API Endpoints

API Architecture

The API is split into three separate specifications:

API	Base Path	Purpose
Client	`/api/v1/client`	Organization-scoped operations (jobs, rules, alerts)
Agent	`/api/v1/agent`	Remote agent operations (heartbeat, tasks)
Internal	`/api/v1/internal`	Admin operations (metrics, settings)

Swagger UI:

Client API: /api/v1/swagger
Internal API: /api/v1/internal/swagger

System Endpoints

Method	Path	Description
GET	`/health`	Health check (no auth)

Agent Endpoints (Agent API)

Method	Path	Description
POST	`/heartbeat/{AgentUUID}`	Agent registration
POST	`/tasks/{AgentUUID}/poll`	Poll for next task
POST	`/tasks/{AgentUUID}/complete`	Submit task results
POST	`/tasks/{AgentUUID}/log-failure`	Log submission failure

Agent Submission Logs

Method	Path	API	Description
GET	`/agents/{agent_uuid}/submission-logs`	Client, Internal	List submission logs for debugging

Gather Job Endpoints

Method	Path	Description
GET	`/gather-jobs`	List gather jobs
POST	`/gather-jobs`	Create gather job
GET	`/gather-jobs/{id}`	Get gather job
PUT	`/gather-jobs/{id}`	Update gather job
POST	`/gather-jobs/{id}/run`	Trigger immediate run
POST	`/gather-jobs/{id}/clear-releases`	Delete all releases for a job
GET	`/gather-jobs/summary`	Aggregate gather job counts by status (supports `scope` query param)

Scrape Job Endpoints

Method	Path	Description
GET	`/scrape-jobs`	List scrape jobs
POST	`/scrape-jobs`	Create scrape job
GET	`/scrape-jobs/{id}`	Get scrape job
PUT	`/scrape-jobs/{id}`	Update scrape job
POST	`/scrape-jobs/{id}/run`	Trigger immediate run
POST	`/scrape-jobs/{id}/set-version`	Set version for manual scrape job
GET	`/scrape-jobs/{id}/versions`	Get version history
GET	`/scrape-jobs/summary`	Aggregate scrape job counts (total, scheduled, with versions; supports `scope` query param)

Helm Sync Job Endpoints

Helm sync jobs auto-discover charts in a Helm repository and create child gather jobs.

Method	Path	API	Description
GET	`/helm-sync-jobs`	Client, Internal	List helm sync jobs
POST	`/helm-sync-jobs`	Client, Internal	Create helm sync job
GET	`/helm-sync-jobs/{id}`	Client, Internal	Get helm sync job details
PUT	`/helm-sync-jobs/{id}`	Client, Internal	Update helm sync job
DELETE	`/helm-sync-jobs/{id}`	Client, Internal	Delete helm sync job
POST	`/helm-sync-jobs/{id}/run`	Client, Internal	Trigger helm sync immediately
GET	`/helm-sync-jobs/{id}/charts`	Client, Internal	List child gather jobs

Rules & Alerts

Method	Path	Description
GET	`/rules`	List monitoring rules
POST	`/rules`	Create rule
GET	`/rules/{id}`	Get rule
PUT	`/rules/{id}`	Update rule
DELETE	`/rules/{id}`	Delete rule
POST	`/rules/{id}/toggle`	Toggle active state
POST	`/rules/evaluate`	Trigger evaluation
GET	`/alert-configs`	List alert configs
POST	`/alert-configs`	Create alert config
GET	`/alerts`	List alerts
GET	`/alerts/summary`	Alert counts
GET	`/alerts/resolved`	List resolved (historical) alerts
GET	`/alerts/{id}`	Get alert details
POST	`/alerts/{id}/acknowledge`	Acknowledge alert
POST	`/alerts/{id}/unacknowledge`	Remove acknowledgment
POST	`/alerts/{id}/resolve`	Manually resolve alert
POST	`/alerts/acknowledge`	Bulk acknowledge
GET	`/alerts/{id}/deliveries`	Get alert delivery history
GET	`/alerts/{id}/actions`	Get audit trail of alert state changes

Notification Channels

Method	Path	Description
GET	`/notification-channels`	List notification channels
POST	`/notification-channels`	Create notification channel
POST	`/notification-channels/validate`	Validate webhook config without creating
GET	`/notification-channels/{id}`	Get notification channel
PUT	`/notification-channels/{id}`	Update notification channel
DELETE	`/notification-channels/{id}`	Delete notification channel
POST	`/notification-channels/{id}/test`	Test channel connectivity
POST	`/notification-channels/{id}/toggle`	Toggle channel active state
GET	`/notification-channels/{id}/stats`	Get channel health statistics

