API Reference - Complior

The Complior engine runs as a background daemon and exposes an HTTP API on localhost:3578. All tools (CLI, TUI, MCP server) communicate with the engine through this API.

The API is local-only by default. No authentication required. The daemon binds to 127.0.0.1 and is not accessible from the network.

Base URL

http://localhost:3578

Override with --port when starting the daemon:

complior daemon start --port 4000

Response format

All endpoints return JSON. Errors follow a consistent format:

{
  "error": "Not found",
  "status": 404,
  "details": "No scan results available. Run `complior scan` first."
}

Endpoint groups

Scan & Eval

Static analysis, deep scan, diff, SBOM generation, and dynamic evaluation with 680 probes.

Fix & Remediation

Preview, apply, undo fixes. Batch operations with validation.

Agent & Passport

Passport CRUD, FRIA generation, evidence chain, export, audit trail, and document generation.

System

Engine status, SSE events, file operations, onboarding, badges, sharing, and sync.

SSE streaming

Some endpoints return Server-Sent Events for real-time progress:

Endpoint	Description
`GET /events`	Global event stream (scan results, score updates, gate events)
`POST /eval/run/stream`	Eval progress with per-probe updates
`POST /chat`	LLM chat responses streamed token-by-token

Quick examples

Scan
Fix preview
List passports
Engine status

curl -X POST http://localhost:3578/scan \
  -H "Content-Type: application/json" \
  -d '{"path": "."}'

curl http://localhost:3578/fix/preview

curl "http://localhost:3578/agent/list?path=."

curl http://localhost:3578/status

Overview

Scan & Eval

Fix & Remediation

Agent & Passport

System

​Base URL

​Response format

​Endpoint groups

Scan & Eval

Fix & Remediation

Agent & Passport

System

​SSE streaming

​Quick examples

Base URL

Response format

Endpoint groups

SSE streaming

Quick examples