Overview¶
This document is generated from the live FastAPI OpenAPI schema and serves as the contract-oriented REST reference. WebSocket endpoints are documented separately and are not part of OpenAPI.
- Swagger UI:
/api/docs - ReDoc:
/api/redoc - OpenAPI JSON:
/api/openapi.json
Authentication¶
Security Schemes¶
APIKeyHeader: type=apiKey, in=headerHTTPBearer: type=http, scheme=bearer
Supplemental Contract Coverage¶
The generated OpenAPI export remains the source of truth for the bulk catalog below. The following routes are listed explicitly to keep the written reference aligned with the live runtime for newer governance, active-project, and dashboard-control surfaces:
Agent Context and Recall¶
GET /api/v1/agent-context/sessions/{session_id}/taskGET /api/v1/agent-context/sessions/{session_id}/task/whyGET /api/v1/agent-context/sessions/{session_id}/context/whyPOST /api/v1/agent-context/sessions/{session_id}/recall-feedbackPOST /api/v1/agent-context/sessions/{session_id}/memory/dismissGET /api/v1/agent-context/stories/task-capsulesGET /api/v1/agent-context/tasks/nextGET /api/v1/memory/knowledgeGET /api/v1/memory/knowledge/source-refresh/planGET /api/v1/memory/knowledge/review-planGET /api/v1/memory/knowledge/policy
User Administration¶
GET /api/v1/admin/identity/usersPOST /api/v1/admin/identity/usersGET /api/v1/admin/identity/users/{user_id}PATCH /api/v1/admin/identity/users/{user_id}POST /api/v1/admin/identity/users/{user_id}/activatePOST /api/v1/admin/identity/users/{user_id}/deactivatePOST /api/v1/admin/identity/users/{user_id}/reset-passwordGET /api/v1/admin/identity/users/{user_id}/accessPUT /api/v1/admin/identity/users/{user_id}/access
AI FinOps Dashboard¶
GET /api/v1/finance/ai-finops/overviewGET /api/v1/finance/ai-finops/usageGET /api/v1/finance/ai-finops/usage/{request_id}GET /api/v1/finance/ai-finops/budgetsPOST /api/v1/finance/ai-finops/budgetsPUT /api/v1/finance/ai-finops/budgets/{budget_id}GET /api/v1/finance/ai-finops/policiesPOST /api/v1/finance/ai-finops/policiesPUT /api/v1/finance/ai-finops/policies/{policy_id}GET /api/v1/finance/ai-finops/catalogPOST /api/v1/finance/ai-finops/catalogPUT /api/v1/finance/ai-finops/catalog/{card_id}POST /api/v1/finance/ai-finops/catalog/estimateGET /api/v1/finance/ai-finops/incidentsGET /api/v1/finance/ai-finops/optimizationPOST /api/v1/finance/ai-finops/optimization/what-ifPOST /api/v1/finance/ai-finops/export
Security Dashboard Control Plane¶
GET /api/v1/security/overviewGET /api/v1/security/dlp/configPUT /api/v1/security/dlp/configGET /api/v1/security/dlp/activityGET /api/v1/security/siem/configPUT /api/v1/security/siem/configGET /api/v1/security/siem/statsGET /api/v1/security/siem/eventsGET /api/v1/security/audit-logGET /api/v1/security/audit-log/{entry_id}POST /api/v1/traceability/cross-repo/run
Project, Group, Repository, and Documentation Governance¶
GET /api/v1/documentation/projects/{project_name}/facts-metricsGET /api/v1/documentation/projects/{project_name}/packageGET /api/v1/documentation/projects/{project_name}/documentPATCH /api/v1/groups/{group_id}/users/{user_id}GET /api/v1/groups/{group_id}/users/{user_id}/project-accessPUT /api/v1/groups/{group_id}/users/{user_id}/project-accessPOST /api/v1/projects/{project_id}/switchGET /api/v1/projects/active/effectivePOST /api/v1/repositories/provider-connections/{connection_id}/health-check
Docs-Sync REST Coverage Index¶
The following REST route names are emitted by static interface discovery and are listed exactly so docs-sync can verify REST coverage.
GET /—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:12DELETE /gitverse/projects/{project_name}/binding—src/api/routers/dashboard_domains/dashboard_v2_gitverse.py:276DELETE /logout—src/api/routers/auth_suite/auth_local_routes.py:1148DELETE /personal-memory/interaction-profile/{employee_id}—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:249DELETE /personal-memory/{memory_uri:path}—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:298DELETE /saved-views/{view_id}—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:595DELETE /subscriptions/{sub_id}—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:395GET /ai-finops/billing-records—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:357GET /ai-finops/billing-sync/yandex—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:395GET /ai-finops/budgets—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:128GET /ai-finops/catalog—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:186GET /ai-finops/fx-rates—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:303GET /ai-finops/incidents—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:261GET /ai-finops/model-portfolio—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:222GET /ai-finops/optimization—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:414GET /ai-finops/overview—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:79GET /ai-finops/policies—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:159GET /ai-finops/reconciliation—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:385GET /ai-finops/recurring-costs—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:269GET /ai-finops/tax-profiles—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:330GET /ai-finops/usage—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:88GET /ai-finops/usage/{request_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:119GET /api-keys—src/api/routers/auth_suite/auth_machine_routes.py:97GET /api/v1/admin/runtime/deployment-profiles/status—src/api/routers/project_suite/deployment_profiles.py:32GET /api/v1/admin/runtime/deployment-profiles/{profile_id}/enforce—src/api/routers/project_suite/deployment_profiles.py:46GET /api/v1/admin/runtime/deployment-profiles/{profile_id}/readiness—src/api/routers/project_suite/deployment_profiles.py:38GET /api/v1/admin/runtime/health—src/api/routers/project_suite/managed_runtime.py:57GET /api/v1/admin/runtime/sessions/{session_id}/commands—src/api/routers/project_suite/managed_runtime.py:113GET /api/v1/admin/runtime/status—src/api/routers/project_suite/managed_runtime.py:51GET /api/v1/projects/{project_id}/business-graph—src/api/routers/project_suite/projects.py:621GET /api/v1/projects/{project_id}/business-graph/context—src/api/routers/project_suite/projects.py:750GET /api/v1/admin/access/audit-events—src/api/routers/query_support/workspace_access.py:297GET /api/v1/admin/access/decision—src/api/routers/query_support/workspace_access.py:277GET /api/v1/admin/access/effective-access—src/api/routers/query_support/workspace_access.py:263GET /api/v1/admin/access/team-agents—src/api/routers/query_support/workspace_access.py:119GET /api/v1/admin/access/teams—src/api/routers/query_support/workspace_access.py:87GET /assistants/{assistant_id}/memory-policy—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:356GET /audit-report-jobs/{job_id}—src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:1009GET /bindings—src/api/routers/project_suite/repositories_onboarding_routes.py:370GET /bindings/{binding_id}—src/api/routers/project_suite/repositories_onboarding_routes.py:388GET /bindings/{binding_id}/review-snapshots—src/api/routers/project_suite/repositories_sync_routes.py:433GET /bindings/{binding_id}/slices—src/api/routers/project_suite/repositories_onboarding_routes.py:591GET /bindings/{binding_id}/subprojects—src/api/routers/project_suite/repositories_onboarding_routes.py:728GET /bindings/{binding_id}/subprojects/discover—src/api/routers/project_suite/repositories_onboarding_routes.py:696GET /bindings/{binding_id}/sync-jobs—src/api/routers/project_suite/repositories_sync_routes.py:147GET /bulk-import/batches—src/api/routers/project_suite/repositories_onboarding_routes.py:862GET /bulk-import/batches/{batch_id}—src/api/routers/project_suite/repositories_onboarding_routes.py:903GET /api/v1/employee-tasks/cases/{case_id}/handoff-chain—src/api/routers/digital_employee_suite/digital_employees_governance_routes.py:351GET /compare—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:450GET /compliance/heatmap—src/api/routers/dashboard_domains/dashboard_v2_compliance_heatmap.py:265GET /api/v1/admin/workforce/control-tower/{project_key}—src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:418GET /cross-repo—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:491GET /deliveries—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:408GET /deliveries/pending—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:477GET /deliveries/summary—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:463GET /discover—src/api/routers/project_suite/repositories_onboarding_routes.py:121GET /engineering/dora/aggregates—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:238GET /engineering/integration-profiles—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:154GET /engineering/integration-profiles/{profile_id}—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:164GET /event-catalog—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:536GET /gitverse/overview—src/api/routers/dashboard_domains/dashboard_v2_gitverse.py:141GET /knowledge—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:146GET /knowledge/policy—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:705GET /knowledge/review-plan—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:251GET /knowledge/source-refresh/plan—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:223GET /ldap/status—src/api/routers/auth_suite/auth_external_routes.py:404GET /me—src/api/routers/auth_suite/auth_local_routes.py:240GET /memory/scopes—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:41GET /memory/shelf—src/api/routers/agent_context_suite/agent_context_memory_routes.py:216GET /metrics/mapping—src/api/routers/dashboard_core/dashboard_v2_metrics.py:87GET /oauth/providers—src/api/routers/auth_suite/auth_external_routes.py:49GET /oauth/{provider}—src/api/routers/auth_suite/auth_external_routes.py:86GET /oauth/{provider}/callback—src/api/routers/auth_suite/auth_external_routes.py:129GET /personal-memory—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:85GET /personal-memory/interaction-profile—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:167GET /personal-memory/settings—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:53GET /personal-memory/tombstones—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:128GET /portfolio—src/api/routers/project_suite/repositories_sync_routes.py:43GET /portfolio/compare-periods—src/api/routers/dashboard_core/dashboard_v2_history.py:143GET /api/v1/employee-tasks/prd-delivery/{case_id}/status—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:269GET /projects/{project_name}/basis—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:300GET /projects/{project_name}/dora—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:226GET /projects/{project_name}/dora/compare—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:293GET /projects/{project_name}/dora/snapshots—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:276GET /projects/{project_name}/drilldown—src/api/routers/dashboard_core/dashboard_v2_history.py:189GET /projects/{project_name}/health—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:265GET /projects/{project_name}/releases—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:73GET /projects/{project_name}/stability—src/api/routers/dashboard_domains/dashboard_v2_engineering.py:130GET /projects/{project_name}/trends—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:425GET /provider-connections—src/api/routers/project_suite/repositories_onboarding_routes.py:91GET /red-zone—src/api/routers/dashboard_core/dashboard_v2_red_zone.py:716GET /releases/{project_name}/compare—src/api/routers/dashboard_core/dashboard_v2_history.py:171GET /review-snapshots/{snapshot_id}/jobs—src/api/routers/project_suite/repositories_sync_routes.py:488GET /roles—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:339GET /roles/{role_id}/charter—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:347GET /saved-views—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:549GET /saved-views/{view_id}—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:582GET /sca/overview—src/api/routers/dashboard_domains/dashboard_v2_sca.py:53GET /security/audit-log—src/api/routers/dashboard_domains/dashboard_v2_security.py:222GET /security/audit-log/{entry_id}—src/api/routers/dashboard_domains/dashboard_v2_security.py:257GET /security/dlp/activity—src/api/routers/dashboard_domains/dashboard_v2_security.py:128GET /security/dlp/config—src/api/routers/dashboard_domains/dashboard_v2_security.py:84GET /security/overview—src/api/routers/dashboard_domains/dashboard_v2_security.py:75GET /security/siem/config—src/api/routers/dashboard_domains/dashboard_v2_security.py:142GET /security/siem/events—src/api/routers/dashboard_domains/dashboard_v2_security.py:208GET /security/siem/stats—src/api/routers/dashboard_domains/dashboard_v2_security.py:168GET /service-accounts—src/api/routers/auth_suite/auth_machine_routes.py:309GET /service-accounts/action-catalog—src/api/routers/auth_suite/auth_machine_routes.py:191GET /service-accounts/{service_account_id}—src/api/routers/auth_suite/auth_machine_routes.py:345GET /sessions/{session_id}/commit-status—src/api/routers/agent_context_suite/agent_context_sharing_routes.py:137GET /sessions/{session_id}/context/why—src/api/routers/agent_context_suite/agent_context_session_routes.py:288GET /sessions/{session_id}/task—src/api/routers/agent_context_suite/agent_context_session_routes.py:205GET /sessions/{session_id}/task/why—src/api/routers/agent_context_suite/agent_context_session_routes.py:238GET /snapshots—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:225GET /snapshots/policy—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:273GET /snapshots/{project_name}/compare-periods—src/api/routers/dashboard_core/dashboard_v2_history.py:115GET /snapshots/{project_name}/diff—src/api/routers/dashboard_core/dashboard_v2_history.py:91GET /snapshots/{project_name}/trends—src/api/routers/dashboard_core/dashboard_v2_history.py:59GET /snapshots/{snapshot_id}—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:282GET /subscriptions—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:140GET /surface-refresh-jobs/{job_id}—src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:790GET /sync-jobs—src/api/routers/project_suite/repositories_sync_routes.py:79GET /sync-jobs/backlog—src/api/routers/project_suite/repositories_sync_routes.py:121GET /api/v1/employee-tasks/tasks/{task_id}/workflow—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:133GET /users—src/api/routers/auth_suite/auth_local_routes.py:260GET /users/{user_id}—src/api/routers/auth_suite/auth_local_routes.py:351GET /users/{user_id}/access—src/api/routers/auth_suite/auth_local_routes.py:558GET /{employee_id}—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:410GET /{employee_id}/control-plane—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:541GET /{employee_id}/pinned-profile—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:622GET /{employee_id}/presence—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:522GET /{employee_id}/skills—src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:95GET /api/v1/admin/workforce/{employee_id}/skills/proposals—src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:64GET /api/v1/admin/workforce/{employee_id}/skills/proposals/{proposal_id}—src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:80GET /api/v1/admin/workforce/{employee_id}/skills/{skill_id}—src/api/routers/digital_employee_suite/digital_employees_skill_memory_routes.py:270PATCH /personal-memory/{memory_uri:path}—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:274PATCH /provider-connections/{connection_id}—src/api/routers/project_suite/repositories_onboarding_routes.py:168PATCH /subscriptions/{sub_id}—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:211PATCH /users/{user_id}—src/api/routers/auth_suite/auth_local_routes.py:370POST /ai-finops/billing-records—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:366POST /ai-finops/billing-sync/yandex/refresh—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:403POST /ai-finops/budgets—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:136POST /ai-finops/catalog—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:194POST /ai-finops/catalog/estimate—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:252POST /ai-finops/catalog/refresh—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:213POST /ai-finops/export—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:432POST /ai-finops/fx-rates—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:311POST /ai-finops/model-portfolio—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:230POST /ai-finops/optimization/what-if—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:423POST /ai-finops/policies—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:167POST /ai-finops/recurring-costs—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:277POST /ai-finops/tax-profiles—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:338POST /api-keys—src/api/routers/auth_suite/auth_machine_routes.py:46POST /api/v1/admin/runtime/deployment-profiles/exceptions—src/api/routers/project_suite/deployment_profiles.py:64POST /api/v1/admin/runtime/pools—src/api/routers/project_suite/managed_runtime.py:63POST /api/v1/admin/runtime/sessions/start—src/api/routers/project_suite/managed_runtime.py:76POST /api/v1/admin/runtime/sessions/{session_id}/commands/decide—src/api/routers/project_suite/managed_runtime.py:97POST /api/v1/admin/runtime/sessions/{session_id}/stop—src/api/routers/project_suite/managed_runtime.py:91POST /api/v1/projects/{project_id}/business-graph/sources—src/api/routers/project_suite/projects.py:694POST /api/v1/admin/access/grants—src/api/routers/query_support/workspace_access.py:233POST /api/v1/admin/access/memberships—src/api/routers/query_support/workspace_access.py:159POST /api/v1/admin/access/skill-bundles—src/api/routers/query_support/workspace_access.py:185POST /api/v1/admin/access/team-agents—src/api/routers/query_support/workspace_access.py:133POST /api/v1/admin/access/teams—src/api/routers/query_support/workspace_access.py:99POST /api/v1/admin/access/tool-policies—src/api/routers/query_support/workspace_access.py:209POST /bindings/{binding_id}/archive—src/api/routers/project_suite/repositories_onboarding_routes.py:527POST /bindings/{binding_id}/delete—src/api/routers/project_suite/repositories_onboarding_routes.py:559POST /bindings/{binding_id}/force-rebuild—src/api/routers/project_suite/repositories_sync_routes.py:247POST /bindings/{binding_id}/pause—src/api/routers/project_suite/repositories_onboarding_routes.py:463POST /bindings/{binding_id}/reconcile—src/api/routers/project_suite/repositories_sync_routes.py:187POST /bindings/{binding_id}/resume—src/api/routers/project_suite/repositories_onboarding_routes.py:495POST /bindings/{binding_id}/subprojects/import—src/api/routers/project_suite/repositories_onboarding_routes.py:773POST /bindings/{binding_id}/sync-identity—src/api/routers/project_suite/repositories_onboarding_routes.py:423POST /bulk-import—src/api/routers/project_suite/repositories_onboarding_routes.py:823POST /cross-repo/run—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:509POST /export—src/api/routers/dashboard_core/dashboard_v2_portfolio_routes.py:536POST /gitverse/projects/{project_name}/binding—src/api/routers/dashboard_domains/dashboard_v2_gitverse.py:190POST /gitverse/projects/{project_name}/validate—src/api/routers/dashboard_domains/dashboard_v2_gitverse.py:157POST /api/v1/employee-tasks/handoffs—src/api/routers/digital_employee_suite/digital_employees_governance_routes.py:239POST /api/v1/employee-tasks/handoffs/{handoff_id}/accept—src/api/routers/digital_employee_suite/digital_employees_governance_routes.py:265POST /api/v1/employee-tasks/handoffs/{handoff_id}/complete—src/api/routers/digital_employee_suite/digital_employees_governance_routes.py:319POST /api/v1/employee-tasks/handoffs/{handoff_id}/reject—src/api/routers/digital_employee_suite/digital_employees_governance_routes.py:290POST /import—src/api/routers/project_suite/repositories_onboarding_routes.py:313POST /knowledge/deprecate—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:769POST /knowledge/policy/reset—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:748POST /knowledge/review—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:803POST /knowledge/review-plan/apply—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:673POST /knowledge/source-refresh/apply—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:641POST /ldap—src/api/routers/auth_suite/auth_external_routes.py:270POST /memory/conflicts—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:323POST /memory/shelf—src/api/routers/agent_context_suite/agent_context_memory_routes.py:206POST /oauth/token—src/api/routers/auth_suite/auth_local_routes.py:948POST /personal-memory—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:103POST /personal-memory/interaction-profile/learn—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:208POST /personal-memory/interaction-profile/preview—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:233POST /personal-memory/promotions—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:144POST /api/v1/employee-tasks/prd-delivery/{case_id}/execute—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:202POST /api/v1/employee-tasks/prd-delivery/{case_id}/start—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:237POST /provider-connections—src/api/routers/project_suite/repositories_onboarding_routes.py:43POST /recall—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:366POST /recall-feedback—src/api/routers/agent_context_suite/agent_context_memory_routes.py:772POST /recall/explain—src/api/routers/agent_context_suite/agent_context_memory_routes.py:746POST /refresh—src/api/routers/auth_suite/auth_local_routes.py:853POST /review-snapshots/{snapshot_id}/expire—src/api/routers/project_suite/repositories_sync_routes.py:571POST /review-snapshots/{snapshot_id}/rerun—src/api/routers/project_suite/repositories_sync_routes.py:528POST /saved-views—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:569POST /service-accounts—src/api/routers/auth_suite/auth_machine_routes.py:221POST /sessions/open—src/api/routers/agent_context_suite/agent_context_session_routes.py:62POST /sessions/{session_id}/accept-handoff—src/api/routers/agent_context_suite/agent_context_sharing_routes.py:64POST /sessions/{session_id}/archive—src/api/routers/agent_context_suite/agent_context_session_routes.py:698POST /sessions/{session_id}/browse—src/api/routers/agent_context_suite/agent_context_session_routes.py:582POST /sessions/{session_id}/close—src/api/routers/agent_context_suite/agent_context_session_routes.py:675POST /sessions/{session_id}/commit—src/api/routers/agent_context_suite/agent_context_session_routes.py:644POST /sessions/{session_id}/fetch—src/api/routers/agent_context_suite/agent_context_session_routes.py:371POST /sessions/{session_id}/memory/dismiss—src/api/routers/agent_context_suite/agent_context_session_routes.py:531POST /sessions/{session_id}/messages—src/api/routers/agent_context_suite/agent_context_session_routes.py:339POST /sessions/{session_id}/read—src/api/routers/agent_context_suite/agent_context_session_routes.py:549POST /sessions/{session_id}/recall-feedback—src/api/routers/agent_context_suite/agent_context_session_routes.py:514POST /sessions/{session_id}/reject-handoff—src/api/routers/agent_context_suite/agent_context_sharing_routes.py:88POST /api/v1/admin/context-sessions/{session_id}/share-revocations—src/api/routers/agent_context_suite/agent_context_sharing_routes.py:221POST /sessions/{session_id}/share—src/api/routers/agent_context_suite/agent_context_sharing_routes.py:32POST /sessions/{session_id}/used-context—src/api/routers/agent_context_suite/agent_context_session_routes.py:616POST /snapshots—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:196POST /snapshots/compare—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:298POST /snapshots/{snapshot_id}/export—src/api/routers/dashboard_core/dashboard_v2_snapshots.py:358POST /subscriptions—src/api/routers/dashboard_domains/dashboard_v2_notifications.py:161POST /surface-refresh/{surface_id}—src/api/routers/dashboard_jobs/dashboard_v2_surface_refresh_routes.py:620POST /sync-jobs/{job_id}/replay—src/api/routers/project_suite/repositories_sync_routes.py:387POST /tasks—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:22POST /api/v1/employee-tasks/tasks/{task_id}/approval-decision—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:115POST /api/v1/employee-tasks/tasks/{task_id}/checklist/generate—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:152POST /api/v1/employee-tasks/tasks/{task_id}/pre-completion—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:176POST /api/v1/admin/employee-runtime/temporal/governance-readiness—src/api/routers/digital_employee_suite/digital_employees_topology_routes.py:738POST /token—src/api/routers/auth_suite/auth_local_routes.py:136POST /users—src/api/routers/auth_suite/auth_local_routes.py:302POST /users/{user_id}/activate—src/api/routers/auth_suite/auth_local_routes.py:441POST /users/{user_id}/deactivate—src/api/routers/auth_suite/auth_local_routes.py:475POST /users/{user_id}/reset-password—src/api/routers/auth_suite/auth_local_routes.py:515PUT /ai-finops/billing-records/{billing_record_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:375PUT /ai-finops/budgets/{budget_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:146PUT /ai-finops/catalog/{card_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:203PUT /ai-finops/fx-rates/{fx_rate_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:320PUT /ai-finops/model-portfolio/{portfolio_entry_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:239PUT /ai-finops/policies/{policy_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:176PUT /ai-finops/recurring-costs/{recurring_cost_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:288PUT /ai-finops/tax-profiles/{tax_profile_id}—src/api/routers/dashboard_domains/dashboard_v2_ai_finops.py:347PUT /api/v1/projects/{project_id}/business-graph—src/api/routers/project_suite/projects.py:642PUT /api/v1/projects/{project_id}/preference—src/api/routers/project_suite/projects.py:539PUT /bindings/{binding_id}/slices—src/api/routers/project_suite/repositories_onboarding_routes.py:636PUT /knowledge/policy—src/api/routers/agent_context_suite/agent_context_knowledge_routes.py:726PUT /personal-memory/interaction-profile—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:183PUT /personal-memory/settings—src/api/routers/agent_context_suite/agent_context_personal_memory_routes.py:67PUT /security/dlp/config—src/api/routers/dashboard_domains/dashboard_v2_security.py:92PUT /security/siem/config—src/api/routers/dashboard_domains/dashboard_v2_security.py:150PUT /users/{user_id}/access—src/api/routers/auth_suite/auth_local_routes.py:598list_digital_employees—src/api/routers/digital_employee_suite/digital_employees_profile_routes.py:12
Endpoint Catalog¶
Tag: Agent Client Protocol¶
POST /api/v1/admin/runtime/acp/rpc¶
- Summary: Acp Rpc
- Description: ACP JSON-RPC endpoint. Handles all ACP method calls over HTTP. Authentication is optional but enables session persistence.
