID: generate_documentation_api_v1_documentation_generate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> DocGenerateRequest (required)
Responses:
200: Successful Response; application/json -> DocGenerateResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/documentation/generate/{section}¶

Summary: Generate single section
Description: Generate a single documentation section.
Operation ID: generate_section_api_v1_documentation_generate__section__post
Security: HTTPBearer, APIKeyHeader
Parameters:
section in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> DocSectionRequest (required)
Responses:
200: Successful Response; application/json -> DocSectionResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/documentation/search¶

Summary: Search generated documentation
Description: Semantic search in generated documentation stored in ChromaDB.
Operation ID: search_documentation_api_v1_documentation_search_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> DocSearchRequest (required)
Responses:
200: Successful Response; application/json -> DocSearchResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/documentation/stats¶

Summary: Get documentation stats
Description: Get generation statistics and ChromaDB collection info.
Operation ID: get_stats_api_v1_documentation_stats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DocStatsResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/documentation/sync¶

Summary: Run interface docs sync
Description: Detect documentation drift across all configured interfaces (REST API, CLI, MCP, etc.).
Operation ID: run_docs_sync_api_v1_documentation_sync_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> DocsSyncRequest (required)
Responses:
200: Successful Response; application/json -> DocsSyncResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Dynamic Analysis`¶

POST /api/v1/dynamic/{project_id}/correlate¶

Summary: Correlate static and dynamic findings
Description: Correlate static and dynamic findings.
Operation ID: correlate_findings_api_v1_dynamic__project_id__correlate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> CorrelateRequest (required)
Responses:
200: Successful Response; application/json -> CorrelationResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dynamic/{project_id}/fuzz-targets¶

Summary: Generate fuzz targets from CPG
Description: Generate prioritized fuzz targets from CPG analysis.
Operation ID: get_fuzz_targets_api_v1_dynamic__project_id__fuzz_targets_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
language in query (string, optional) - Filter by language
max_targets in query (integer, optional)
min_priority in query (number, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/dynamic/{project_id}/import¶

Summary: Import dynamic analysis results
Description: Import dynamic analysis results from inline content.
Operation ID: import_dynamic_results_api_v1_dynamic__project_id__import_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ImportRequest (required)
Responses:
200: Successful Response; application/json -> ImportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dynamic/{project_id}/report¶

Summary: Generate GOST 5.11.3 dynamic analysis report
Description: Generate GOST 5.11.3 report from all dynamic runs for a project.
Operation ID: get_dynamic_report_api_v1_dynamic__project_id__report_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
language in query (string, optional) - Report language (ru/en)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dynamic/{project_id}/runs¶

Summary: List dynamic analysis runs
Description: List dynamic analysis runs for a project.
Operation ID: list_dynamic_runs_api_v1_dynamic__project_id__runs_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/dynamic/{project_id}/runs/{run_id}¶

Summary: Delete a dynamic analysis run
Description: Delete a dynamic run and its findings.
Operation ID: delete_dynamic_run_api_v1_dynamic__project_id__runs__run_id__delete
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
run_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/dynamic/{project_id}/runs/{run_id}/findings¶

Summary: Get findings for a dynamic run
Description: Get all findings for a specific dynamic analysis run.
Operation ID: get_dynamic_findings_api_v1_dynamic__project_id__runs__run_id__findings_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
run_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

Tag: `File Editing`¶

POST /api/v1/edit/apply¶

Summary: Apply edit
Description: Apply the edit operation to the file.
Operation ID: apply_edit_api_v1_edit_apply_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> EditApplyRequest (required)
Responses:
200: Successful Response; application/json -> EditApplyResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/edit/find-target¶

Summary: Find code targets
Description: Find functions, classes, or methods matching the given criteria.
Operation ID: find_targets_api_v1_edit_find_target_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> FindTargetRequest (required)
Responses:
200: Successful Response; application/json -> FindTargetResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/edit/history¶

Summary: Get edit history
Description: Get the history of recent edits for potential undo.
Operation ID: get_edit_history_api_v1_edit_history_get
Security: HTTPBearer, APIKeyHeader
Parameters:
limit in query (integer, optional) - Maximum entries to return
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/edit/preview¶

Summary: Preview edit
Description: Generate a diff preview for the proposed edit.
Operation ID: preview_edit_api_v1_edit_preview_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> PreviewEditRequest (required)
Responses:
200: Successful Response; application/json -> PreviewEditResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/edit/undo¶

