{ "openapi": "3.1.0", "info": { "title": "Veriva Public API", "version": "1.0.0", "description": "Public REST surface consumed by the Veriva CLI, GitHub Action, VS Code extension, and customer Webhook hooks. Internal tRPC procedures used by the webapp are not part of this contract.\n\nAuthentication: every request must include an `X-Veriva-Api-Key` header. Generate keys at /dashboard/settings/api-keys. Keys are scoped per-org and inherit OWNER/ADMIN/MEMBER role.", "contact": { "name": "Veriva Support", "email": "support@veriva.dev", "url": "https://veriva.dev/dashboard/help" }, "license": { "name": "Proprietary" } }, "servers": [ { "url": "https://api.veriva.dev/v1", "description": "Production" }, { "url": "https://api.staging.veriva.dev/v1", "description": "Staging" } ], "security": [{ "ApiKeyAuth": [] }], "tags": [ { "name": "Analysis", "description": "Run the 10-stage governance pipeline against a diff" }, { "name": "Pull Requests", "description": "Read PR analysis results and findings" }, { "name": "Repositories", "description": "List enabled repositories" }, { "name": "Agents", "description": "Register and list AI agent identities" }, { "name": "Webhooks", "description": "Format reference for inbound customer Webhook hooks" } ], "paths": { "/analyze": { "post": { "tags": ["Analysis"], "summary": "Analyze a diff", "description": "Run the full 10-stage pipeline on a unified diff. Synchronous for diffs under 200kb; async (returns `pipelineRunId` to poll) above. Counts against the org's monthly PR budget.", "operationId": "analyzeDiff", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AnalyzeRequest" } } } }, "responses": { "200": { "description": "Pipeline finished synchronously", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PipelineResult" } } } }, "202": { "description": "Pipeline running asynchronously", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PipelineRunHandle" } } } }, "402": { "$ref": "#/components/responses/QuotaExceeded" }, "401": { "$ref": "#/components/responses/Unauthorized" }, "429": { "$ref": "#/components/responses/RateLimited" } } } }, "/runs/{runId}": { "get": { "tags": ["Analysis"], "summary": "Get pipeline run status", "operationId": "getPipelineRun", "parameters": [{ "$ref": "#/components/parameters/RunId" }], "responses": { "200": { "description": "Run state + findings if complete", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PipelineResult" } } } }, "404": { "$ref": "#/components/responses/NotFound" } } } }, "/pull-requests": { "get": { "tags": ["Pull Requests"], "summary": "List analyzed pull requests", "operationId": "listPullRequests", "parameters": [ { "$ref": "#/components/parameters/RepoId" }, { "$ref": "#/components/parameters/Cursor" }, { "$ref": "#/components/parameters/Limit" } ], "responses": { "200": { "description": "Page of pull requests", "content": { "application/json": { "schema": { "type": "object", "required": ["data"], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/PullRequestSummary" } }, "nextCursor": { "type": ["string", "null"] } } } } } } } } }, "/pull-requests/{prId}/findings": { "get": { "tags": ["Pull Requests"], "summary": "List findings for a PR", "operationId": "listFindings", "parameters": [{ "$ref": "#/components/parameters/PrId" }], "responses": { "200": { "description": "All findings for the PR including provenance", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Finding" } } } } }, "404": { "$ref": "#/components/responses/NotFound" } } } }, "/repos": { "get": { "tags": ["Repositories"], "summary": "List repositories enabled for the org", "operationId": "listRepos", "responses": { "200": { "description": "Enabled repos", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Repo" } } } } } } } }, "/agents": { "get": { "tags": ["Agents"], "summary": "List agent identities", "operationId": "listAgents", "responses": { "200": { "description": "All registered agents for the org", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/AgentIdentity" } } } } } } }, "post": { "tags": ["Agents"], "summary": "Register an agent identity", "operationId": "registerAgent", "requestBody": { "required": true, "content": { "application/json": { "schema": { "type": "object", "required": ["agentType", "label"], "properties": { "agentType": { "$ref": "#/components/schemas/AgentType" }, "label": { "type": "string", "maxLength": 64 } } } } } }, "responses": { "201": { "description": "Created (token returned only this once)", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/AgentIdentity" }, { "type": "object", "properties": { "token": { "type": "string" } } } ] } } } } } } }, "/webhooks/hook-callback": { "post": { "tags": ["Webhooks"], "summary": "Reference: inbound payload for customer Webhook hooks", "description": "When you register a Webhook hook in Veriva, we POST this payload to your URL during the AI REVIEW stage. Respond within 5s with a `findings[]` array. Requests are signed with HMAC-SHA256 in the `X-Veriva-Signature` header using your hook secret.", "operationId": "webhookHookReference", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookHookPayload" } } } }, "responses": { "200": { "description": "Findings to merge into the pipeline output", "content": { "application/json": { "schema": { "type": "object", "properties": { "findings": { "type": "array", "items": { "$ref": "#/components/schemas/Finding" } } } } } } } } } } }, "components": { "securitySchemes": { "ApiKeyAuth": { "type": "apiKey", "in": "header", "name": "X-Veriva-Api-Key" } }, "parameters": { "RunId": { "name": "runId", "in": "path", "required": true, "schema": { "type": "string" } }, "PrId": { "name": "prId", "in": "path", "required": true, "schema": { "type": "string" } }, "RepoId": { "name": "repoId", "in": "query", "required": false, "schema": { "type": "string" } }, "Cursor": { "name": "cursor", "in": "query", "required": false, "schema": { "type": "string" } }, "Limit": { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "minimum": 