Skip to main content
The Complior engine runs as a background daemon and exposes an HTTP API on localhost:3578. All tools (CLI, TUI, MCP server) communicate with the engine through this API.
The API is local-only by default. No authentication required. The daemon binds to 127.0.0.1 and is not accessible from the network.

Base URL

Override with --port when starting the daemon:

Response format

All endpoints return JSON. Errors follow a consistent format:

Endpoint groups

Scan & Eval

Static analysis, deep scan, diff, SBOM generation, and dynamic evaluation with 680 probes.

Fix & Remediation

Preview, apply, undo fixes. Batch operations with validation.

Agent & Passport

Passport CRUD, FRIA generation, evidence chain, export, audit trail, and document generation.

System

Engine status, SSE events, file operations, onboarding, badges, sharing, and sync.

SSE streaming

Some endpoints return Server-Sent Events for real-time progress:

Quick examples