Summary: Undo last edit
Description: Undo the most recent edit operation.
Operation ID: undo_last_edit_api_v1_edit_undo_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> EditUndoResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `GoCPG`¶

GET /api/v1/gocpg/frontends¶

Summary: List Frontends
Description: List available language frontends.
Operation ID: list_frontends_api_v1_gocpg_frontends_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/gocpg/quality-stats¶

Summary: Get Quality Stats
Description: Get cross-language code quality metrics.
Operation ID: get_quality_stats_api_v1_gocpg_quality_stats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
top in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/gocpg/stats¶

Summary: Get Stats
Description: Get CPG statistics.
Operation ID: get_stats_api_v1_gocpg_stats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Health`¶

GET /api/v1/health¶

Summary: Full health check
Description: Returns detailed health status of all system components.
Operation ID: health_check_api_v1_health_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> HealthStatus

GET /api/v1/health/live¶

Summary: Liveness probe
Description: Kubernetes liveness probe endpoint. Returns 200 if service is running.
Operation ID: liveness_probe_api_v1_health_live_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

GET /api/v1/health/ready¶

Summary: Readiness probe
Description: Kubernetes readiness probe endpoint. Returns 200 if service is ready to accept traffic.
Operation ID: readiness_probe_api_v1_health_ready_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

GET /api/v1/health/version¶

Summary: Get version
Description: Returns API version information.
Operation ID: get_version_api_v1_health_version_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

Tag: `History`¶

GET /api/v1/history/{session_id}¶

Summary: Get dialogue history
Description: Get paginated dialogue history for a session.
Operation ID: get_history_api_v1_history__session_id__get
Parameters:
session_id in path (string, required)
page in query (integer, optional)
page_size in query (integer, optional)
include_metadata in query (boolean, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DialogueHistoryResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/history/{session_id}/clear¶

Summary: Clear history
Description: Clear all dialogue history for a session (keeps the session).
Operation ID: clear_history_api_v1_history__session_id__clear_delete
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/history/{session_id}/export¶

Summary: Export history
Description: Export dialogue history in JSON or Markdown format.
Operation ID: export_history_api_v1_history__session_id__export_post
Parameters:
session_id in path (string, required)
format in query (ExportFormat, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Hypotheses`¶

GET /api/v1/security/hypotheses/cwes¶

Summary: List CWE entries from knowledge base
Description: Returns CWE entries from the built-in security knowledge base. Optionally filter by vulnerability category.
Operation ID: list_cwes_api_v1_security_hypotheses_cwes_get
Security: HTTPBearer, APIKeyHeader
Parameters:
category in query (object, optional) - Filter by vulnerability category
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> CWEListResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/hypotheses/providers¶

Summary: List registered pattern providers
Description: Returns all registered security pattern providers and their capabilities.
Operation ID: list_providers_api_v1_security_hypotheses_providers_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProviderListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/hypotheses/run¶

Summary: Run hypothesis-driven security analysis
Description: Generates and validates security hypotheses against the project CPG. Returns metrics (precision, recall, F1) and confirmed findings.
Operation ID: run_hypotheses_api_v1_security_hypotheses_run_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> HypothesisRunRequest (required)
Responses:
200: Successful Response; application/json -> HypothesisRunResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Issue Tracker`¶

POST /api/v1/issues/{project_id}/bulk-create¶

Summary: Create issues from multiple findings
Description: Create issues for multiple findings at once.
Operation ID: bulk_create_issues_api_v1_issues__project_id__bulk_create_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> BulkCreateRequest (required)
Responses:
200: Successful Response; application/json -> BulkCreateResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/issues/{project_id}/create¶

Summary: Create issue from finding
Description: Create an issue in the configured tracker from a finding.
Operation ID: create_issue_api_v1_issues__project_id__create_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> IssueCreateAPIRequest (required)
Responses:
200: Successful Response; application/json -> IssueResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/issues/{project_id}/status/{issue_id}¶

Summary: Get issue status
Description: Get current status of an issue from the tracker.
Operation ID: get_issue_status_api_v1_issues__project_id__status__issue_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
issue_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/issues/{project_id}/sync¶

Summary: Bidirectional sync findings with tracker
Description: Bidirectional sync: create issues for new findings, check statuses, close fixed.
Operation ID: sync_issues_api_v1_issues__project_id__sync_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SyncRequest (required)
Responses:
200: Successful Response; application/json -> SyncResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/issues/{project_id}/update/{issue_id}¶