1, "maximum": 100, "default": 20 } } }, "responses": { "Unauthorized": { "description": "Missing or invalid API key", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "NotFound": { "description": "Resource not found or not visible to this API key's org", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "RateLimited": { "description": "Per-org rate limit exceeded; back off and retry", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "QuotaExceeded": { "description": "Plan PR/cost ceiling reached for this billing period", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "schemas": { "Error": { "type": "object", "required": ["error"], "properties": { "error": { "type": "string" }, "code": { "type": "string" }, "details": { "type": "object", "additionalProperties": true } } }, "AnalyzeRequest": { "type": "object", "required": ["diff"], "properties": { "diff": { "type": "string", "description": "Unified diff. Counts against the per-PR cost ceiling." }, "repoFullName": { "type": "string", "example": "neocharge/firmware", "description": "If provided and matches an enabled repo, ENRICH stage uses that repo's profile + merge policy." }, "headSha": { "type": "string" }, "baseSha": { "type": "string" }, "prTitle": { "type": "string" }, "prBody": { "type": "string" }, "agentToken": { "type": "string", "description": "Optional AgentIdentity token. Resolves the run to a specific agent for trust-score updates." } } }, "PipelineRunHandle": { "type": "object", "required": ["pipelineRunId", "status"], "properties": { "pipelineRunId": { "type": "string" }, "status": { "type": "string", "enum": ["queued", "running"] }, "pollUrl": { "type": "string", "format": "uri" } } }, "PipelineResult": { "type": "object", "required": ["pipelineRunId", "status", "stages"], "properties": { "pipelineRunId": { "type": "string" }, "status": { "type": "string", "enum": ["queued", "running", "completed", "failed", "cancelled"] }, "mergeGate": { "type": "string", "enum": ["success", "neutral", "failure"], "description": "Final check-run conclusion. Maps to GitHub status checks." }, "stages": { "type": "array", "items": { "type": "object", "required": ["name", "status"], "properties": { "name": { "type": "string", "enum": [ "SANITIZE", "PRE_INGEST", "ENRICH", "STATIC", "AI_REVIEW", "CROSS_CHECK", "DEEP_AUDIT", "AUTO_FIX", "MERGE_GATE", "EXPLAIN", "OUTCOME" ] }, "status": { "type": "string", "enum": ["skipped", "running", "completed", "failed"] }, "durationMs": { "type": "integer" } } } }, "findings": { "type": "array", "items": { "$ref": "#/components/schemas/Finding" } }, "costCents": { "type": "integer" }, "latencyMs": { "type": "integer" } } }, "Finding": { "type": "object", "required": ["id", "severity", "title", "stage"], "properties": { "id": { "type": "string" }, "ruleId": { "type": "string", "nullable": true }, "severity": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"] }, "category": { "type": "string", "enum": [ "SECURITY", "QUALITY", "AI_PATTERN", "DEPENDENCY", "POLICY", "OTHER" ] }, "title": { "type": "string" }, "description": { "type": "string" }, "filePath": { "type": "string", "nullable": true }, "startLine": { "type": "integer", "nullable": true }, "endLine": { "type": "integer", "nullable": true }, "stage": { "type": "string", "enum": ["STATIC", "AI_REVIEW", "CROSS_CHECK", "DEEP_AUDIT", "HOOK"] }, "provenance": { "type": "object", "description": "Per-finding provenance object (Track 3.10). Fields populated depend on which stage produced the finding.", "properties": { "promptVersionId": { "type": "string" }, "aiCallLogId": { "type": "string" }, "evidence": { "type": "string" } } } } }, "PullRequestSummary": { "type": "object", "required": ["id", "number", "title", "status"], "properties": { "id": { "type": "string" }, "repoFullName": { "type": "string" }, "number": { "type": "integer" }, "title": { "type": "string" }, "author": { "type": "string" }, "status": { "type": "string", "enum": ["OPEN", "CLOSED", "MERGED", "ANALYZING"] }, "mergeGate": { "type": "string", "enum": ["success", "neutral", "failure"], "nullable": true }, "criticalFindings": { "type": "integer" }, "createdAt": { "type": "string", "format": "date-time" } } }, "Repo": { "type": "object", "required": ["id", "fullName", "enabled"], "properties": { "id": { "type": "string" }, "fullName": { "type": "string", "example": "neocharge/firmware" }, "enabled": { "type": "boolean" }, "policyMode": { "type": "string", "enum": ["ADVISORY", "WARN", "STANDARD", "STRICT", "LOCKED"] } } }, "AgentType": { "type": "string", "enum": [ "HUMAN", "CLAUDE_CODE", "CURSOR", "COPILOT", "WINDSURF", "DEVIN", "OTHER" ] }, "AgentIdentity": { "type": "object", "required": ["id", "agentType", "label", "trustScore"], "properties": { "id": { "type": "string" }, "agentType": { "$ref": "#/components/schemas/AgentType" }, "label": { "type": "string" }, "trustScore": { "type": "number", "minimum": 0, "maximum": 100 }, "prsTotal": { "type": "integer" }, "prsClean": { "type": "integer" }, "prsReverted": { "type": "integer" }, "lastSeenAt": { "type": "string", "format": "date-time", "nullable": true } } }, "WebhookHookPayload": { "type": "object", "required": ["event", "pipelineRunId", "pr"], "properties": { "event": { "type": "string", "enum": ["pr.analyze"] }, "pipelineRunId": { "type": "string" }, "deliveryId": { "type": "string", "description": "Unique per delivery; use to dedupe." }, "pr": { "type": "object", "required": ["repoFullName", "number", "headSha"], "properties": { "repoFullName": { "type": "string" }, "number": { "type": "integer" }, "title": { "type": "string" }, "author": { "type": "string" }, "headSha": { "type": "string" }, "baseSha": { "type": "string" }, "diff": { "type": "string" } } } } } } } }