Skip to main content

Scan

POST /scan

Run 5-layer static compliance analysis. Request body: 
{
  "path": ".",
  "saasToken": "optional-token",
  "saasUrl": "https://app.complior.ai"
}
FieldTypeRequiredDescription
pathstringYesProject directory path
saasTokenstringNoSaaS sync token (auto-push results)
saasUrlstringNoSaaS instance URL
Response: ScanResult 
{
  "score": { "compliance": 72, "security": null },
  "frameworks": {
    "eu-ai-act": { "score": 72, "grade": "C" }
  },
  "findings": [...],
  "agents": [...],
  "layers": { "L1": "PASS", "L2": "WARN", "L3": "PASS", "L4": "WARN" },
  "elapsed": 2100,
  "regulationVersion": "1.0.0"
}

POST /scan/deep

L5 LLM-powered deep analysis for findings in the uncertain zone (50–80% confidence). Requires BYOK API key in .complior/.env. Request body: Same as POST /scan

POST /scan/diff

Compare compliance state against changed files. Useful for PR reviews. Request body: 
{
  "path": ".",
  "changedFiles": ["src/agent.ts", "package.json"],
  "markdown": true
}
Response: ScanDiffResult with added, removed, changed findings and score delta.

POST /scan/tier2

Run external tools (Semgrep, Bandit, ModelScan, detect-secrets) via uv. Requires uv installed. Request body: Same as POST /scan

GET /sbom

Generate Software Bill of Materials (CycloneDX 1.5 JSON). Query params: path (project directory) 
curl "http://localhost:3578/sbom?path=."

Eval

POST /eval/run

Run dynamic evaluation against a live endpoint. Blocking — returns full result. Request body: 
{
  "target": "http://localhost:8080/api/chat",
  "det": true,
  "llm": false,
  "security": true,
  "agent": "my-chatbot",
  "categories": ["bias", "transparency", "security"],
  "concurrency": 5,
  "requestTemplate": { "messages": [{ "role": "user", "content": "{{prompt}}" }] },
  "responsePath": "choices.0.message.content"
}
FieldTypeRequiredDescription
targetstringYesEndpoint URL to test
detbooleanNoDeterministic probes only (no LLM judge)
llmbooleanNoInclude LLM-judged probes
securitybooleanNoInclude security attack probes
agentstringNoFilter by agent name
categoriesstring[]NoProbe categories to run
concurrencynumberNoParallel probe count (default: 5)
requestTemplateobjectNoCustom request format
responsePathstringNoDot-path to extract response text
Response: EvalResult

POST /eval/run/stream

Same as /eval/run but returns SSE stream with per-probe progress updates.

GET /eval/last

Get the most recent eval result.

GET /eval/findings

Convert eval failures into scanner-compatible findings for unified reporting.

GET /eval/remediation

Get remediation plan for specific test failures. Query params: testIds (comma-separated test IDs)