Summary: Update issue status
Description: Update issue status via tracker transitions API.
Operation ID: update_issue_api_v1_issues__project_id__update__issue_id__post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
issue_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> IssueUpdateRequest (required)
Responses:
200: Successful Response; application/json -> IssueResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Metrics`¶

GET /api/v1/metrics¶

Summary: Prometheus metrics
Description: Returns metrics in Prometheus exposition format for scraping.
Operation ID: prometheus_metrics_api_v1_metrics_get
Parameters:
None
Request Body:
None
Responses:
200: Successful Response; application/json -> object

Tag: `Patterns`¶

GET /api/v1/patterns/findings¶

Summary: Query persisted pattern findings
Description: Read pattern findings from DuckDB (populated by gocpg scan).
Operation ID: pattern_findings_api_v1_patterns_findings_get
Security: HTTPBearer, APIKeyHeader
Parameters:
rule_id in query (object, optional)
severity in query (object, optional)
filename in query (object, optional)
category in query (object, optional)
limit in query (object, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PatternFindingsResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/patterns/fix¶

Summary: Apply SSR pattern fixes
Description: Apply structural pattern fixes. Returns diffs (dry_run=True) or applies changes.
Operation ID: pattern_fix_api_v1_patterns_fix_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> PatternFixRequest (required)
Responses:
200: Successful Response; application/json -> PatternFixResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/patterns/generate¶

Summary: LLM-generate a YAML rule
Description: Use an LLM to generate and validate a structural pattern YAML rule.
Operation ID: pattern_generate_api_v1_patterns_generate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> PatternGenerateRequest (required)
Responses:
200: Successful Response; application/json -> PatternGenerateResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/patterns/rules¶

Summary: List loaded pattern rules
Description: List all pattern rules from cpg_pattern_rules table.
Operation ID: pattern_rules_api_v1_patterns_rules_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PatternRulesListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/patterns/search¶

Summary: Ad-hoc structural pattern search
Description: Search for structural code patterns using AST-based matching via GoCPG.
Operation ID: pattern_search_api_v1_patterns_search_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> PatternSearchRequest (required)
Responses:
200: Successful Response; application/json -> PatternSearchResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/patterns/stats¶

Summary: Pattern matching statistics
Description: Aggregated counts by severity, category, and rule.
Operation ID: pattern_stats_api_v1_patterns_stats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PatternStatsResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Project Groups`¶

GET /api/v1/groups¶

Summary: List Groups
Description: List project groups accessible by the current user. Admin users see all groups, regular users see only their groups.
Operation ID: list_groups_api_v1_groups_get
Parameters:
limit in query (integer, optional)
offset in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> GroupListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/groups¶

Summary: Create Group
Description: Create a new project group. Only admin users can create groups.
Operation ID: create_group_api_v1_groups_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> GroupCreate (required)
Responses:
201: Successful Response; application/json -> GroupResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/groups/{group_id}¶

Summary: Get Group
Description: Get project group by ID.
Operation ID: get_group_api_v1_groups__group_id__get
Parameters:
group_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> GroupResponse
422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/groups/{group_id}¶

Summary: Update Group
Description: Update project group. Requires admin access to the group.
Operation ID: update_group_api_v1_groups__group_id__put
Parameters:
group_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> GroupUpdate (required)
Responses:
200: Successful Response; application/json -> GroupResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/groups/{group_id}¶

Summary: Delete Group
Description: Delete a project group. Only admin users can delete groups.
Operation ID: delete_group_api_v1_groups__group_id__delete
Parameters:
group_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/groups/{group_id}/users¶

Summary: List Group Users
Description: List users with access to a group.
Operation ID: list_group_users_api_v1_groups__group_id__users_get
Parameters:
group_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> UserAccessListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/groups/{group_id}/users¶

Summary: Add Group User
Description: Add user access to a group. Requires admin access to the group.
Operation ID: add_group_user_api_v1_groups__group_id__users_post
Parameters:
group_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> UserAccessCreate (required)
Responses:
201: Successful Response; application/json -> UserAccessResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/groups/{group_id}/users/{user_id}¶

Summary: Remove Group User
Description: Remove user access from a group. Requires admin access to the group.
Operation ID: remove_group_user_api_v1_groups__group_id__users__user_id__delete
Parameters:
group_id in path (string, required)
user_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

