API ReferenceStable v1
API Overview
Endpoint map, request/response shape, and product-level integration entry points.
Last updated Mar 4, 2026
Base URL and Versioning
Base path:
/v1
All operations are tenant-scoped and return versioned framework outputs.
Include Authorization and X-Tenant-Id in all write operations.
Endpoint Reference
/v1/assets/scoreBearer + X-Tenant-IdScore a discovered asset for registry classification.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
asset_id | string | yes | Stable asset identifier. |
owner | string | yes | Owning team or service owner. |
access_scope | string[] | yes | Integration permissions and reachable systems. |
attestations | object[] | no | Available controls and verification artifacts. |
Example response
{
"framework": "provenance",
"version": "v0",
"entity_id": "asset_123",
"score": 74.2,
"confidence": 0.86,
"risk_band": "moderate",
"source": "inventory_import"
}
/v1/agents/scoreBearer + X-Tenant-IdScore an autonomous agent for trust and governance posture.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
agent_id | string | yes | Stable agent identifier. |
principal_id | string | yes | Delegating human or system principal. |
policy_context | object | yes | Constraints, objectives, and risk limits. |
telemetry_refs | string[] | no | Event pointers used for confidence overlays. |
Example response
{
"framework": "mandate",
"version": "v0",
"entity_id": "agent_42",
"score": 61.4,
"confidence": 0.81,
"risk_band": "moderate",
"source": "control_plane"
}
/v1/score/{framework}/{entity_id}Bearer + X-Tenant-IdFetch the latest score snapshot for a framework/entity pair.
Path params
| Param | Type | Description |
|---|---|---|
framework | string | provenance, mandate, meridian, fidelity, or drift. |
entity_id | string | Asset, agent, contract, or obligation identifier. |
Example response
{
"framework": "drift",
"version": "v0",
"entity_id": "agent_42",
"score": 34.2,
"confidence": 0.9,
"risk_band": "high",
"source": "runtime_telemetry"
}
/v1/contracts/obligations/scoreBearer + X-Tenant-IdScore obligation fulfillment and breach risk using control and evidence signals.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
contract_id | string | yes | Parent contract identifier. |
obligation_id | string | yes | Obligation identifier within contract. |
control_id | string | yes | Control mapping for enforcement. |
evidence_events | object[] | yes | Events supporting compliance assessment. |
/v1/runtime/analyzeBearer + X-Tenant-IdAnalyze live runtime behavior for alignment and governance risk.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
agent_id | string | yes | Agent under observation. |
objective_context | object | yes | Principal intent and policy boundaries. |
events | object[] | yes | Runtime telemetry events for evaluation. |
interventions | object[] | no | Human intervention metadata. |
Eventing
Score and threshold changes are delivered by signed webhooks:
score.updatedthreshold.crossedruntime.risk.elevated