Shynvo
Account

HTTP API reference

Minimal catalog derived from app/api route handlers. For request/response schemas, read the source or Open your deployment in an API client against https://shynvo.app.

Health

Liveness for load balancers; no auth.

  • GET/api/health

    JSON ok, service name, and uptime seconds.

  • HEAD/api/health

    Same as GET without body.

Incidents

  • GET/api/incidents/{id}/export

    Download incident as Markdown (authenticated Supabase user).

    Auth: Session cookie

  • GET/api/incidents/{id}/evidence

    Download incident evidence pack JSON (timeline, dry-run, audit-linked events).

    Auth: Session cookie

  • GET/api/incidents/{id}/review

    Download post-incident review Markdown (narrative, timeline, execution evidence, audit snapshot).

    Auth: Session cookie

  • POST/api/incidents/{id}/rca/run

    Generate and persist an incident RCA hypothesis with confidence and evidence references.

    Auth: Session cookie

  • GET/api/incidents/{id}/rca/latest

    Fetch latest persisted RCA run for an incident.

    Auth: Session cookie

  • GET/api/services/{id}/slo

    Fetch service SLO profile plus latest error budget windows (7d/30d).

    Auth: Session cookie

  • GET/api/overview/error-budget-summary

    Fetch SLO error budget overview across services (critical/warning burn and average used budget).

    Auth: Session cookie

Integrations

  • POST/api/integrations/alerts

    Create or dedupe incident from monitoring (Bearer alert ingest token).

    Auth: Bearer ingest token

    Paid-gated per deployment; validates token server-side. Supports normalized Shynvo payload, Datadog, Prometheus/Grafana Alertmanager, PagerDuty, and New Relic payloads (vendor-specific dedupe keys). Optional HMAC signature check via SHYNVO_ALERT_WEBHOOK_SIGNING_SECRET.

  • GET/api/connectors/status

    Probe configured reasoning/automation connector URLs.

    Auth: Session cookie when Supabase auth is enabled

  • POST/api/integrations/slack/approvals

    Receive signed Slack action payloads and decide pending approvals.

    Auth: Slack request signature (X-Slack-Signature)

  • POST/api/approvals/policy-suggestions/promote

    Promote a decision-intelligence policy suggestion into policy review and log audit evidence.

    Auth: Session cookie (or session mode fallback)

  • GET/api/governance/policy-blocks/summary

    Return policy-block analytics summary for current user (window=7d|30d, includes prior-window delta and reason distribution).

    Auth: Session cookie

Automations

  • POST/api/automations/dry-run

    Run playbook dry-run; may persist and append audit when configured.

    Auth: Session cookie

  • POST/api/automations/execute

    Record guarded execution after successful dry-run with approval note and rollback plan.

    Auth: Session cookie

  • POST/api/automations/remediate

    Run guarded remediation with dry-run freshness and accepted policy checks.

    Auth: Session cookie

  • GET/api/services/dependency-graph

    Fetch service dependency graph (nodes and directed edges).

    Auth: Session cookie

Copilot

  • POST/api/copilot/chat

    Streaming or JSON chat completion.

    Auth: Session cookie

  • GET/api/copilot/threads

    List conversation threads.

    Auth: Session cookie

  • POST/api/copilot/threads

    Create thread.

    Auth: Session cookie

  • GET/api/copilot/threads/{id}/messages

    List messages in a thread.

    Auth: Session cookie

  • POST/api/copilot/threads/{id}/messages

    Append user message and run assistant turn.

    Auth: Session cookie

User-scoped keys

  • GET/api/user/api-keys

    List API keys (metadata).

    Auth: Session cookie

  • POST/api/user/api-keys

    Create API key (returns plaintext once).

    Auth: Session cookie

  • DELETE/api/user/api-keys/{id}

    Revoke key.

    Auth: Session cookie

  • GET/api/user/alert-ingest-tokens

    List alert ingest tokens.

    Auth: Session cookie

  • POST/api/user/alert-ingest-tokens

    Create ingest token (returns secret once).

    Auth: Session cookie

  • DELETE/api/user/alert-ingest-tokens/{id}

    Revoke ingest token.

    Auth: Session cookie

Connector proxies

Forward to SHYNVO_REASONING_API_URL and SHYNVO_ROBOT_API_URL when set.

  • GET|POST|PUT|PATCH|DELETE/api/reasoning/*

    Proxy to reasoning backend.

    Auth: Session cookie

  • GET|POST|PUT|PATCH|DELETE/api/robot/*

    Proxy to automation robot backend.

    Auth: Session cookie

Audit

  • GET/api/audit/export

    Download all audit_log rows for the signed-in user as CSV (optional window=24h|7d|30d|all).

    Auth: Session cookie

  • GET/api/audit/slack-events/export

    Download Slack delivery audit rows as CSV (optional window=24h|7d|30d|all).

    Auth: Session cookie

Billing

  • POST/api/webhooks/lemonsqueezy

    Lemon Squeezy subscription webhook.

    Auth: Webhook signature (Lemon)

OpenAPI sketch

Partial YAML for tooling; paths are abbreviated — expand in-repo before publishing a full spec.

openapi: 3.0.3
info:
  title: Shynvo API
  version: "0.1.0"
servers:
  - url: https://shynvo.app
paths:
  /api/health:
    get:
      summary: Liveness and uptime
  /api/integrations/alerts:
    post:
      summary: Alert ingest (Bearer token)
  /api/automations/dry-run:
    post:
      summary: Playbook dry-run
  /api/copilot/chat:
    post:
      summary: Copilot chat
  /api/user/api-keys:
    get:
      summary: List API keys
    post:
      summary: Create API key

← Docs hub