Tag: `Project Import`¶

DELETE /api/v1/import/cancel/{job_id}¶

Summary: Cancel import job
Description: Cancel a running import job.
Operation ID: cancel_import_api_v1_import_cancel__job_id__delete
Parameters:
job_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/jobs¶

Summary: List import jobs
Description: List all import jobs.
Operation ID: list_import_jobs_api_v1_import_jobs_get
Parameters:
status_filter in query (object, optional)
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/languages¶

Summary: List supported languages
Description: Get list of supported programming languages for import.
Operation ID: get_supported_languages_api_v1_import_languages_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SupportedLanguagesResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/import/start¶

Summary: Start project import
Description: Start asynchronous import of a new codebase.
Operation ID: start_import_api_v1_import_start_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ImportProjectRequestAPI (required)
Responses:
200: Successful Response; application/json -> ImportJobResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/import/status/{job_id}¶

Summary: Get import status
Description: Get current status of an import job.
Operation ID: get_import_status_api_v1_import_status__job_id__get
Parameters:
job_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectImportStatus
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/import/step¶

Summary: Run single import step
Description: Run a single step of the import pipeline.
Operation ID: run_single_step_api_v1_import_step_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ImportStepRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Projects`¶

GET /api/v1/projects¶

Summary: List Projects
Description: List projects accessible by the current user. If group_id is specified, list projects in that group only. Otherwise, list all projects from accessible groups.
Operation ID: list_projects_api_v1_projects_get
Parameters:
group_id in query (object, optional)
limit in query (integer, optional)
offset in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/projects¶

Summary: Create Project
Description: Create a new project in a group. Requires editor or admin access to the group.
Operation ID: create_project_api_v1_projects_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ProjectCreate (required)
Responses:
201: Successful Response; application/json -> ProjectResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/projects/active/current¶

Summary: Get Active Project
Description: Get the currently effective project for the caller. Returns the resolved project after workspace, user preference, group default, and access checks. Returns 403 for denied resolution and 409 for ambiguous resolution.
Operation ID: get_active_project_api_v1_projects_active_current_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/projects/{project_id}¶

Summary: Get Project
Description: Get project by ID.
Operation ID: get_project_api_v1_projects__project_id__get
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectResponse
422: Validation Error; application/json -> HTTPValidationError

PUT /api/v1/projects/{project_id}¶

Summary: Update Project
Description: Update a project. Requires editor or admin access to the group.
Operation ID: update_project_api_v1_projects__project_id__put
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ProjectUpdate (required)
Responses:
200: Successful Response; application/json -> ProjectResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/projects/{project_id}¶

Summary: Delete Project
Description: Delete a project. Requires admin access to the group. Args: delete_collections: Also delete ChromaDB vector collections.
Operation ID: delete_project_api_v1_projects__project_id__delete
Parameters:
project_id in path (string, required)
delete_collections in query (boolean, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/projects/{project_id}/activate¶

Summary: Activate Project
Description: Set a project as active in its group. This deactivates other projects in the same group.
Operation ID: activate_project_api_v1_projects__project_id__activate_post
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ProjectResponse
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/projects/{project_id}/collections¶

Summary: Delete Collections
Description: Delete all vector collections for a project.
Operation ID: delete_collections_api_v1_projects__project_id__collections_delete
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/projects/{project_id}/reindex¶

Summary: Reindex Project
Description: Reindex vector collections for a project. Runs indexing in background. Returns immediately with status=”started”.
Operation ID: reindex_project_api_v1_projects__project_id__reindex_post
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> ReindexRequest (required)
Responses:
200: Successful Response; application/json -> ReindexReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/projects/{project_id}/reindex/status¶

Summary: Get Reindex Status
Description: Get vector collection status for a project.
Operation ID: get_reindex_status_api_v1_projects__project_id__reindex_status_get
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ReindexStatusResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Qualification`¶

GET /api/v1/qualification/{project_id}/real-programs¶

Summary: List real programs for qualification testing
Description: Return the list of real programs from the qualification manifest (GOST 10.2v).
Operation ID: list_real_programs_api_v1_qualification__project_id__real_programs_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
size_bucket in query (object, optional) - Filter by size bucket: small, medium, large, xlarge
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

Tag: `Query`¶

POST /api/v1/query/execute¶

Summary: Execute SQL query
Description: Execute a SQL query against the Code Property Graph database.
Operation ID: execute_query_api_v1_query_execute_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> QueryExecuteRequest (required)
Responses:
200: Successful Response; application/json -> QueryExecuteResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/query/validate¶

