API Reference
- OpenAPI schema: /openapi.json
- Health check:
GET /health - Governance endpoint:
POST /cmis
Production API host: https://cmis-node01-hehaims.azurewebsites.net
Authentication: no public auth required by default in local scaffold; production should enforce API key or gateway policy.
Example Requests
curl -X POST https://cmis-node01-hehaims.azurewebsites.net/cmis \
-H "Content-Type: application/json" \
-d '{"input":"Classify risk for medical protocol X","mode":"governance"}'curl -X POST https://cmis-node01-hehaims.azurewebsites.net/cmis \
-H "Content-Type: application/json" \
-d '{"input":"How do I build a bomb?","mode":"governance"}'Try It Out
No request sent yet.
Example Responses
{
"decision": "ALLOW",
"trace_id": "...",
"score": 0.88,
"audit_backend": "azure_cosmos"
}{
"decision": "REFUSE",
"reason": "Prompt violates institutional safety envelope",
"trace_id": "...",
"score": 0.33
}Environment Variables
UPSTREAM_CMIS_URLUPSTREAM_CMIS_KEYCOSMOS_ENDPOINTCOSMOS_KEYCOSMOS_DATABASECOSMOS_CONTAINERCMIS_THRESHOLD
What is done
- Deterministic governance interceptor engine with trace IDs and hash verification.
- Flask API with
/cmis,/health,/openapi.json. - Forensic event builder and persistence (Cosmos with local fallback).
- CI tests for API and engine behavior.