API Reference

CloudForge exposes 89 REST API operations across 21 domains. The full specification is available as an OpenAPI 3.1.0 document.

Current docs-site mode:

the committed openapi.yaml is the source of truth
the markdown endpoint reference stays human-readable in Docusaurus
an interactive OpenAPI explorer remains deferred until the plugin path is re-evaluated on a stable docs-site toolchain

Quick Access

Domain	Endpoints	Description
System	3	Health, readiness, configuration
Findings	7	CRUD, search, stats, enrichment, ingest
Compliance	3	Frameworks, posture, mapping
Agents	5	Registry, lifecycle, traces, maturity
Costs	7	Spend, trends, anomalies, budgets, estimates, resources
Remediations	5	Queue, dispatch, approve, status
Exceptions	3	Request, review, audit
Policies	4	CRUD, evaluation, audit
Attack Paths	3	Compute, query, visualize
Graph	3	Gremlin, Cypher, traversal
Containers	4	Images, CVEs, SBOM, runtime
Secrets	3	Scan, upload, findings
WAF	2	Rules, events
Identity	3	Users, roles, sessions
AI/NLQ	3	Natural language query, suggestions
Deploy	3	Plan, apply, status
Workflows	3	Triggers, executions, templates
Webhooks	4	CRUD, test, logs
ASM	3	Assets, exposure, risk
Terminal	2	Sessions, commands
Integration	3	Providers, sync, status

All endpoints (except /health, /healthz, /ready) require a Bearer JWT token with RBAC role claims.

Authorization: Bearer <jwt-token>

Roles: viewer | requester | operator | admin

The public 300K-finding demo keeps eager search warmup disabled on the current Fly footprint. In that mode:

keyword search runs in-memory over the loaded findings set
semantic and hybrid requests degrade to candidate-scoped in-memory reranking instead of returning a hard failure
the mode field in the response reflects the effective execution mode used for that request

That keeps operator search usable on the full corpus without requiring startup-time Bleve warmup.