Notification Rules

Method	Path	Description
GET	`/notification-rules`	List notification rules
POST	`/notification-rules`	Create notification rule
GET	`/notification-rules/{id}`	Get notification rule
PUT	`/notification-rules/{id}`	Update notification rule
DELETE	`/notification-rules/{id}`	Delete notification rule
POST	`/notification-rules/{id}/toggle`	Toggle rule active state
GET	`/notification-rules/{id}/stats`	Get rule match statistics
POST	`/notification-rules/{id}/simulate`	Simulate rule matching

Notification Templates

Templates control the payload format for webhook deliveries. Templates are resolved in priority order: Channel > Organization > Global defaults.

Method	Path	Description
GET	`/notification-templates`	List effective templates
PUT	`/notification-templates/{category}`	Set org template override
DELETE	`/notification-templates/{category}`	Remove org template override
POST	`/notification-templates/preview`	Preview template rendering

Notification Deliveries

Method	Path	Description
GET	`/notification-deliveries`	List deliveries (filterable)
GET	`/notification-deliveries/dead`	List dead letters
POST	`/notification-deliveries/{id}/retry`	Retry dead letter

Notification Settings

Method	Path	Description
GET	`/notification-settings`	Get org notification settings
PUT	`/notification-settings`	Update org notification settings

Webhook Acknowledgment

External callback endpoints for alert acknowledgment (token-based, no API key required):

Method	Path	Description
GET	`/webhooks/acknowledge/{token}`	Acknowledge alert via browser (conditional auth based on channel config)
POST	`/webhooks/acknowledge/{token}`	Acknowledge alert via callback

Webhook Config Fields

Stored in config JSONB column:

Field	Type	Required	Description
`url`	string	Yes	Webhook endpoint URL
`method`	string	No	HTTP method (default: POST)
`headers`	object	No	Custom headers to include
`timeout_seconds`	int	No	Request timeout (default: 30)
`secret`	string	No	HMAC signing secret
`event_templates`	object	No	Event-specific body templates

Event-Specific Templates

{
  "url": "https://discord.com/api/webhooks/...",
  "event_templates": {
    "new_alert": "{\"content\": \"**{{.Alert.Severity | upper}}**: {{.Alert.ConfigName}}\"}",
    "acknowledged": "{\"content\": \"Acknowledged: {{.Alert.ConfigName}} by {{.AcknowledgedBy}}\"}",
    "resolved": "{\"content\": \"Resolved: {{.Alert.ConfigName}}\"}"
  }
}

Template Categories:

new_alert: For alert.created, alert.escalated events (includes {{.AcknowledgeURL}})
acknowledged: For alert.acknowledged, alert.unacknowledged events (includes {{.IsAcknowledged}}, {{.AcknowledgedBy}}, {{.AcknowledgedAt}})
resolved: For alert.resolved events (includes {{.ResolvedAt}})

API Keys Management

Method	Path	Description
GET	`/api-keys`	List API keys for organization
POST	`/api-keys`	Create new API key (requires JWT auth)
GET	`/api-keys/{id}`	Get API key details (no secret returned)
PUT	`/api-keys/{id}`	Update API key name/description
POST	`/api-keys/{id}/toggle`	Toggle API key active state
POST	`/api-keys/{id}/deactivate`	Permanently deactivate API key

User Feedback

Method	Path	API	Description
POST	`/feedback`	Client	Submit user feedback
GET	`/feedback`	Internal	List all feedback (admin)

Releases & Versions

Method	Path	Description
GET	`/releases`	List upstream releases (includes `metadata` object; supports `scope` query param)
GET	`/releases/{id}`	Get release by ID (includes `metadata` object)
GET	`/releases/summary`	Aggregate release statistics (supports `scope` query param)
GET	`/versions`	List version snapshots

Settings

Method	Path	Description
GET	`/settings`	List settings
PUT	`/settings/{key}`	Update setting
GET	`/settings/effective`	Effective settings (global + org overrides)
GET	`/settings/org-overrides`	Organization-specific overrides
PUT	`/settings/org-overrides/{key}`	Create/update org override
DELETE	`/settings/org-overrides/{key}`	Remove org override

