Skip to main content

Scan

POST /scan

Run 5-layer static compliance analysis. Request body:
Response: ScanResult

POST /scan/deep

L5 LLM-powered deep analysis for findings in the uncertain zone (50–80% confidence). Requires BYOK API key in .complior/.env. Request body: Same as POST /scan

POST /scan/diff

Compare compliance state against changed files. Useful for PR reviews. Request body:
Response: ScanDiffResult with added, removed, changed findings and score delta.

POST /scan/tier2

Run external tools (Semgrep, Bandit, ModelScan, detect-secrets) via uv. Requires uv installed. Request body: Same as POST /scan

GET /sbom

Generate Software Bill of Materials (CycloneDX 1.5 JSON). Query params: path (project directory)

Eval

POST /eval/run

Run dynamic evaluation against a live endpoint. Blocking — returns full result. Request body:
Response: EvalResult

POST /eval/run/stream

Same as /eval/run but returns SSE stream with per-probe progress updates.

GET /eval/last

Get the most recent eval result.

GET /eval/findings

Convert eval failures into scanner-compatible findings for unified reporting.

GET /eval/remediation

Get remediation plan for specific test failures. Query params: testIds (comma-separated test IDs)