{"openapi":"3.1.0","info":{"title":"Vouch API","description":"\nThe Vouch Security API — programmatic access to Vouch's full scan pipeline\n(static scanners + AI Hunter + RAG + Validator).\n\n## Authentication\nAll scan endpoints require an `X-API-Key: vouch_...` header.\nGenerate a key in the Vouch dashboard or via `POST /developer/generate-key`\n(Bearer token auth).\n\n## Rate limits\n- `POST /scan`: 10/minute\n- `POST /scan-repo`: 5/minute\n- `POST /scan-repo-url`: 5/minute\n\n## Async scans\n`/scan-repo` and `/scan-repo-url` are asynchronous: they return a `scan_id`\nimmediately. Get the result by either polling `GET /scans/{scan_id}` or by\nsetting `callback_url` in the request — Vouch then POSTs the result to your\nURL when done (HMAC-SHA256 signed via `X-Vouch-Signature` if `callback_secret`\nis provided).\n","version":"1.2.0"},"paths":{"/developer/generate-key":{"post":{"summary":"Generate User Api Key","description":"Accepts a Supabase JWT via Authorization header, validates it, and generates/returns a new long-lived Vouch API key.\nStores the user and key in the database.","operationId":"generate_user_api_key_developer_generate_key_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/link-github":{"post":{"summary":"Link Github Installation","description":"Manually link a GitHub installation to the authenticated user.\nUsed by the frontend 'Magic Flow' after redirect.","operationId":"link_github_installation_developer_link_github_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GithubLinkRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/developer/create-checkout-session":{"post":{"summary":"Create Checkout Session","description":"Creates a Stripe Checkout Session for upgrading a user's plan.","operationId":"create_checkout_session_developer_create_checkout_session_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CheckoutRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/developer/create-customer-portal":{"post":{"summary":"Create Customer Portal","description":"Creates a Stripe Billing Portal Session for the user to manage their subscription.","operationId":"create_customer_portal_developer_create_customer_portal_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/delete-account":{"post":{"summary":"Delete Account","description":"Deletes the user's account and all associated data.","operationId":"delete_account_developer_delete_account_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/webhook/stripe":{"post":{"summary":"Stripe Webhook","description":"Receives events from Stripe when a user pays and updates their plan to 'pro' or 'micro' in the database.","operationId":"stripe_webhook_webhook_stripe_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/me":{"get":{"summary":"Get Developer Profile","description":"Validates Supabase JWT and returns user's Vouch API key & stats.\nCalled by the dashboard on mount.","operationId":"get_developer_profile_developer_me_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DeveloperProfile"}}}}}}},"/developer/usage":{"get":{"summary":"Get Usage","description":"Returns structured usage data (Core Scans, Auto-Fixes, billing cycle) for the authenticated user.","operationId":"get_usage_developer_usage_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/integrations":{"get":{"summary":"Get Integrations","description":"Return the user's configured webhook URLs.","operationId":"get_integrations_developer_integrations_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}},"patch":{"summary":"Update Integrations","description":"Save or update webhook URLs (Slack, Discord, Generic).","operationId":"update_integrations_developer_integrations_patch","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/settings":{"patch":{"summary":"Update Developer Settings","description":"Update user settings like auto_fix_prs.","operationId":"update_developer_settings_developer_settings_patch","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/developer/ignore-finding":{"post":{"summary":"Ignore Finding Endpoint","operationId":"ignore_finding_endpoint_developer_ignore_finding_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/IgnoreFindingRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/":{"get":{"summary":"Read Root","operationId":"read_root__get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/StatusResponse"}}}}}}},"/waitlist":{"post":{"summary":"Join Waitlist","description":"Adds an email to the local waitlist table and syncs it to a Brevo contact list.