- Operation ID:
acp_rpc_api_v1_acp_rpc_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->JSONRPCRequest(required)- Responses:
200: Successful Response;application/json->JSONRPCResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/acp/sessions¶
- Summary: List Sessions
- Description: List active ACP sessions for current user. Requires authentication.
- Operation ID:
list_sessions_api_v1_acp_sessions_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/admin/runtime/acp/sessions/{session_id}¶
- Summary: Delete Session
- Description: Delete an ACP session. Requires authentication and ownership.
- Operation ID:
delete_session_api_v1_acp_sessions__session_id__delete - Parameters:
session_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
Tag: Audit Diff¶
GET /api/v1/admin/runtime/audit/{project_id}/diff¶
- Summary: Diff findings between two runs
- Description: Compare findings between two analysis runs (GOST 8.9).
- Operation ID:
diff_findings_api_v1_audit__project_id__diff_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)run1inquery(string, required) - First run ID (baseline)run2inquery(string, required) - Second run ID (current)hide_fpinquery(boolean, optional) - Hide suppressed findingsauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->DiffResultResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/audit/{project_id}/diff/latest¶
- Summary: Diff findings between last two runs
- Description: Compare the last two analysis runs for the project.
- Operation ID:
diff_latest_api_v1_audit__project_id__diff_latest_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)hide_fpinquery(boolean, optional) - Hide suppressed findingsauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->DiffResultResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/audit/{project_id}/scopes¶
- Summary: Get analysis scopes configuration
- Description: Return current analysis scope configuration for the project.
- Operation ID:
get_scopes_api_v1_audit__project_id__scopes_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ScopeConfigResponse422: Validation Error;application/json->HTTPValidationError
PUT /api/v1/admin/runtime/audit/{project_id}/scopes¶
- Summary: Update analysis scopes configuration
- Description: Update analysis scope configuration for the project.
- Operation ID:
update_scopes_api_v1_audit__project_id__scopes_put - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ScopeUpdateRequest(required)- Responses:
200: Successful Response;application/json->ScopeConfigResponse422: Validation Error;application/json->HTTPValidationError
Tag: Audit Progress¶
GET /api/v1/admin/runtime/audit/analysis-status¶
- Summary: Full scan schedule status
- Description: Return last full scan timestamp and deadline status.
- Operation ID:
get_analysis_status_api_v1_audit_analysis_status_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
projectinquery(string, optional) - Project nameauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->AnalysisStatusResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/audit/markup-status¶
- Summary: Markup status for latest findings
- Description: Return unreviewed and overdue findings for the latest run.
- Operation ID:
get_markup_status_api_v1_audit_markup_status_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
projectinquery(string, optional) - Project nameauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->MarkupStatusResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/audit/progress¶
- Summary: Audit progress report
- Description: Return progress metrics for a date range.
- Operation ID:
get_audit_progress_api_v1_audit_progress_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
frominquery(string, required)toinquery(string, required)projectinquery(string, optional) - Project nameauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->AuditProgressResponse422: Validation Error;application/json->HTTPValidationError
Tag: Authentication¶
GET /api/v1/me/api-keys¶
- Summary: List API keys
- Description: Get all API keys for the current user.
- Operation ID:
list_api_keys_api_v1_auth_api_keys_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
Portfolio Dashboard Runtime Notes¶
The portfolio dashboard product path relies on these routes in addition to the generated endpoint catalog:
GET /api/v1/traceability/portfolio/compare-periodsGET /api/v1/traceability/saved-viewsPOST /api/v1/traceability/saved-viewsGET /api/v1/traceability/saved-views/{view_id}DELETE /api/v1/traceability/saved-views/{view_id}POST /api/v1/traceability/subscriptionsPOST /api/v1/traceability/export
POST /api/v1/me/api-keys¶
- Summary: Create API key
- Description: Generate a new API key for programmatic access.
- Operation ID:
create_api_key_api_v1_auth_api_keys_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->ApiKeyCreate(required)- Responses:
200: Successful Response;application/json->ApiKeyResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/me/api-keys/{key_id}¶
- Summary: Revoke API key
- Description: Revoke an API key.
- Operation ID:
revoke_api_key_api_v1_auth_api_keys__key_id__delete - Parameters:
key_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
POST /api/v1/auth/ldap¶
- Summary: LDAP authentication
- Description: Authenticate using LDAP/Active Directory.
- Operation ID:
ldap_login_api_v1_auth_ldap_post - Parameters:
- None
- Request Body:
application/json->LDAPAuthRequest(required)- Responses:
200: Successful Response;application/json->TokenResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/auth/ldap/status¶
- Summary: LDAP status
- Description: Check LDAP connection status.
- Operation ID:
ldap_status_api_v1_auth_ldap_status_get - Parameters:
- None
- Request Body:
- None
- Responses:
200: Successful Response;application/json->object
DELETE /api/v1/me/logout¶
- Summary: Logout
- Description: Invalidate current tokens.
- Operation ID:
logout_api_v1_auth_logout_delete - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/me¶
- Summary: Get current user
- Description: Return the authenticated user profile.
- Operation ID:
get_current_profile_api_v1_auth_me_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->UserProfileResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/auth/oauth/providers¶
- Summary: List OAuth providers
- Description: Get list of available OAuth providers.
- Operation ID:
list_oauth_providers_api_v1_auth_oauth_providers_get - Parameters:
- None
- Request Body:
- None
- Responses:
200: Successful Response;application/json->array
POST /api/v1/auth/oauth/token¶
- Summary: OAuth 2.0 Token Endpoint
- Description: RFC 6749-compatible token endpoint. Supports grant_type=password and grant_type=refresh_token. Designed for Claude Code MCP automatic token refresh and other OAuth-compatible clients.
- Operation ID:
oauth_token_api_v1_auth_oauth_token_post - Parameters:
grant_typeinquery(object, optional)usernameinquery(object, optional)passwordinquery(object, optional)refresh_token_paraminquery(object, optional)- Request Body:
application/json->object(optional)- Responses:
200: Successful Response;application/json->OAuthTokenResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/auth/oauth/{provider}¶
- Summary: Start OAuth flow
- Description: Redirect to OAuth provider for authentication.
- Operation ID:
oauth_start_api_v1_auth_oauth__provider__get - Parameters:
providerinpath(string, required)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/auth/oauth/{provider}/callback¶
- Summary: OAuth callback
- Description: Handle OAuth callback from provider.
- Operation ID:
oauth_callback_api_v1_auth_oauth__provider__callback_get - Parameters:
providerinpath(string, required)codeinquery(string, required)stateinquery(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->TokenResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/auth/refresh¶
- Summary: Refresh JWT token
- Description: Get new access token using refresh token.
- Operation ID:
refresh_token_api_v1_auth_refresh_post - Parameters:
- None
- Request Body:
application/json->RefreshTokenRequest(required)- Responses:
200: Successful Response;application/json->TokenResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/identity/service-accounts¶
- Summary: List service accounts
- Description: List configured service accounts without credential secrets.
- Operation ID:
list_service_accounts_api_v1_auth_service_accounts_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
POST /api/v1/admin/identity/service-accounts¶
- Summary: Create service account
- Description: Create a scoped service account and issue its initial credential.
- Operation ID:
create_service_account_api_v1_auth_service_accounts_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->ServiceAccountCreate(required)- Responses:
201: Successful Response;application/json->ServiceAccountCreatedResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/identity/service-accounts/action-catalog¶
- Summary: Get machine action catalog
- Description: Return the canonical versioned action catalog and policy templates for machine access.
- Operation ID:
get_service_account_action_catalog_api_v1_auth_service_accounts_action_catalog_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ActionCatalogResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/identity/service-accounts/{service_account_id}¶
- Summary: Get service account
- Description: Get a single service account without credential secrets.
- Operation ID:
get_service_account_api_v1_auth_service_accounts__service_account_id__get - Parameters:
service_account_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ServiceAccountDetailsResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/admin/identity/service-accounts/{service_account_id}/credentials/{credential_id}/revoke¶
- Summary: Revoke service account credential
- Description: Revoke one credential while keeping the service account active.
