Endpoints

High-level catalog. See OpenAPI spec for complete details.

Auth & users

• GET /auth/{provider} — start OAuth
• POST /auth/{provider}/exchange — complete OAuth
• POST /auth/refresh — rotate tokens
• POST /auth/logout — invalidate session
• GET /auth/me — current user profile

Devices & scans

• GET /devices — list org devices
• POST /devices — register new device
• DELETE /devices/{id} — deactivate device
• POST /scans/ingest — agent submits scan results
• GET /scans — list scan history

Vulnerabilities & risks

• GET /vulnerabilities — CVE-level list with filters
• GET /rice/recommendations — RICE-scored actions
• GET /risk-matrix — 5×5 matrix data
• GET /threat-model — STRIDE + ATT&CK
• GET /risk-dashboard — unified risk score + threats

Compliance

• GET /compliance/frameworks — list frameworks
• GET /compliance/frameworks/{slug}/assessment — framework assessment
• POST /compliance/frameworks/{slug}/controls/{id}/attest — manual attestation

AI features

• GET /organizations/recommendations — cached AI recs
• POST /organizations/recommendations/refresh — regenerate
• GET /organizations/maturity — maturity assessment
• GET /rice/recommendations — data-driven (no LLM)
• GET /roadmap, /budget, /workforce — planning views
• GET /jd — AI-generated job description

Cloud security

• GET /cloud-security/gws — Google Workspace audit
• GET /cloud-security/m365 — Microsoft 365 audit

Reports

• GET /reports/summary — executive summary
• GET /reports/export/pdf — PDF report