\nGracefully degrades if BREVO_API_KEY / BREVO_LIST_ID are not configured.","operationId":"join_waitlist_waitlist_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/WaitlistResponse"}}}}}}},"/articles":{"get":{"summary":"List Articles","description":"Paginated list of published articles.","operationId":"list_articles_articles_get","parameters":[{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1,"title":"Page"}},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":20,"title":"Per Page"}},{"name":"tag","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Tag"}},{"name":"order","in":"query","required":false,"schema":{"type":"string","default":"desc","title":"Order"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/articles/search":{"get":{"summary":"Search Articles","description":"Full-text search over published articles using PostgreSQL tsvector.","operationId":"search_articles_articles_search_get","parameters":[{"name":"q","in":"query","required":true,"schema":{"type":"string","title":"Q"}},{"name":"page","in":"query","required":false,"schema":{"type":"integer","default":1,"title":"Page"}},{"name":"per_page","in":"query","required":false,"schema":{"type":"integer","default":20,"title":"Per Page"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/articles/sitemap-slugs":{"get":{"summary":"Articles Sitemap Slugs","description":"Lightweight endpoint returning all published slugs + dates for sitemap generation.","operationId":"articles_sitemap_slugs_articles_sitemap_slugs_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/articles/{slug}":{"get":{"summary":"Get Article","description":"Fetch a single published article by slug including full body_html.","operationId":"get_article_articles__slug__get","parameters":[{"name":"slug","in":"path","required":true,"schema":{"type":"string","title":"Slug"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/admin/articles":{"post":{"summary":"Create Article","description":"Create a new article.","operationId":"create_article_admin_articles_post","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"type":"string","title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/admin/articles/{article_id}":{"put":{"summary":"Update Article","description":"Update an existing article.","operationId":"update_article_admin_articles__article_id__put","parameters":[{"name":"article_id","in":"path","required":true,"schema":{"type":"integer","title":"Article Id"}},{"name":"authorization","in":"header","required":false,"schema":{"type":"string","title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"delete":{"summary":"Delete Article","description":"Delete an article permanently.","operationId":"delete_article_admin_articles__article_id__delete","parameters":[{"name":"article_id","in":"path","required":true,"schema":{"type":"integer","title":"Article Id"}},{"name":"authorization","in":"header","required":false,"schema":{"type":"string","title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/admin/articles/{article_id}/publish":{"patch":{"summary":"Toggle Publish","description":"Toggle the published state of an article.","operationId":"toggle_publish_admin_articles__article_id__publish_patch","parameters":[{"name":"article_id","in":"path","required":true,"schema":{"type":"integer","title":"Article Id"}},{"name":"authorization","in":"header","required":false,"schema":{"type":"string","title":"Authorization"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/sitemap.xml":{"get":{"summary":"Sitemap Index","description":"Sitemap index listing all child sitemaps.","operationId":"sitemap_index_sitemap_xml_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/sitemap-static.xml":{"get":{"summary":"Sitemap Static","description":"Sitemap for static marketing pages.","operationId":"sitemap_static_sitemap_static_xml_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/sitemap-{n}.xml":{"get":{"summary":"Sitemap Child","description":"Child sitemap for articles page n.","operationId":"sitemap_child_sitemap__n__xml_get","parameters":[{"name":"n","in":"path","required":true,"schema":{"type":"integer","title":"N"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scan":{"post":{"summary":"Scan Code","description":"Accepts a code snippet, runs Semgrep statically, and translates\nthe findings into actionable advice via the Gemini AI API.","operationId":"scan_code_scan_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/autofix":{"post":{"summary":"Apply Autofix","description":"Generates AI-powered code fixes for specific findings in a scan.\nDeducts 1 Auto-Fix credit per finding.\nUses Gemini to generate fixes on-demand, then caches them in the DB.","operationId":"apply_autofix_autofix_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AutofixRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scans/{scan_id}/create-pr":{"post":{"summary":"Create Pr From Scan","description":"Create a GitHub PR with all generated fixes for this scan. No additional credits charged.","operationId":"create_pr_from_scan_scans__scan_id__create_pr_post","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scan-repo":{"post":{"summary":"Scan Repo","description":"Accepts a ZIP file containing a repository. Returns immediately with a scan_id\nwhile the actual scan runs in the background. Poll GET /scans/{scan_id} for results.","operationId":"scan_repo_scan_repo_post","requestBody":{"content":{"multipart/form-data":{"schema":{"$ref":"#/components/schemas/Body_scan_repo_scan_repo_post"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanRepoAccepted"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scan-repo-url":{"post":{"tags":["Scanning"],"summary":"Scan a GitHub repository by URL","description":"Trigger a **full repository scan** by GitHub URL — same pipeline as POST /scan-repo:\nstatic scanners (Semgrep, Gitleaks, npm-audit, pip-audit) + Endpoint Index +\nAI Hunter + RAG knowledge base + AI Validator + Formatter.