- Operation ID:
revoke_service_account_credential_api_v1_auth_service_accounts__service_account_id__credentials__credential_id__revoke_post - Parameters:
service_account_idinpath(string, required)credential_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
POST /api/v1/admin/identity/service-accounts/{service_account_id}/deactivate¶
- Summary: Deactivate service account
- Description: Disable a service account and revoke its active credentials.
- Operation ID:
deactivate_service_account_api_v1_auth_service_accounts__service_account_id__deactivate_post - Parameters:
service_account_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
POST /api/v1/admin/identity/service-accounts/{service_account_id}/rotate¶
- Summary: Rotate service account credential
- Description: Issue a new credential without revoking existing ones.
- Operation ID:
rotate_service_account_credential_api_v1_auth_service_accounts__service_account_id__rotate_post - Parameters:
service_account_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ServiceAccountCreatedResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/auth/token¶
- Summary: Get JWT token
- Description: Authenticate with username/password and get JWT tokens.
- Operation ID:
login_api_v1_auth_token_post - Parameters:
- None
- Request Body:
application/json->TokenRequest(required)- Responses:
200: Successful Response;application/json->TokenResponse422: Validation Error;application/json->HTTPValidationError
Tag: Dashboard V2¶
GET /api/v1/traceability/audit-report-jobs/{job_id}¶
- Summary: Get Audit Report Job
- Description: Return background audit report job status.
- Operation ID:
get_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__get - Security:
HTTPBearer,APIKeyHeader - Parameters:
job_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->AuditReportJobResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/audit-report-jobs/{job_id}/download¶
- Summary: Download Audit Report Job
- Description: Download the generated markdown for a completed audit report job.
- Operation ID:
download_audit_report_job_api_v2_dashboard_audit_report_jobs__job_id__download_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
job_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/compare¶
- Summary: Compare Projects
- Description: Compare 2-10 projects across audit dimensions.
- Operation ID:
compare_projects_api_v2_dashboard_compare_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
projectsinquery(string, required) - Comma-separated project names (2-10)dimensionsinquery(object, optional) - Comma-separated Q numbers (default: all 12)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->CrossProjectComparison422: Validation Error;application/json->HTTPValidationError
GET /api/v1/compliance/heatmap¶
- Summary: Get Compliance Heatmap
- Description: Compliance heatmap — projects x processes matrix.
- Operation ID:
get_compliance_heatmap_api_v1_compliance_heatmap_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalityservice_typeinquery(object, optional) - Filter by service typestandardinquery(string, optional) - gost-56939 | gost-57580authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ComplianceHeatmapResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/cross-repo¶
- Summary: Get Cross Repo
- Description: Cross-repository analysis overview.
- Operation ID:
get_cross_repo_api_v1_traceability_cross_repo_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by groupanalysis_typeinquery(string, optional) - summary | duplications | dependenciesauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->CrossRepoResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/deliveries¶
- Summary: List Notification Deliveries
- Description: List delivery attempts for the current user’s notification subscriptions.
- Operation ID:
list_notification_deliveries_api_v1_traceability_deliveries_get - Parameters:
limitinquery(integer, optional)statusinquery(string, optional) - sent | failedchannelinquery(string, optional) - telegram | slack | emailevent_typeinquery(string, optional) - Notification event typeproject_nameinquery(string, optional) - Filter by project nameis_testinquery(object, optional) - Filter test deliveriesauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/deliveries/pending¶
- Summary: List Pending Notification Deliveries
- Description: List queued notification deliveries that have not been flushed yet.
- Operation ID:
list_pending_notification_deliveries_api_v1_traceability_deliveries_pending_get - Parameters:
limitinquery(integer, optional)channelinquery(string, optional) - telegram | slack | emailauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/deliveries/summary¶
- Summary: Get Notification Delivery Summary
- Description: Aggregate delivery and pending queue state for the current user.
- Operation ID:
get_notification_delivery_summary_api_v1_traceability_deliveries_summary_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->NotificationDeliverySummaryResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/event-catalog¶
- Summary: Get Notification Event Catalog
- Description: Return versioned notification event catalog.
- Operation ID:
get_notification_event_catalog_api_v1_traceability_event_catalog_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->NotificationEventCatalogResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/export¶
- Summary: Export Dashboard
- Description: Export dashboard data in various formats (json, markdown, gost, pdf).
- Operation ID:
export_dashboard_api_v2_dashboard_export_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ExportRequest(required)- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/metrics¶
- Summary: Dashboard Metrics
- Description: Export dashboard metrics in Prometheus text format. Scrapes all project health scores and updates Prometheus gauges, then returns the standard Prometheus text exposition.
- Operation ID:
dashboard_metrics_api_v2_dashboard_metrics_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by groupauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/metrics/mapping¶
- Summary: Dashboard Metrics Mapping
- Description: Export canonical dashboard metric samples for Grafana and automation.
- Operation ID:
dashboard_metrics_mapping_api_v1_traceability_metrics_mapping_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalitylanguageinquery(object, optional) - Filter by languagedomaininquery(object, optional) - Filter by domainservice_typeinquery(object, optional) - Filter by service typemin_riskinquery(object, optional) - Minimum risk level filterauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->DashboardMetricsMappingResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/portfolio¶
- Summary: Get Portfolio
- Description: Portfolio overview — aggregated health across all projects.
- Operation ID:
get_portfolio_api_v2_dashboard_portfolio_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalitylanguageinquery(object, optional) - Filter by languagedomaininquery(object, optional) - Filter by domainservice_typeinquery(object, optional) - Filter by service typemin_riskinquery(object, optional) - Minimum risk level filterauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->PortfolioSummary422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/projects¶
- Summary: Get Projects Catalog
- Description: Full catalog of registered dashboard projects with current health metrics.
- Operation ID:
get_projects_catalog_api_v2_dashboard_projects_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalitylanguageinquery(object, optional) - Filter by languagedomaininquery(object, optional) - Filter by domainservice_typeinquery(object, optional) - Filter by service typemin_riskinquery(object, optional) - Minimum risk level filterauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectCatalogResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/projects/{project_name}/audit-report-jobs¶
- Summary: Create Audit Report Job
- Description: Start a fresh audit report as a background job.
- Operation ID:
create_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->AuditReportJobCreate(required)- Responses:
202: Successful Response;application/json->AuditReportJobResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/projects/{project_name}/audit-report-jobs/latest¶
- Summary: Get Latest Audit Report Job
- Description: Return the latest audit report job for the current caller and project.
- Operation ID:
get_latest_audit_report_job_api_v2_dashboard_projects__project_name__audit_report_jobs_latest_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/projects/{project_name}/drilldown¶
- Summary: Get Project Drilldown
- Description: Expand a project/category pair into findings and source locations where available.
- Operation ID:
get_project_drilldown_api_v2_dashboard_projects__project_name__drilldown_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)categoryinquery(string, required) - security | compliance | compliance-57580-maturity | compliance-57580-capabilities | compliance-57580-risk | release | sca | audit-total-methods | audit-dead-methods | audit-avg-complexity | audit-max-complexity | audit-doc-coverage | audit-dependency-cycleslimitinquery(integer, optional) - Max itemsauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->DrilldownResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/projects/{project_name}/health¶
- Summary: Get Project Health
- Description: Single project health score with optional detail sections.
- Operation ID:
get_project_health_api_v2_dashboard_projects__project_name__health_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)include_sectionsinquery(boolean, optional) - Include 12 audit sectionsinclude_processesinquery(boolean, optional) - Include 25 GOST processesinclude_checksinquery(boolean, optional) - Include release gate checksinclude_scainquery(boolean, optional) - Include SCA detailsauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectHealthScore422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/projects/{project_name}/trends¶
- Summary: Get Trends
- Description: Historical trends for a project.
- Operation ID:
get_trends_api_v2_dashboard_projects__project_name__trends_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)periodinquery(string, optional) - 7d | 30d | 90d | 180d | 1ymetricsinquery(object, optional) - Comma-separated: health,audit,compliance,findings,coveragegranularityinquery(string, optional) - daily | weekly | monthly | autoauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->TrendsResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/red-zone¶
- Summary: Get Red Zone
- Description: Red zone items — critical issues requiring immediate attention.