Summary: Validate SQL query
Description: Validate a SQL query syntax without executing it.
Operation ID: validate_query_api_v1_query_validate_post
Parameters:
query in query (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> QueryValidationResult
422: Validation Error; application/json -> HTTPValidationError

Tag: `Release Gate`¶

POST /api/v1/release/check¶

Summary: Run Gate Check
Description: Run release gate checks for the active project.
Operation ID: run_gate_check_api_v1_release_check_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ReleaseCheckRequest (required)
Responses:
200: Successful Response; application/json -> GateDecisionResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/release/history¶

Summary: Get History
Description: Get gate decision history for the active project.
Operation ID: get_history_api_v1_release_history_get
Security: HTTPBearer, APIKeyHeader
Parameters:
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/release/profiles¶

Summary: List Profiles
Description: List available gate profiles.
Operation ID: list_profiles_api_v1_release_profiles_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/release/suppress¶

Summary: Create Suppression
Description: Create a finding suppression (accept risk).
Operation ID: create_suppression_api_v1_release_suppress_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SuppressionRequest (required)
Responses:
200: Successful Response; application/json -> SuppressionResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/release/suppressions¶

Summary: List Suppressions
Description: List active suppressions for the active project.
Operation ID: list_suppressions_api_v1_release_suppressions_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/release/suppressions/{finding_id}¶

Summary: Delete Suppression
Description: Remove a finding suppression.
Operation ID: delete_suppression_api_v1_release_suppressions__finding_id__delete
Security: HTTPBearer, APIKeyHeader
Parameters:
finding_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

Tag: `Risk Indicators`¶

GET /api/v1/risk/{project_id}/alerts¶

Summary: Get Risk Alerts
Description: Get recent risk alerts.
Operation ID: get_risk_alerts_api_v1_risk__project_id__alerts_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
last in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/risk/{project_id}/assess¶

Summary: Trigger Risk Assessment
Description: Trigger a full risk assessment calculation.
Operation ID: trigger_risk_assessment_api_v1_risk__project_id__assess_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RiskAssessmentReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/assessment¶

Summary: Get Risk Assessment
Description: Get full risk assessment report (SVR x STP).
Operation ID: get_risk_assessment_api_v1_risk__project_id__assessment_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RiskAssessmentReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/assessment/matrix¶

Summary: Get Risk Assessment Matrix
Description: Get risk matrix (5x5 SVR x STP).
Operation ID: get_risk_assessment_matrix_api_v1_risk__project_id__assessment_matrix_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/assessment/register¶

Summary: Get Risk Assessment Register
Description: Get risk register sorted by risk score.
Operation ID: get_risk_assessment_register_api_v1_risk__project_id__assessment_register_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
top in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/assessment/{finding_id}¶

Summary: Get Risk Assessment Detail
Description: Get risk detail for a specific finding.
Operation ID: get_risk_assessment_detail_api_v1_risk__project_id__assessment__finding_id__get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
finding_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RiskEntryResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/risk/{project_id}/calculate¶

Summary: Trigger Risk Calculation
Description: Trigger a full risk recalculation.
Operation ID: trigger_risk_calculation_api_v1_risk__project_id__calculate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RiskDashboardResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/checklist¶

Summary: Get Checklist
Description: Get self-assessment checklist.
Operation ID: get_checklist_api_v1_risk__project_id__checklist_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
level in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/dashboard¶

Summary: Get Risk Dashboard
Description: Get full risk dashboard: KIR + KPUR + alerts.
Operation ID: get_risk_dashboard_api_v1_risk__project_id__dashboard_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> RiskDashboardResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/events¶

Summary: Get Risk Events
Description: Get classified risk events.
Operation ID: get_risk_events_api_v1_risk__project_id__events_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
limit in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/risk/{project_id}/events/classify¶

Summary: Classify Events
Description: Batch classify all findings into risk events.
Operation ID: classify_events_api_v1_risk__project_id__events_classify_post
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/events/summary¶

Summary: Get Events Summary
Description: Get risk events summary by 4 dimensions.
Operation ID: get_events_summary_api_v1_risk__project_id__events_summary_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/kir¶

Summary: Get Kir Values
Description: Calculate and return current KIR values.
Operation ID: get_kir_values_api_v1_risk__project_id__kir_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/kir/{kir_id}/trend¶

