| # API Documentation | |
| ## Overview | |
| The API surface is designed around runtime health, model/tool dispatch, tenant-aware operations, audit/provenance, and domain workflows. | |
| ## Common conventions | |
| - JSON request and response bodies. | |
| - Tenant-aware endpoints should require explicit tenant context. | |
| - Security-sensitive operations should fail closed. | |
| - Clinical or biological outputs should include evidence/provenance where applicable. | |
| ## Endpoint groups | |
| ### Health | |
| ```http | |
| GET /health | |
| ``` | |
| Returns service status and runtime metadata. | |
| ### Models and agents | |
| ```http | |
| GET /models | |
| POST /v1/inference | |
| ``` | |
| Lists available model adapters and submits inference requests. | |
| ### Consent and governance | |
| ```http | |
| POST /v1/consent/grant | |
| POST /v1/consent/revoke | |
| GET /audit/events | |
| ``` | |
| Clinical and PHI-aware workflows should use explicit consent, policy, and audit records. | |
| ### Workflows | |
| ```http | |
| POST /v1/workflows/run | |
| GET /v1/workflows/{id} | |
| ``` | |
| Runs reproducible agent/tool pipelines and returns traceable outputs. | |
| ## OpenAPI | |
| When the service is running, generate the OpenAPI schema from the application runtime and commit a versioned snapshot under `docs/openapi.json`. | |