Skip to main content

Status & Events

GET /status

Get engine status.
Response:

GET /events

Subscribe to Server-Sent Events stream.
Event types: scan.complete, score.update, gate.pass, gate.fail, fix.applied, agent.created, evidence.appended.

Onboarding

GET /onboarding/status

Check if project has been onboarded.

POST /onboarding/detect

Auto-detect project information (frameworks, languages, AI systems).

GET /onboarding/questions

Get onboarding question blocks for interactive setup.

POST /onboarding/complete

Submit onboarding answers to generate profile.

POST /onboarding/guided/start

Start guided onboarding wizard (8 steps).

GET /onboarding/guided/status

Get current guided onboarding progress.

POST /onboarding/guided/step/:n

Execute step N of guided onboarding.

Badges & Reports

GET /badge

Get compliance badge as SVG image.

POST /badge/generate

Generate badge SVG + COMPLIANCE.md file.

POST /report/pdf

Generate PDF compliance report.

POST /report/markdown

Generate markdown compliance report.

Sharing

POST /share

Create a shareable compliance result.
Response:

GET /share/:id

Get a shared result by ID.

GET /shares

List all shared results.

SaaS Sync

POST /sync/passport

Push all passports to SaaS dashboard.

POST /sync/scan

Push scan results to SaaS.

POST /sync/documents

Push compliance documents to SaaS.

POST /sync/evidence

Push evidence chain to SaaS.

GET /sync/status

Check SaaS sync status and authentication. All sync endpoints require token and saasUrl in the request body.

Frameworks & Scoring

GET /frameworks

List available compliance frameworks.

GET /frameworks/scores

Get scores for all selected frameworks (EU AI Act, AIUC-1, ISO 42001, etc.).

GET /debt

Get compliance debt score with optional trend data.

GET /cost-estimate

Estimate remediation cost in hours and euros.

Jurisdictions

GET /jurisdictions

List 30 EU/EEA jurisdictions with local authorities.

GET /jurisdictions/:code

Get jurisdiction details (authority name, contact, language).

Tools

GET /tools/status

Check status of external tools (uv, Semgrep, Bandit, detect-secrets).

POST /tools/update

Install or update external analysis tools.

What-If & Simulation

POST /whatif

Analyze hypothetical scenario.
Types: jurisdiction, tool, risk_level.

POST /simulate

Batch compliance simulation — predict score impact of multiple actions.