\n\nModal downloads the zipball directly so the API server never holds the ZIP in\nmemory. Returns immediately with a scan_id.\n\n**Authentication for the target repo (in priority order):**\n1. Explicit `github_token` field — recommended for private repos accessed via PAT\n2. Vouch GitHub App installation — if you've installed the Vouch app on the repo's\n   org/owner and your account is linked, an installation token is resolved automatically\n3. Unauthenticated — works for public repos (subject to GitHub's lower rate limit)\n\n**Getting results:**\n- **Polling:** `GET /scans/{scan_id}` until `status` is `\"completed\"`\n- **Webhook callback:** set `callback_url`. When the scan finishes, Vouch POSTs the\n  result there. If you also set `callback_secret`, the body is HMAC-SHA256-signed\n  via the `X-Vouch-Signature: sha256=<hex>` header — verify with the same secret.","operationId":"scan_repo_url_scan_repo_url_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanRepoUrlRequest"}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanRepoAccepted"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/internal/scan-complete":{"post":{"summary":"Modal Scan Complete","description":"Callback endpoint for Modal. Receives scanner findings and continues\nwith LLM analysis + DB persistence on Render.\nSecured via HMAC signature on the request body.\nFor webhook scans (PR/push), also posts results back to GitHub.","operationId":"modal_scan_complete_internal_scan_complete_post","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/badge/{installation_id}":{"get":{"summary":"Get Security Badge","description":"Returns a dynamic SVG badge representing the latest security score for this installation.","operationId":"get_security_badge_badge__installation_id__get","parameters":[{"name":"installation_id","in":"path","required":true,"schema":{"type":"string","title":"Installation Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/projects":{"get":{"summary":"List Projects","description":"Returns a list of all projects for the current user.","operationId":"list_projects_projects_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}}}}},"/projects/{project_id}":{"get":{"summary":"Get Project Details","description":"Returns metadata for a specific project.","operationId":"get_project_details_projects__project_id__get","parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"string","title":"Project Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"patch":{"summary":"Rename Project","description":"Update the display name of a project (user-editable label).","operationId":"rename_project_projects__project_id__patch","parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"string","title":"Project Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"delete":{"summary":"Delete Project","description":"Deletes a project and all its associated scans.","operationId":"delete_project_projects__project_id__delete","parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"string","title":"Project Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/projects/{project_id}/description":{"patch":{"summary":"Update Project Description","description":"Update the AI-generated or user-written description of a project.","operationId":"update_project_description_projects__project_id__description_patch","parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"string","title":"Project Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/projects/{project_id}/scans":{"get":{"summary":"List Project Scans","description":"Returns a list of scans for a specific project.","operationId":"list_project_scans_projects__project_id__scans_get","parameters":[{"name":"project_id","in":"path","required":true,"schema":{"type":"string","title":"Project Id"}},{"name":"limit","in":"query","required":false,"schema":{"type":"integer","default":50,"title":"Limit"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scans":{"get":{"summary":"List Scans","description":"List recent scans for the authenticated user.