Summary: Get Kir Trend
Description: Get KIR value history (trend).
Operation ID: get_kir_trend_api_v1_risk__project_id__kir__kir_id__trend_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
kir_id in path (string, required)
last in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/kpur¶

Summary: Get Kpur Results
Description: Calculate and return KPUR results by 3 groups.
Operation ID: get_kpur_results_api_v1_risk__project_id__kpur_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/risk/{project_id}/threat-model-57580¶

Summary: Get Threat Model 57580
Description: Generate GOST R 57580.3 threat model.
Operation ID: get_threat_model_57580_api_v1_risk__project_id__threat_model_57580_get
Security: HTTPBearer, APIKeyHeader
Parameters:
project_id in path (string, required)
format in query (string, optional)
language in query (string, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

Tag: `Scenarios`¶

GET /api/v1/scenarios¶

Summary: List scenarios
Description: Get list of all available analysis scenarios.
Operation ID: list_scenarios_api_v1_scenarios_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/scenarios/{scenario_id}¶

Summary: Get scenario
Description: Get information about a specific scenario.
Operation ID: get_scenario_api_v1_scenarios__scenario_id__get
Parameters:
scenario_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ScenarioInfo
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/scenarios/{scenario_id}/query¶

Summary: Query scenario
Description: Send a query to a specific scenario.
Operation ID: query_scenario_api_v1_scenarios__scenario_id__query_post
Security: HTTPBearer, APIKeyHeader
Parameters:
scenario_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ScenarioQueryRequest (required)
Responses:
200: Successful Response; application/json -> ScenarioQueryResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Security`¶

POST /api/v1/security/autofix¶

Summary: Generate security autofix suggestions
Description: Generates automated fix suggestions for security vulnerabilities found via taint analysis. Returns diffs without applying them (read-only).
Operation ID: generate_autofix_api_v1_security_autofix_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> AutofixRequest (required)
Responses:
200: Successful Response; application/json -> AutofixResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/classify¶

Summary: Classify finding as TP/FP
Description: Use CPG context and taint verification to classify a security finding.
Operation ID: classify_finding_api_v1_security_classify_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> FPClassifyRequest (required)
Responses:
200: Successful Response; application/json -> FPClassifyResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/scan-diff¶

Summary: Scan diff for security issues
Description: Scan a raw diff for security vulnerabilities without git subprocess.
Operation ID: scan_diff_api_v1_security_scan_diff_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ScanDiffRequest (required)
Responses:
200: Successful Response; application/json -> ScanDiffResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Sessions`¶

GET /api/v1/sessions¶

Summary: List sessions
Description: Get paginated list of user’s chat sessions.
Operation ID: list_sessions_api_v1_sessions_get
Parameters:
page in query (integer, optional)
page_size in query (integer, optional)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SessionListResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/sessions¶

Summary: Create session
Description: Create a new chat session.
Operation ID: create_session_api_v1_sessions_post
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SessionCreate (required)
Responses:
201: Successful Response; application/json -> SessionInfo
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/sessions/{session_id}¶

Summary: Get session
Description: Get detailed session information including dialogue history.
Operation ID: get_session_api_v1_sessions__session_id__get
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> SessionDetail
422: Validation Error; application/json -> HTTPValidationError

PATCH /api/v1/sessions/{session_id}¶

Summary: Update session
Description: Update session metadata or scenario.
Operation ID: update_session_api_v1_sessions__session_id__patch
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
application/json -> SessionUpdate (required)
Responses:
200: Successful Response; application/json -> SessionInfo
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/sessions/{session_id}¶

Summary: Delete session
Description: Delete a chat session and its history.
Operation ID: delete_session_api_v1_sessions__session_id__delete
Parameters:
session_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
204: Successful Response
422: Validation Error; application/json -> HTTPValidationError

Tag: `Standards`¶

POST /api/v1/standards/analyze¶

Summary: Analyze code
Description: Analyze code against standards rules.
Operation ID: analyze_code_api_v1_standards_analyze_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> StandardsAnalyzeRequest (required)
Responses:
200: Successful Response; application/json -> StandardsAnalyzeResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/standards/documents¶

Summary: List documents
Description: List all imported standards documents.
Operation ID: list_documents_api_v1_standards_documents_get
Security: HTTPBearer, APIKeyHeader
Parameters:
active_only in query (boolean, optional) - Only show active documents
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