UI selection helper endpoints that return simplified lists:

Method	Path	Description
GET	`/dropdowns/scrape-jobs`	Scrape jobs for dropdown
GET	`/dropdowns/gather-jobs`	Gather jobs for dropdown
GET	`/dropdowns/gather-jobs/global`	Global gather jobs for dropdown
GET	`/dropdowns/rules`	Rules for dropdown
GET	`/dropdowns/notification-channels`	Channels for dropdown

Permissions & Roles

Method	Path	Description
GET	`/permissions/me`	Get current user’s effective permissions (self, no permission check)
GET	`/permissions/matrix`	Get all resources and actions for role editing UI (no permission check)
GET	`/roles`	List available roles (system + org custom)
POST	`/roles`	Create custom role with IAM-style policy document (accepts both `policy_document` and legacy `permissions` format)
GET	`/roles/{id}`	Get role details with policy document and legacy permissions
PUT	`/roles/{id}`	Update custom role (accepts both `policy_document` and legacy `permissions` format)
DELETE	`/roles/{id}`	Delete custom role
GET	`/members/{id}/roles`	Get member’s assigned roles
PUT	`/members/{id}/roles`	Set member’s role assignments

Validation

Method	Path	Description
POST	`/validate/regex`	Validate regex pattern

Internal API Endpoints

Method	Path	Description
GET	`/metrics`	System-wide metrics
GET	`/pending-contributions`	List pending contribution suggestions
GET	`/pending-contributions/count`	Count pending contributions (for badge)
POST	`/pending-contributions/gather/{id}/approve`	Approve gather job contribution (creates global copy)
POST	`/pending-contributions/gather/{id}/reject`	Reject gather job contribution (clears flag)
POST	`/pending-contributions/helm-sync/{id}/approve`	Approve helm sync job contribution (creates global copy)
POST	`/pending-contributions/helm-sync/{id}/reject`	Reject helm sync job contribution (clears flag)
GET	`/eol-products`	List EOL products with optional status filter
POST	`/eol-products/{id}/approve`	Approve EOL product for syncing
POST	`/eol-products/{id}/deny`	Deny EOL product from syncing (returns 409 if already approved)
POST	`/eol-sync/trigger`	Trigger an EOL sync run (returns 202, 409 if already running)
GET	`/eol-sync/history`	List recent EOL sync runs
GET	`/users`	List all users with superadmin status
GET	`/users/{id}/org-roles`	Get cross-org role assignments for a user
POST	`/users/{id}/grant-superadmin`	Grant superadmin role via Casbin g2
POST	`/users/{id}/revoke-superadmin`	Revoke superadmin role (guards last superadmin)

Client UI Routes

The clientui binary serves HTML pages and forwards form submissions to the API. Routes are registered in internal/handlers/ui.go.

Auth Routes

When Supabase is configured (internal/handlers/auth.go, internal/handlers/onboarding.go):

Method	Path	Description
GET	`/login`	Login page (email/password + OAuth)
POST	`/auth/login`	Email/password login
GET	`/auth/signup`	Signup page
POST	`/auth/signup`	Create account
GET	`/auth/login/:provider`	Start OAuth flow (PKCE)
GET	`/auth/callback`	OAuth callback
GET	`/logout`	Sign out
GET	`/pending-approval`	Pending approval page (unapproved users)
GET	`/onboarding`	Onboarding page (new users)
POST	`/onboarding/create-org`	Create organization
POST	`/onboarding/accept-invite/:token`	Accept invite
POST	`/switch-org`	Switch active organization

Notification Channels UI

Method	Path	Description
GET	`/notification-channels`	List channels page
POST	`/notification-channels`	Create channel (form submission)
GET	`/notification-channels/{id}`	Channel detail/edit page
POST	`/notification-channels/{id}`	Update channel (form submission)
POST	`/notification-channels/{id}/test`	Test channel and redirect with result
POST	`/notification-channels/{id}/toggle`	Toggle active state
POST	`/notification-channels/{id}/delete`	Delete channel

UI Error Handling

The clientui uses URL query parameters for error/success messages:

/notification-channels/1?error=Delivery+failed+with+HTTP+400
/notification-channels?success=Channel+created+successfully

Handlers format detailed API errors into user-friendly messages. See internal/handlers/notification_channels.go:formatTestErrorMessage() for the pattern.