Headless Compliance API
Manage rules, run compliance checks, and pull audit bundles via API — no dashboard required. Designed for CI/CD pipelines, GitHub Actions, and enterprise governance automation.
Authentication
All endpoints require a Bearer token via the Authorization header. Generate API keys from the Snapwire dashboard.
HTTP
Authorization: Bearer af_your_api_key_here
Some endpoints (marked with 🔒 Admin) require admin-level access. Standard API key endpoints are marked with 🔑 API Key.
OpenAPI Spec Download
The full OpenAPI 3.0 JSON specification is available at /api/compliance/openapi.json. Use it to auto-generate client SDKs, import into Postman, or validate requests in CI pipelines.
bash
curl -s https://your-instance.com/api/compliance/openapi.json | python -m json.tool
Intercept Tool Call
The primary governance endpoint. Send every AI agent tool call here before execution. Snapwire evaluates it against constitutional rules, safety catalog, blast radius limits, and returns a decision.
| Parameter | Type | Description |
|---|---|---|
| tool_name REQUIRED | string | Name of the tool being called |
| parameters | object | Parameters passed to the tool |
| intent | string | Why the agent wants to call this tool |
| context | string | Additional task context |
| agent_id | string | Identifier for the calling agent |
| parent_agent_id | string | Parent agent ID for A2A chain tracing |
| inner_monologue | string | Agent's internal reasoning |
| webhook_url | string | Callback URL for async resolution |
JSON
{
"status": "allowed",
"action_id": "a1b2c3d4",
"risk_score": 15,
"analysis": "Action is within policy bounds."
}
JSON
{
"status": "pending",
"action_id": "e5f6g7h8",
"risk_score": 78,
"violations": [
{
"rule": "no_external_emails",
"severity": "high",
"reason": "Sending email to external address requires approval."
}
],
"message": "Action held for human review."
}
Get Constitution Rules
Returns all constitutional rules for the current workspace. Rules define what agents can and cannot do, and map to NIST CSF 2.0 categories.
JSON
{
"rules": [
{
"id": 1,
"rule_name": "no_external_emails",
"value": "Block all outbound emails to non-corporate domains",
"severity": "high",
"mode": "enforce",
"created_at": "2026-01-15T10:00:00Z"
}
]
}
Create Constitution Rule
Create a new constitutional rule. Rules are evaluated against every intercepted tool call. Supports plain-English rule definitions.
| Parameter | Type | Description |
|---|---|---|
| rule_name REQUIRED | string | Unique identifier for the rule |
| value REQUIRED | string | The rule text in plain English |
| severity | string | "low", "medium", "high", or "critical" |
| mode | string | "enforce" (block violations) or "monitor" (log only) |
JSON
{
"status": "added",
"rule_name": "no_external_emails",
"message": "Rule created successfully"
}
NIST Compliance Report
Returns a JSON report mapping your active rules to NIST CSF 2.0 categories. Includes coverage score, grade, and gap analysis. Use this to auto-populate compliance questionnaires.
JSON
{
"score": 78,
"grade": "B",
"covered": 8,
"partial": 3,
"gaps": 2,
"total_categories": 13,
"categories": [
{
"id": "GOVERN",
"name": "Governance",
"status": "covered",
"mapped_rules": ["budget_cap", "domain_allowlist"]
}
],
"generated_at": "2026-02-24T10:00:00Z"
}
NIST Report PDF
Downloads a formatted PDF compliance report aligned to NIST IR 8596 Agentic AI guidelines. Includes coverage breakdown, risk metrics, and safeguard inventory. Suitable for regulatory submissions.
Returns application/pdf with filename snapwire-nistir8596-report-YYYY-MM-DD.pdf
Audit Bundle
Generates a cryptographically signed ZIP archive containing the Safety Disclosure PDF, resolved actions CSV (human oversight proof), and SHA-256 hashed audit log JSON. Use for regulatory filings, insurance underwriters, or internal governance reviews.
Returns application/zip containing:
| File | Description |
|---|---|
| safety_disclosure.pdf | NIST grade, safeguards, coverage breakdown |
| resolved_actions.csv | All resolved actions with resolved_by field |
| audit_log.json | SHA-256 content hashes for tamper detection |
| manifest.json | Bundle metadata and integrity checksums |
Tool Safety Catalog
Returns the full tool safety catalog showing all known tools, their safety grades (A–F), approval status, CVE exposure, and review history. Use to audit which tools your agents have access to.
JSON
{
"catalog": [
{
"id": 1,
"tool_name": "send_email",
"grade": "B",
"status": "approved",
"cve_count": 0,
"first_seen": "2026-02-20T08:00:00Z",
"last_seen": "2026-02-24T12:00:00Z"
}
]
}
Update Tool Status
Change the approval status of a cataloged tool. Banned tools are automatically blocked by the intercept endpoint. Use in CI/CD to enforce tool allowlists.
| Parameter | Type | Description |
|---|---|---|
| status REQUIRED | string | "approved", "banned", or "pending_review" |
JSON
{
"status": "updated",
"tool_id": 1,
"new_status": "banned"
}
Get Pending Actions
Returns all tool call actions currently held for human review. Integrate with your ticketing system or Slack bot to build custom approval workflows.
JSON
{
"actions": [
{
"id": "a1b2c3d4",
"tool_name": "delete_database",
"agent_id": "data-cleanup-agent",
"risk_score": 92,
"violations": ["no_destructive_ops"],
"created_at": "2026-02-24T10:30:00Z",
"status": "pending"
}
]
}
Resolve Action
Programmatically approve or deny a pending action. Use in automated governance pipelines where approval logic is handled by a separate system (e.g., PagerDuty, Jira, or a custom approval bot).
| Parameter | Type | Description |
|---|---|---|
| decision REQUIRED | string | "approve" or "deny" |
JSON
{
"status": "resolved",
"action_id": "a1b2c3d4",
"decision": "approve",
"resolved_by": "api"
}