- Operation ID:
get_red_zone_api_v2_dashboard_red_zone_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalityservice_typeinquery(object, optional) - Filter by service typeseverityinquery(string, optional) - Comma-separated severitiesoffsetinquery(integer, optional) - Pagination offsetlimitinquery(integer, optional) - Max itemscategoryinquery(object, optional) - security | compliance | release | sca | qualityauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RedZoneResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/releases/{project_name}/compare¶
- Summary: Get Release Comparison
- Description: Compare two release gate runs and attach nearest snapshot deltas when available.
- Operation ID:
get_release_comparison_api_v2_dashboard_releases__project_name__compare_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)from_run_idinquery(string, optional) - Older release run IDto_run_idinquery(string, optional) - Newer release run IDauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ReleaseComparisonResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/saved-views¶
- Summary: List Saved Views
- Description: List saved dashboard views for the current user.
- Operation ID:
list_saved_views_api_v1_traceability_saved_views_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/saved-views¶
- Summary: Create Saved View
- Description: Create a saved dashboard view for later reuse.
- Operation ID:
create_saved_view_api_v1_traceability_saved_views_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->SavedViewCreate(required)- Responses:
201: Successful Response;application/json->SavedViewResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/saved-views/{view_id}¶
- Summary: Get Saved View
- Description: Get a saved dashboard view by ID.
- Operation ID:
get_saved_view_api_v1_traceability_saved_views__view_id__get - Parameters:
view_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->SavedViewResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/traceability/saved-views/{view_id}¶
- Summary: Delete Saved View
- Description: Delete a saved dashboard view.
- Operation ID:
delete_saved_view_api_v1_traceability_saved_views__view_id__delete - Parameters:
view_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/sca/overview¶
- Summary: Get Sca Overview
- Description: SCA/SBOM portfolio overview — vulnerabilities across all projects.
- Operation ID:
get_sca_overview_api_v1_security_sca_overview_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
group_idinquery(object, optional) - Filter by grouporganizationinquery(object, optional) - Filter by organizationteaminquery(object, optional) - Filter by teamenvironmentinquery(object, optional) - Filter by environmentcriticalityinquery(object, optional) - Filter by system criticalityservice_typeinquery(object, optional) - Filter by service typeseverityinquery(object, optional) - Filter by severityauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ScaPortfolioResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/snapshots¶
- Summary: List Snapshots
- Description: List snapshots limited to the current project or group access scope.
- Operation ID:
list_snapshots_api_v2_dashboard_snapshots_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
scopeinquery(string, optional) - project | groupproject_nameinquery(string, optional) - Project name for project scopegroup_idinquery(string, optional) - Group ID for group scopelimitinquery(object, optional) - Maximum items to returnauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->SnapshotListResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/snapshots¶
- Summary: Create Snapshot
- Description: Create a manual snapshot for the current project or group context.
- Operation ID:
create_snapshot_api_v2_dashboard_snapshots_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->SnapshotCreateRequest(required)- Responses:
200: Successful Response;application/json->SnapshotResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/snapshots/compare¶
- Summary: Compare Snapshots
- Description: Compare snapshots by IDs or by project/timestamp pair.
- Operation ID:
compare_snapshots_api_v2_dashboard_snapshots_compare_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->SnapshotCompareRequest(required)- Responses:
200: Successful Response;application/json->SnapshotDiffResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/snapshots/{project_name}/compare-periods¶
- Summary: Get Period Comparison
- Description: Compare two adjacent snapshot-backed periods for a project.
- Operation ID:
get_period_comparison_api_v2_dashboard_snapshots__project_name__compare_periods_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)baseline_periodinquery(string, optional) - Older window: 7d | 30d | 90d | 180d | 1ycomparison_periodinquery(string, optional) - Newer window: 7d | 30d | 90d | 180d | 1yauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->PeriodComparisonResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/snapshots/{project_name}/diff¶
- Summary: Get Snapshot Diff
- Description: Compare two materialized snapshots, defaulting to the latest pair.
- Operation ID:
get_snapshot_diff_api_v2_dashboard_snapshots__project_name__diff_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)from_timestampinquery(string, optional) - Older snapshot timestampto_timestampinquery(string, optional) - Newer snapshot timestampauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->SnapshotDiffResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/snapshots/{project_name}/trends¶
- Summary: Get Snapshot Trends
- Description: Get trends from snapshot store (faster than live adapter queries).
- Operation ID:
get_snapshot_trends_api_v2_dashboard_snapshots__project_name__trends_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_nameinpath(string, required)periodinquery(string, optional) - 7d | 30d | 90d | 180d | 1yauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->TrendsResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/snapshots/{snapshot_id}/export¶
- Summary: Export Snapshot
- Description: Export a snapshot or a compare report derived from it.
- Operation ID:
export_snapshot_api_v2_dashboard_snapshots__snapshot_id__export_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
snapshot_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->SnapshotExportRequest(required)- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/traceability/subscriptions¶
- Summary: List Subscriptions
- Description: List notification subscriptions for the current user.
- Operation ID:
list_subscriptions_api_v1_traceability_subscriptions_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
POST /api/v1/traceability/subscriptions¶
- Summary: Create Subscription
- Description: Create a new notification subscription.
- Operation ID:
create_subscription_api_v1_traceability_subscriptions_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->SubscriptionCreate(required)- Responses:
201: Successful Response;application/json->SubscriptionResponse422: Validation Error;application/json->HTTPValidationError
PATCH /api/v1/traceability/subscriptions/{sub_id}¶
- Summary: Update Subscription
- Description: Update an existing notification subscription.
- Operation ID:
update_subscription_api_v1_traceability_subscriptions__sub_id__patch - Parameters:
sub_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->SubscriptionUpdate(required)- Responses:
200: Successful Response;application/json->SubscriptionResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/traceability/subscriptions/{sub_id}¶
- Summary: Delete Subscription
- Description: Delete a notification subscription.
- Operation ID:
delete_subscription_api_v1_traceability_subscriptions__sub_id__delete - Parameters:
sub_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
Tag: Dependencies¶
The dependencies router is mounted under /api/v1/code. The canonical multi-project SCA contract
uses project-scoped routes:
GET /api/v1/security/sca/projects/{project_name}/summaryGET /api/v1/security/sca/projects/{project_name}/dependenciesGET /api/v1/security/sca/projects/{project_name}/vulnerabilitiesGET /api/v1/security/sca/projects/{project_name}/sbomPOST /api/v1/security/sca/projects/{project_name}/auditGET /api/v1/security/sca/projects/{project_name}/gost-report
Legacy scan-scoped routes under /api/v1/deps/scan, /list, /graph, /check-vulnerabilities,
/outdated, /licenses, /health-score, /sbom, /audit, /gost-report, and /sync-cache
were retired by story #767; use the project-scoped routes above.
Tag: Health¶
GET /api/v1/health¶
- Summary: Full health check
- Description: Returns detailed health status of all system components.
- Operation ID:
health_check_api_v1_health_get - Parameters:
- None
- Request Body:
- None
- Responses:
200: Successful Response;application/json->HealthStatus
GET /api/v1/health/live¶
- Summary: Liveness probe
- Description: Kubernetes liveness probe endpoint. Returns 200 if service is running.
- Operation ID:
liveness_probe_api_v1_health_live_get - Parameters:
- None
- Request Body:
- None
- Responses:
200: Successful Response;application/json->object
GET /api/v1/health/ready¶
- Summary: Readiness probe
- Description: Kubernetes readiness probe endpoint. Returns 200 if service is ready to accept traffic.
- Operation ID:
readiness_probe_api_v1_health_ready_get - Parameters:
- None
- Request Body:
- None
- Responses:
200: Successful Response;application/json->object
Tag: Project Groups¶
GET /api/v1/groups¶
- Summary: List Groups
- Description: List project groups accessible by the current user. Admin users see all groups, regular users see only their groups.
- Operation ID:
list_groups_api_v1_groups_get - Parameters:
limitinquery(integer, optional)offsetinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->GroupListResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/groups¶
- Summary: Create Group
- Description: Create a new project group. Only admin users can create groups.
