{ "openapi": "3.1.0", "info": { "title": "Rhindon AI Risk & Integrity Cloud (RAIC) — Public API", "version": "1.0.0", "description": "Public, unauthenticated endpoints for tenant-scoped intake submissions and public trust-portal reads. Tenant-authenticated APIs (registry, controls, risk, governance, reports, exports) require a Lovable Cloud session token and are not exposed here. Contact raic_support@rhindoncyber.com for Enterprise API access.", "contact": { "name": "Rhindon Cyber", "email": "raic_support@rhindoncyber.com", "url": "https://app.rhindoncyber.com" }, "license": { "name": "Commercial — Rhindon Cyber EULA" } }, "servers": [ { "url": "https://mbnchxkffcnfbybwlarg.supabase.co/functions/v1", "description": "Lovable Cloud edge functions" } ], "paths": { "/submit-public-use-case": { "post": { "operationId": "submitPublicUseCase", "summary": "Submit a tenant-scoped public AI use case", "description": "Accepts a public AI use case submission for a specific tenant, identified by org_slug. Triggers an email verification step before the submission is enqueued for tenant triage.", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublicUseCaseInput" } } } }, "responses": { "200": { "description": "Submission accepted, verification email queued.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntakeAccepted" } } } }, "400": { "description": "Validation error" }, "404": { "description": "Tenant not found or public intake disabled" }, "429": { "description": "Rate limit exceeded" } } } }, "/submit-public-tool": { "post": { "operationId": "submitPublicTool", "summary": "Submit a tenant-scoped public AI tool intake", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublicToolInput" } } } }, "responses": { "200": { "description": "Submission accepted.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntakeAccepted" } } } }, "400": { "description": "Validation error" }, "404": { "description": "Tenant not found or public intake disabled" }, "429": { "description": "Rate limit exceeded" } } } }, "/verify-intake-email": { "post": { "operationId": "verifyIntakeEmail", "summary": "Verify a public intake submission via signed token", "requestBody": { "required": true, "content": { "application/json": { "schema": { "type": "object", "required": ["token"], "properties": { "token": { "type": "string", "description": "Signed verification token from confirmation email." } } } } } }, "responses": { "200": { "description": "Verified" }, "400": { "description": "Invalid or expired token" } } } }, "/submit-anonymous-concern": { "post": { "operationId": "submitAnonymousConcern", "summary": "Submit an anonymous AI concern", "description": "ISO 42001 A.3.3 channel. Posts an anonymous concern for a specific tenant identified by an opaque rotatable token. Protected by hCaptcha and IP rate limiting.", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AnonymousConcernInput" } } } }, "responses": { "200": { "description": "Concern accepted." }, "400": { "description": "Validation error or hCaptcha failure" }, "404": { "description": "Token invalid or revoked" }, "429": { "description": "Rate limit exceeded" } } } }, "/trust-portal-public": { "get": { "operationId": "getTrustPortal", "summary": "Read a tenant's published trust portal", "parameters": [ { "name": "slug", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Tenant slug; the URL form is https://app.rhindoncyber.com/trust/{slug}." } ], "responses": { "200": { "description": "Trust portal payload (org metadata + published evidence index)." }, "404": { "description": "No published trust portal for this tenant." } } } } }, "components": { "schemas": { "PublicUseCaseInput": { "type": "object", "required": ["org_slug", "submitter_email", "title", "description"], "properties": { "org_slug": { "type": "string", "description": "Tenant slug." }, "submitter_email": { "type": "string", "format": "email" }, "title": { "type": "string", "maxLength": 255 }, "description": { "type": "string", "maxLength": 8000 }, "department": { "type": "string" }, "ai_catalog_id": { "type": "string", "format": "uuid", "nullable": true } } }, "PublicToolInput": { "type": "object", "required": ["org_slug", "submitter_email", "tool_name", "intended_use"], "properties": { "org_slug": { "type": "string" }, "submitter_email": { "type": "string", "format": "email" }, "tool_name": { "type": "string" }, "vendor": { "type": "string" }, "intended_use": { "type": "string", "maxLength": 4000 } } }, "AnonymousConcernInput": { "type": "object", "required": ["token", "summary", "hcaptcha_token"], "properties": { "token": { "type": "string", "description": "Tenant-rotatable opaque token from /concerns/{token} URL." }, "summary": { "type": "string", "maxLength": 8000 }, "category": { "type": "string", "enum": ["bias", "privacy", "safety", "transparency", "other"] }, "hcaptcha_token": { "type": "string" } } }, "IntakeAccepted": { "type": "object", "properties": { "ok": { "type": "boolean" }, "intake_id": { "type": "string", "format": "uuid" }, "verification_required": { "type": "boolean" } } } } }, "x-citation": "Rhindon AI Risk & Integrity Cloud (RAIC), Rhindon Cyber, https://app.rhindoncyber.com.", "x-llm-discovery": { "llms_txt": "https://app.rhindoncyber.com/llms.txt", "llms_full_txt": "https://app.rhindoncyber.com/llms-full.txt", "agent_manifest": "https://app.rhindoncyber.com/.well-known/agent.json", "ai_plugin_manifest": "https://app.rhindoncyber.com/.well-known/ai-plugin.json", "mcp_descriptor": "https://app.rhindoncyber.com/mcp.json" } }