DELETE /api/v1/standards/documents/{document_id}¶

Summary: Remove document
Description: Remove a standards document.
Operation ID: remove_document_api_v1_standards_documents__document_id__delete
Security: HTTPBearer, APIKeyHeader
Parameters:
document_id in path (string, required)
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/standards/import¶

Summary: Import standards document
Description: Import a YAML standards document.
Operation ID: import_document_api_v1_standards_import_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ImportDocumentRequest (required)
Responses:
200: Successful Response; application/json -> DocumentResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/standards/import/upload¶

Summary: Upload standards document
Description: Upload a YAML standards document.
Operation ID: upload_document_api_v1_standards_import_upload_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
multipart/form-data -> UploadDocumentBody (required)
Responses:
200: Successful Response; application/json -> DocumentResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/standards/report¶

Summary: Generate report
Description: Generate a standards compliance report.
Operation ID: generate_report_api_v1_standards_report_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ReportRequest (required)
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/standards/rules¶

Summary: List rules
Description: List all rules from imported documents.
Operation ID: list_rules_api_v1_standards_rules_get
Security: HTTPBearer, APIKeyHeader
Parameters:
category in query (object, optional) - Filter by category
severity in query (object, optional) - Filter by severity
language in query (object, optional) - Filter by language
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/standards/template¶

Summary: Get document template
Description: Get a template for creating standards documents.
Operation ID: get_template_api_v1_standards_template_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/standards/violations¶

Summary: Get violations
Description: Get detected violations.
Operation ID: get_violations_api_v1_standards_violations_get
Security: HTTPBearer, APIKeyHeader
Parameters:
file_path in query (object, optional) - Filter by file
rule_id in query (object, optional) - Filter by rule
severity in query (object, optional) - Filter by severity
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

Tag: `Statistics`¶

GET /api/v1/stats¶

Summary: Get system statistics
Description: Get system-wide statistics and metrics.
Operation ID: get_stats_api_v1_stats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> MetricsResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/stats/performance¶

Summary: Get performance statistics
Description: Get system performance metrics.
Operation ID: get_performance_stats_api_v1_stats_performance_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> PerformanceStats
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/stats/scenarios¶

Summary: Get scenario statistics
Description: Get usage statistics per scenario.
Operation ID: get_scenario_stats_api_v1_stats_scenarios_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> ScenarioStats
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/stats/users¶

Summary: Get user statistics
Description: Get user activity statistics (admin only).
Operation ID: get_user_stats_api_v1_stats_users_get
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> UserStats
422: Validation Error; application/json -> HTTPValidationError

Tag: `Supply Chain`¶

GET /api/v1/supply-chain/findings¶

Summary: Get Findings
Description: Get supply chain findings for the active project.
Operation ID: get_findings_api_v1_supply_chain_findings_get
Security: HTTPBearer, APIKeyHeader
Parameters:
severity in query (object, optional) - Filter by severity
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/supply-chain/gost-report¶

Summary: Get Gost Report
Description: Generate GOST 5.17.3 report.
Operation ID: get_gost_report_api_v1_supply_chain_gost_report_get
Security: HTTPBearer, APIKeyHeader
Parameters:
language in query (string, optional) - Report language: ru or en
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> GostReportResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/supply-chain/registry¶

Summary: Get Registry
Description: Get component registry for the active project.
Operation ID: get_registry_api_v1_supply_chain_registry_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/supply-chain/scan¶

Summary: Scan Supply Chain
Description: Run full supply chain security scan for the active project.
Operation ID: scan_supply_chain_api_v1_supply_chain_scan_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> SupplyChainScanRequest (required)
Responses:
200: Successful Response; application/json -> SupplyChainScanResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/supply-chain/trust¶

Summary: Get Trust Scores
Description: Get trust scores for all components.
Operation ID: get_trust_scores_api_v1_supply_chain_trust_get
Security: HTTPBearer, APIKeyHeader
Parameters:
min_score in query (number, optional) - Show only components below this score
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> array
422: Validation Error; application/json -> HTTPValidationError

Tag: `Threat Model`¶

GET /api/v1/security/threat-model/dfd¶

Summary: Generate Data Flow Diagram
Description: Extract DFD from CPG and return as Mermaid or JSON.
Operation ID: get_dfd_api_v1_security_threat_model_dfd_get
Security: HTTPBearer, APIKeyHeader
Parameters:
format in query (string, optional) - Output format: mermaid|json
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> DFDResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/export¶