- Operation ID:
create_group_api_v1_groups_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->GroupCreate(required)- Responses:
201: Successful Response;application/json->GroupResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/groups/{group_id}¶
- Summary: Get Group
- Description: Get project group by ID.
- Operation ID:
get_group_api_v1_groups__group_id__get - Parameters:
group_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->GroupResponse422: Validation Error;application/json->HTTPValidationError
PUT /api/v1/groups/{group_id}¶
- Summary: Update Group
- Description: Update project group. Requires admin access to the group.
- Operation ID:
update_group_api_v1_groups__group_id__put - Parameters:
group_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->GroupUpdate(required)- Responses:
200: Successful Response;application/json->GroupResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/groups/{group_id}¶
- Summary: Delete Group
- Description: Delete a project group. Only admin users can delete groups.
- Operation ID:
delete_group_api_v1_groups__group_id__delete - Parameters:
group_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
GET /api/v1/groups/{group_id}/users¶
- Summary: List Group Users
- Description: List users with access to a group.
- Operation ID:
list_group_users_api_v1_groups__group_id__users_get - Parameters:
group_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->UserAccessListResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/groups/{group_id}/users¶
- Summary: Add Group User
- Description: Add user access to a group. Requires admin access to the group.
- Operation ID:
add_group_user_api_v1_groups__group_id__users_post - Parameters:
group_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->UserAccessCreate(required)- Responses:
201: Successful Response;application/json->UserAccessResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/groups/{group_id}/users/{user_id}¶
- Summary: Remove Group User
- Description: Remove user access from a group. Requires admin access to the group.
- Operation ID:
remove_group_user_api_v1_groups__group_id__users__user_id__delete - Parameters:
group_idinpath(string, required)user_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
Tag: Project Import¶
DELETE /api/v1/import/cancel/{job_id}¶
- Summary: Cancel import job
- Description: Cancel a running import job.
- Operation ID:
cancel_import_api_v1_import_cancel__job_id__delete - Parameters:
job_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/import/jobs¶
- Summary: List import jobs
- Description: List all import jobs.
- Operation ID:
list_import_jobs_api_v1_import_jobs_get - Parameters:
status_filterinquery(object, optional)limitinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/import/languages¶
- Summary: List supported languages
- Description: Get list of supported programming languages for import.
- Operation ID:
get_supported_languages_api_v1_import_languages_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->SupportedLanguagesResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/import/start¶
- Summary: Start project import
- Description: Start asynchronous import of a new codebase.
- Operation ID:
start_import_api_v1_import_start_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->ImportProjectRequestAPI(required)- Responses:
200: Successful Response;application/json->ImportJobResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/import/status/{job_id}¶
- Summary: Get import status
- Description: Get current status of an import job.
- Operation ID:
get_import_status_api_v1_import_status__job_id__get - Parameters:
job_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectImportStatus422: Validation Error;application/json->HTTPValidationError
Tag: Projects¶
GET /api/v1/projects¶
- Summary: List Projects
- Description: List projects accessible by the current user. If group_id is specified, list projects in that group only. Otherwise, list all projects from accessible groups.
- Operation ID:
list_projects_api_v1_projects_get - Parameters:
group_idinquery(object, optional)limitinquery(integer, optional)offsetinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectListResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/projects¶
- Summary: Create Project
- Description: Create a new project in a group. Requires editor or admin access to the group.
- Operation ID:
create_project_api_v1_projects_post - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->ProjectCreate(required)- Responses:
201: Successful Response;application/json->ProjectResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/projects/active/current¶
- Summary: Get Active Project
- Description: Get the currently effective project for the caller. Returns the resolved project after workspace, user preference, group default, and access checks. Returns
403for denied resolution and409for ambiguous resolution. - Operation ID:
get_active_project_api_v1_projects_active_current_get - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/projects/{project_id}¶
- Summary: Get Project
- Description: Get project by ID.
- Operation ID:
get_project_api_v1_projects__project_id__get - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectResponse422: Validation Error;application/json->HTTPValidationError
PUT /api/v1/projects/{project_id}¶
- Summary: Update Project
- Description: Update a project. Requires editor or admin access to the group.
- Operation ID:
update_project_api_v1_projects__project_id__put - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
application/json->ProjectUpdate(required)- Responses:
200: Successful Response;application/json->ProjectResponse422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/projects/{project_id}¶
- Summary: Delete Project
- Description: Delete a project. Requires admin access to the group. Args: delete_collections: Also delete OpenViking vector collections.
- Operation ID:
delete_project_api_v1_projects__project_id__delete - Parameters:
project_idinpath(string, required)delete_collectionsinquery(boolean, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
POST /api/v1/projects/{project_id}/activate¶
- Summary: Activate Project
- Description: Set a project as active in its group. This deactivates other projects in the same group.
- Operation ID:
activate_project_api_v1_projects__project_id__activate_post - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->ProjectResponse422: Validation Error;application/json->HTTPValidationError
Tag: Admin Runtime Release Gate¶
POST /api/v1/admin/runtime/release-gate/check¶
- Summary: Run Gate Check
- Description: Run release gate checks for the active project.
- Operation ID:
run_gate_check_api_v1_admin_runtime_release_gate_check_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ReleaseCheckRequest(required)- Responses:
200: Successful Response;application/json->GateDecisionResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/release-gate/history¶
- Summary: Get History
- Description: Get gate decision history for the active project.
- Operation ID:
get_history_api_v1_admin_runtime_release_gate_history_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
limitinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/release-gate/profiles¶
- Summary: List Profiles
- Description: List available gate profiles.
- Operation ID:
list_profiles_api_v1_admin_runtime_release_gate_profiles_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
POST /api/v1/admin/runtime/release-gate/suppress¶
- Summary: Create Suppression
- Description: Create a finding suppression (accept risk).
- Operation ID:
create_suppression_api_v1_admin_runtime_release_gate_suppress_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->SuppressionRequest(required)- Responses:
200: Successful Response;application/json->SuppressionResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/admin/runtime/release-gate/suppressions¶
- Summary: List Suppressions
- Description: List active suppressions for the active project.
- Operation ID:
list_suppressions_api_v1_admin_runtime_release_gate_suppressions_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
DELETE /api/v1/admin/runtime/release-gate/suppressions/{finding_id}¶
- Summary: Delete Suppression
- Description: Remove a finding suppression.
- Operation ID:
delete_suppression_api_v1_admin_runtime_release_gate_suppressions__finding_id__delete - Security:
HTTPBearer,APIKeyHeader - Parameters:
finding_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
204: Successful Response422: Validation Error;application/json->HTTPValidationError
Tag: Risk Indicators¶
GET /api/v1/security/risk/{project_id}/alerts¶
- Summary: Get Risk Alerts
- Description: Get recent risk alerts.
- Operation ID:
get_risk_alerts_api_v1_risk__project_id__alerts_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)lastinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/risk/{project_id}/assess¶
- Summary: Trigger Risk Assessment
- Description: Trigger a full risk assessment calculation.
- Operation ID:
trigger_risk_assessment_api_v1_risk__project_id__assess_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RiskAssessmentReportResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/assessment¶
- Summary: Get Risk Assessment
- Description: Get full risk assessment report (SVR x STP).
- Operation ID:
get_risk_assessment_api_v1_risk__project_id__assessment_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RiskAssessmentReportResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/assessment/matrix¶
- Summary: Get Risk Assessment Matrix
- Description: Get risk matrix (5x5 SVR x STP).
- Operation ID:
get_risk_assessment_matrix_api_v1_risk__project_id__assessment_matrix_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/assessment/register¶
- Summary: Get Risk Assessment Register
- Description: Get risk register sorted by risk score.
- Operation ID:
get_risk_assessment_register_api_v1_risk__project_id__assessment_register_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)topinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/assessment/{finding_id}¶
- Summary: Get Risk Assessment Detail
- Description: Get risk detail for a specific finding.
- Operation ID:
get_risk_assessment_detail_api_v1_risk__project_id__assessment__finding_id__get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)finding_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RiskEntryResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/risk/{project_id}/calculate¶
- Summary: Trigger Risk Calculation
- Description: Trigger a full risk recalculation.
