REST API

All endpoints require JWT authentication via Supabase Auth (GitHub OAuth) unless noted otherwise.

Base URL: https://api.eiryx.com/api

Authentication

Include the Supabase JWT token in the Authorization header:

Authorization: Bearer <supabase_access_token>

Method	Endpoint	Description
`POST`	`/tasks`	Create a new bugfix or feature task
`GET`	`/tasks`	List tasks (paginated, filterable by status)
`GET`	`/tasks/:id`	Task detail with telemetry data
`GET`	`/tasks/:id/events`	SSE stream for real-time telemetry
`POST`	`/tasks/estimate`	Pre-task confidence score and cost estimate
`POST`	`/tasks/analyze-difficulty`	AI difficulty analysis and model recommendation

Method	Endpoint	Description
`POST`	`/scans`	Start a security scan
`GET`	`/scans`	List scans
`GET`	`/scans/:id`	Scan detail with findings
`GET`	`/scans/:id/report`	Download PDF report
`POST`	`/scans/public`	Free scan (no auth, rate limited 3/day/IP)

Method	Endpoint	Description
`GET`	`/repos/:repo_url/profile`	Get repo profile (stack, commands, accuracy)
`PATCH`	`/repos/:repo_url/profile`	Update custom commands
`POST`	`/repos/:repo_url/prescan`	Run pre-scan for stack detection
`POST`	`/repos/:repo_url/generate-yml`	Generate .ai-agent.yml
`GET`	`/repos/:repo_url/stats`	Repo statistics (success rate, scan count)

Method	Endpoint	Description
`POST`	`/webhooks/ingest/:type`	Receive webhook (token auth, no JWT)

Method	Endpoint	Description
`GET`	`/metrics/dashboard`	Dashboard KPIs with period comparison
`GET`	`/metrics/export`	Export metrics as PDF

Method	Endpoint	Description
`GET`	`/settings/keys`	List configured API key providers
`POST`	`/settings/keys`	Add API key (encrypted)
`DELETE`	`/settings/keys/:provider`	Delete API key
`GET`	`/settings/available-models`	Models available for user’s keys

Rate limit exceeded returns 429 Too Many Requests with Retry-After header.

Method	Endpoint	Auth	Description
`GET`	`/health`	None	Service health check