Summary: Export threat model in specified format
Description: Generate and export threat model as Markdown, GOST, SARIF, or JSON string.
Operation ID: export_threat_model_api_v1_security_threat_model_export_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ThreatModelGenerateRequest (required)
Responses:
200: Successful Response; application/json -> ThreatModelExportResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/generate¶

Summary: Generate STRIDE threat model
Description: Generates a complete STRIDE threat model from the project CPG. Includes DFD extraction, trust boundary detection, threat classification, and mitigation recommendations.
Operation ID: generate_threat_model_api_v1_security_threat_model_generate_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> ThreatModelGenerateRequest (required)
Responses:
200: Successful Response; application/json -> ThreatModelResponse
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/mitigations¶

Summary: List STRIDE mitigation recommendations
Description: Returns standard mitigations for each STRIDE category and CWE-specific recommendations.
Operation ID: list_mitigations_api_v1_security_threat_model_mitigations_get
Security: HTTPBearer, APIKeyHeader
Parameters:
category in query (object, optional) - STRIDE category filter
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/stride-mapping¶

Summary: CWE to STRIDE category mapping
Description: Returns the mapping of CWE IDs to STRIDE threat categories.
Operation ID: get_stride_mapping_api_v1_security_threat_model_stride_mapping_get
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

GET /api/v1/security/threat-model/threats¶

Summary: List threats
Description: List threats from the generated threat model with optional filters.
Operation ID: list_threats_api_v1_security_threat_model_threats_get
Security: HTTPBearer, APIKeyHeader
Parameters:
severity in query (object, optional) - Filter by severity
category in query (object, optional) - Filter by STRIDE category
language in query (string, optional) - Output language
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
None
Responses:
200: Successful Response; application/json -> object
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/security/threat-model/update¶

Summary: Incremental threat model update
Description: Compare new threat model against a previous version and compute delta.
Operation ID: update_threat_model_api_v1_security_threat_model_update_post
Security: HTTPBearer, APIKeyHeader
Parameters:
authorization in header (object, optional)
X-API-Key in header (object, optional)
X-Project-Id in header (object, optional)
Request Body:
application/json -> IncrementalUpdateRequest (required)
Responses:
200: Successful Response; application/json -> src__api__routers__threat_model__DeltaResponse
422: Validation Error; application/json -> HTTPValidationError

Tag: `Webhooks`¶

POST /api/v1/webhooks/github¶

Summary: GitHub webhook receiver
Description: Receives push and PR events from GitHub.
Operation ID: receive_github_webhook_api_v1_webhooks_github_post
Parameters:
None
Request Body:
None
Responses:
202: Successful Response; application/json -> WebhookResponse

POST /api/v1/webhooks/gitlab¶

Summary: GitLab webhook receiver
Description: Receives push and MR events from GitLab.
Operation ID: receive_gitlab_webhook_api_v1_webhooks_gitlab_post
Parameters:
None
Request Body:
None
Responses:
202: Successful Response; application/json -> WebhookResponse

POST /api/v1/webhooks/gitverse¶

Summary: GitVerse webhook receiver
Description: Receives push and PR events from GitVerse (GitHub-compatible format).
Operation ID: receive_gitverse_webhook_api_v1_webhooks_gitverse_post
Parameters:
None
Request Body:
None
Responses:
202: Successful Response; application/json -> WebhookResponse

POST /api/v1/webhooks/local¶

Summary: Local incremental CPG update
Description: Triggered by IDE plugins (OpenCode) after git commit for incremental CPG update.
Operation ID: receive_local_webhook_api_v1_webhooks_local_post
Parameters:
None
Request Body:
application/json -> LocalWebhookRequest (required)
Responses:
202: Successful Response; application/json -> WebhookResponse
422: Validation Error; application/json -> HTTPValidationError

POST /api/v1/webhooks/sourcecraft¶

Summary: SourceCraft webhook receiver
Description: Receives push and MR events from SourceCraft.
Operation ID: receive_sourcecraft_webhook_api_v1_webhooks_sourcecraft_post
Parameters:
None
Request Body:
None
Responses:
202: Successful Response; application/json -> WebhookResponse

GET /api/v1/webhooks/status/{project_id}¶

Summary: Get CPG update status
Description: Returns the latest CPG update pipeline status for a project.
Operation ID: get_webhook_status_api_v1_webhooks_status__project_id__get
Parameters:
project_id in path (string, required)
Request Body:
None
Responses:
200: Successful Response; application/json -> UpdateStatusResponse
422: Validation Error; application/json -> HTTPValidationError