\nSupports both Supabase JWT (Bearer) and API Key (X-API-Key) auth.","operationId":"list_scans_scans_get","parameters":[{"name":"limit","in":"query","required":false,"schema":{"type":"integer","default":20,"title":"Limit"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/ScanListItem"},"title":"Response List Scans Scans Get"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/vulnerabilities":{"get":{"summary":"List Vulnerabilities","description":"Returns aggregated CRITICAL and HIGH vulnerabilities for the authenticated user.","operationId":"list_vulnerabilities_vulnerabilities_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VulnerabilitiesResponse"}}}}}}},"/scans/{scan_id}":{"get":{"summary":"Get Scan","description":"Return full details of a past scan, including all issues.","operationId":"get_scan_scans__scan_id__get","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ScanResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}},"delete":{"summary":"Remove Scan","description":"Delete a scan from history. Supports Bearer token and API Key auth.","operationId":"remove_scan_scans__scan_id__delete","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/scans/{scan_id}/agent-prompt/{issue_index}":{"get":{"summary":"Get Agent Prompt","description":"Returns a structured prompt for an AI coding agent to fix a specific vulnerability.","operationId":"get_agent_prompt_scans__scan_id__agent_prompt__issue_index__get","parameters":[{"name":"scan_id","in":"path","required":true,"schema":{"type":"string","title":"Scan Id"}},{"name":"issue_index","in":"path","required":true,"schema":{"type":"integer","title":"Issue Index"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/github/callback":{"get":{"summary":"Github Callback","description":"Handles the redirect from GitHub after a user installs the Vouch GitHub App.\nThe 'state' parameter should contain the user's Clerk ID, passed securely from the frontend.","operationId":"github_callback_github_callback_get","parameters":[{"name":"installation_id","in":"query","required":true,"schema":{"type":"string","title":"Installation Id"}},{"name":"setup_action","in":"query","required":false,"schema":{"type":"string","title":"Setup Action"}},{"name":"state","in":"query","required":false,"schema":{"type":"string","title":"State"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}},"/webhook/github":{"post":{"summary":"Github Webhook","description":"Receives Webhooks from the Vouch GitHub App.\nVerifies the SHA256 signature and offloads the analysis to a background task.","operationId":"github_webhook_webhook_github_post","parameters":[{"name":"x-github-event","in":"header","required":false,"schema":{"type":"string","title":"X-Github-Event"}},{"name":"x-hub-signature-256","in":"header","required":false,"schema":{"type":"string","title":"X-Hub-Signature-256"}}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}}},"components":{"schemas":{"AutofixRequest":{"properties":{"scan_id":{"type":"string","title":"Scan Id"},"issue_indices":{"anyOf":[{"items":{"type":"integer"},"type":"array"},{"type":"null"}],"title":"Issue Indices"}},"type":"object","required":["scan_id"],"title":"AutofixRequest"},"Body_scan_repo_scan_repo_post":{"properties":{"file":{"type":"string","contentMediaType":"application/octet-stream","title":"File"},"language":{"type":"string","title":"Language","default":"python"},"repo_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Repo Name"}},"type":"object","required":["file"],"title":"Body_scan_repo_scan_repo_post"},"CheckoutRequest":{"properties":{"tier":{"type":"string","title":"Tier"},"billing_interval":{"type":"string","title":"Billing Interval","default":"yearly"}},"type":"object","required":["tier"],"title":"CheckoutRequest"},"DeveloperProfile":{"properties":{"api_key":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Api Key"},"has_api_key":{"type":"boolean","title":"Has Api Key","default":false},"plan":{"type":"string","title":"Plan","default":"free"},"scan_count":{"type":"integer","title":"Scan Count","default":0},"credits":{"type":"integer","title":"Credits","default":0},"github_installation_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Github Installation Id"},"usage":{"anyOf":[{"additionalProperties":true,"type":"object"},{"type":"null"}],"title":"Usage"},"auto_fix_prs":{"type":"boolean","title":"Auto Fix Prs","default":false}},"type":"object","title":"DeveloperProfile"},"FilteredFindingResponse":{"properties":{"title":{"type":"string","title":"Title"},"rule_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Rule Id"},"file":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"File"},"line":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Line"},"severity":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Severity"},"reason":{"type":"string","title":"Reason"}},"type":"object","required":["title","reason"],"title":"FilteredFindingResponse"},"GithubLinkRequest":{"properties":{"installation_id":{"type":"string","title":"Installation Id"},"setup_action":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Setup Action"}},"type":"object","required":["installation_id"],"title":"GithubLinkRequest"},"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"IgnoreFindingRequest":{"properties":{"repo_name":{"type":"string","title":"Repo Name"},"file_path":{"type":"string","title":"File Path"},"snippet_hash":{"type":"string","title":"Snippet