- Operation ID:
trigger_risk_calculation_api_v1_risk__project_id__calculate_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RiskDashboardResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/checklist¶
- Summary: Get Checklist
- Description: Get self-assessment checklist.
- Operation ID:
get_checklist_api_v1_risk__project_id__checklist_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)levelinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/dashboard¶
- Summary: Get Risk Dashboard
- Description: Get full risk dashboard: KIR + KPUR + alerts.
- Operation ID:
get_risk_dashboard_api_v1_risk__project_id__dashboard_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->RiskDashboardResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/events¶
- Summary: Get Risk Events
- Description: Get classified risk events.
- Operation ID:
get_risk_events_api_v1_risk__project_id__events_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)limitinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/risk/{project_id}/events/classify¶
- Summary: Classify Events
- Description: Batch classify all findings into risk events.
- Operation ID:
classify_events_api_v1_risk__project_id__events_classify_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/events/summary¶
- Summary: Get Events Summary
- Description: Get risk events summary by 4 dimensions.
- Operation ID:
get_events_summary_api_v1_risk__project_id__events_summary_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/kir¶
- Summary: Get Kir Values
- Description: Calculate and return current KIR values.
- Operation ID:
get_kir_values_api_v1_risk__project_id__kir_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/kir/{kir_id}/trend¶
- Summary: Get Kir Trend
- Description: Get KIR value history (trend).
- Operation ID:
get_kir_trend_api_v1_risk__project_id__kir__kir_id__trend_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)kir_idinpath(string, required)lastinquery(integer, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/kpur¶
- Summary: Get Kpur Results
- Description: Calculate and return KPUR results by 3 groups.
- Operation ID:
get_kpur_results_api_v1_risk__project_id__kpur_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->array422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/risk/{project_id}/threat-model-57580¶
- Summary: Get Threat Model 57580
- Description: Generate GOST R 57580.3 threat model.
- Operation ID:
get_threat_model_57580_api_v1_risk__project_id__threat_model_57580_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
project_idinpath(string, required)formatinquery(string, optional)languageinquery(string, optional)authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
Tag: Security¶
POST /api/v1/security/autofix¶
- Summary: Generate security autofix suggestions
- Description: Generates automated fix suggestions for security vulnerabilities found via taint analysis. Returns diffs without applying them (read-only).
- Operation ID:
generate_autofix_api_v1_security_autofix_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->AutofixRequest(required)- Responses:
200: Successful Response;application/json->AutofixResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/classify¶
- Summary: Classify finding as TP/FP
- Description: Use CPG context and taint verification to classify a security finding.
- Operation ID:
classify_finding_api_v1_security_classify_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->FPClassifyRequest(required)- Responses:
200: Successful Response;application/json->FPClassifyResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/scan-diff¶
- Summary: Scan diff for security issues
- Description: Scan a raw diff for security vulnerabilities without git subprocess.
- Operation ID:
scan_diff_api_v1_security_scan_diff_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ScanDiffRequest(required)- Responses:
200: Successful Response;application/json->ScanDiffResponse422: Validation Error;application/json->HTTPValidationError
Tag: Threat Model¶
GET /api/v1/security/threat-model/dfd¶
- Summary: Generate Data Flow Diagram
- Description: Extract DFD from CPG and return as Mermaid or JSON.
- Operation ID:
get_dfd_api_v1_security_threat_model_dfd_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
formatinquery(string, optional) - Output format: mermaid|jsonauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->DFDResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/threat-model/export¶
- Summary: Export threat model in specified format
- Description: Generate and export threat model as Markdown, GOST, SARIF, or JSON string.
- Operation ID:
export_threat_model_api_v1_security_threat_model_export_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ThreatModelGenerateRequest(required)- Responses:
200: Successful Response;application/json->ThreatModelExportResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/threat-model/generate¶
- Summary: Generate STRIDE threat model
- Description: Generates a complete STRIDE threat model from the project CPG. Includes DFD extraction, trust boundary detection, threat classification, and mitigation recommendations.
- Operation ID:
generate_threat_model_api_v1_security_threat_model_generate_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->ThreatModelGenerateRequest(required)- Responses:
200: Successful Response;application/json->ThreatModelResponse422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/threat-model/mitigations¶
- Summary: List STRIDE mitigation recommendations
- Description: Returns standard mitigations for each STRIDE category and CWE-specific recommendations.
- Operation ID:
list_mitigations_api_v1_security_threat_model_mitigations_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
categoryinquery(object, optional) - STRIDE category filterauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/threat-model/stride-mapping¶
- Summary: CWE to STRIDE category mapping
- Description: Returns the mapping of CWE IDs to STRIDE threat categories.
- Operation ID:
get_stride_mapping_api_v1_security_threat_model_stride_mapping_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
GET /api/v1/security/threat-model/threats¶
- Summary: List threats
- Description: List threats from the generated threat model with optional filters.
- Operation ID:
list_threats_api_v1_security_threat_model_threats_get - Security:
HTTPBearer,APIKeyHeader - Parameters:
severityinquery(object, optional) - Filter by severitycategoryinquery(object, optional) - Filter by STRIDE categorylanguageinquery(string, optional) - Output languageauthorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
- None
- Responses:
200: Successful Response;application/json->object422: Validation Error;application/json->HTTPValidationError
POST /api/v1/security/threat-model/update¶
- Summary: Incremental threat model update
- Description: Compare new threat model against a previous version and compute delta.
- Operation ID:
update_threat_model_api_v1_security_threat_model_update_post - Security:
HTTPBearer,APIKeyHeader - Parameters:
authorizationinheader(object, optional)X-API-Keyinheader(object, optional)X-Project-Idinheader(object, optional)- Request Body:
application/json->IncrementalUpdateRequest(required)- Responses:
200: Successful Response;application/json->src__api__routers__threat_model__DeltaResponse422: Validation Error;application/json->HTTPValidationError
Tag: Webhooks¶
POST /api/v1/admin/runtime/webhooks/github¶
- Summary: GitHub webhook receiver
- Description: Receives push and PR events from GitHub.
- Operation ID:
receive_github_webhook_api_v1_webhooks_github_post - Parameters:
- None
- Request Body:
- None
- Responses:
202: Successful Response;application/json->WebhookResponse
POST /api/v1/admin/runtime/webhooks/gitlab¶
- Summary: GitLab webhook receiver
- Description: Receives push and MR events from GitLab.
- Operation ID:
receive_gitlab_webhook_api_v1_webhooks_gitlab_post - Parameters:
- None
- Request Body:
- None
- Responses:
202: Successful Response;application/json->WebhookResponse
POST /api/v1/webhooks/gitverse¶
- Summary: GitVerse webhook receiver
- Description: Receives push and PR events from GitVerse (GitHub-compatible format).
- Operation ID:
receive_gitverse_webhook_api_v1_webhooks_gitverse_post - Parameters:
- None
- Request Body:
- None
- Responses:
202: Successful Response;application/json->WebhookResponse
POST /api/v1/admin/runtime/webhooks/local¶
- Summary: Local incremental CPG update
- Description: Triggered by IDE plugins (OpenCode) after git commit for incremental CPG update.
- Operation ID:
receive_local_webhook_api_v1_webhooks_local_post - Parameters:
- None
- Request Body:
application/json->LocalWebhookRequest(required)- Responses:
202: Successful Response;application/json->WebhookResponse422: Validation Error;application/json->HTTPValidationError
POST /api/v1/webhooks/sourcecraft¶
- Summary: SourceCraft webhook receiver
- Description: Receives push and MR events from SourceCraft.
- Operation ID:
receive_sourcecraft_webhook_api_v1_webhooks_sourcecraft_post - Parameters:
- None
- Request Body:
- None
- Responses:
202: Successful Response;application/json->WebhookResponse
GET /api/v1/admin/runtime/webhooks/status/{project_id}¶
- Summary: Get CPG update status
- Description: Returns the latest CPG update pipeline status for a project.
- Operation ID:
get_webhook_status_api_v1_webhooks_status__project_id__get - Parameters:
project_idinpath(string, required)- Request Body:
- None
- Responses:
200: Successful Response;application/json->UpdateStatusResponse422: Validation Error;application/json->HTTPValidationError