Dashboard

Live telemetry · packages · ops

Loading

Docs›GraphQL API

GraphQL API

title: GraphQL API

GraphQL API

This dashboard exposes a GraphQL API for queries/mutations and real-time subscriptions.

Endpoints

HTTP: POST /api/graphql
Subscriptions: graphql-ws over WebSocket at /api/graphql

In development, GraphiQL is enabled at GET /api/graphql.

Authentication

Web (OAuth)

Web clients authenticate via NextAuth session cookies (GitHub + Google).

CLI (Bearer tokens)

For automation, the API also accepts CLI tokens:

Authorization: Bearer <cli-token>

What you can do

Scans

Trigger scans (mutations)
Subscribe to scan events (subscriptions)
Query recent scans + alerts

Admin / Ops

If your user is admin/superAdmin, the API also exposes:

Detection rules (lifecycle: provisional/confirmed/disabled)
False positive reports + resolutions
Admin alerts + acknowledgements
Patch review + hosted packages

Example: subscription (scan events)

subscription {
  scanCompleted {
    scanId
    packageName
    version
    threatLevel
    threatScore
  }
}

Example: query (top scans)

query {
  scans(limit: 25) {
    id
    packageName
    version
    threatLevel
    threatScore
    scannedAt
  }
}

Note: the exact query fields depend on the schema in src/graphql/schema.graphql.