Hash"}},"type":"object","required":["repo_name","file_path","snippet_hash"],"title":"IgnoreFindingRequest"},"IssueResponse":{"properties":{"title":{"type":"string","title":"Title"},"severity":{"type":"string","title":"Severity"},"file":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"File"},"line":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Line"},"source":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Source"},"description":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Description"},"how_to_fix":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"How To Fix"},"fixed_code_snippet":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Fixed Code Snippet"},"fixed_code_snippets":{"anyOf":[{"items":{"additionalProperties":true,"type":"object"},"type":"array"},{"type":"null"}],"title":"Fixed Code Snippets"}},"type":"object","required":["title","severity"],"title":"IssueResponse"},"ScanListItem":{"properties":{"id":{"type":"string","title":"Id"},"scan_type":{"type":"string","title":"Scan Type"},"language":{"type":"string","title":"Language"},"score":{"type":"integer","title":"Score"},"summary":{"type":"string","title":"Summary"},"status":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Status","default":"completed"},"created_at":{"type":"string","title":"Created At"}},"type":"object","required":["id","scan_type","language","score","summary","created_at"],"title":"ScanListItem"},"ScanRepoAccepted":{"properties":{"scan_id":{"type":"string","title":"Scan Id"},"status":{"type":"string","title":"Status","default":"processing"},"message":{"type":"string","title":"Message","default":"Scan started. Poll GET /scans/{scan_id} for results."}},"type":"object","required":["scan_id"],"title":"ScanRepoAccepted"},"ScanRepoUrlRequest":{"properties":{"repo_url":{"type":"string","title":"Repo Url"},"ref":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Ref","default":""},"language":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Language","default":"auto"},"github_token":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Github Token"},"callback_url":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Callback Url"},"callback_secret":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Callback Secret"}},"type":"object","required":["repo_url"],"title":"ScanRepoUrlRequest"},"ScanRequest":{"properties":{"code":{"type":"string","maxLength":2000000,"title":"Code"},"language":{"type":"string","title":"Language","default":"python"}},"type":"object","required":["code"],"title":"ScanRequest"},"ScanResponse":{"properties":{"scan_id":{"type":"string","title":"Scan Id","default":""},"score":{"type":"integer","title":"Score","default":0},"summary":{"type":"string","title":"Summary","default":""},"issues":{"items":{"$ref":"#/components/schemas/IssueResponse"},"type":"array","title":"Issues","default":[]},"filtered_findings":{"items":{"$ref":"#/components/schemas/FilteredFindingResponse"},"type":"array","title":"Filtered Findings","default":[]},"status":{"type":"string","title":"Status","default":"completed"},"credits_used":{"type":"integer","title":"Credits Used","default":1},"github_owner":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Github Owner"},"github_repo":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Github Repo"}},"type":"object","title":"ScanResponse"},"StatusResponse":{"properties":{"status":{"type":"string","title":"Status"}},"type":"object","required":["status"],"title":"StatusResponse"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"},"input":{"title":"Input"},"ctx":{"type":"object","title":"Context"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"},"VulnerabilitiesResponse":{"properties":{"critical_count":{"type":"integer","title":"Critical Count","default":0},"high_count":{"type":"integer","title":"High Count","default":0},"total_count":{"type":"integer","title":"Total Count","default":0},"fixes_applied":{"type":"integer","title":"Fixes Applied","default":0},"vulnerabilities":{"items":{"$ref":"#/components/schemas/VulnerabilityItem"},"type":"array","title":"Vulnerabilities","default":[]}},"type":"object","title":"VulnerabilitiesResponse"},"VulnerabilityItem":{"properties":{"title":{"type":"string","title":"Title"},"file":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"File"},"severity":{"type":"string","title":"Severity"},"scan_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Scan Id"},"first_seen":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"First Seen"},"last_seen":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Last Seen"}},"type":"object","required":["title","severity"],"title":"VulnerabilityItem"},"WaitlistResponse":{"properties":{"status":{"type":"string","title":"Status","default":"ok"},"message":{"type":"string","title":"Message","default":""}},"type":"object","title":"WaitlistResponse"}}},"tags":[{"name":"Scanning","description":"Trigger and retrieve security scans."},{"name":"Developer","description":"API-key management, account, integrations."},{"name":"Projects","description":"Project listings and metadata."},{"name":"Webhooks","description":"GitHub App + Stripe webhooks (internal)."},{"name":"Articles","description":"Public-facing article/blog endpoints."}]}