{"openapi":"3.1.0","info":{"title":"Attevera API","version":"v1","description":"REST API for the EU AI Act readiness platform. Cover AI system registers, obligation mapping, controls, evidence, and audit artifacts."},"servers":[{"url":"https://attevera.com","description":"Production"},{"url":"http://localhost:3000","description":"Local dev"}],"components":{"securitySchemes":{"ApiKey":{"type":"http","scheme":"bearer","bearerFormat":"att_sk_<hex>","description":"Attevera API key. Obtain one from Settings → API Keys. Send as `Authorization: Bearer att_sk_...`."}},"schemas":{"ErrorEnvelope":{"type":"object","properties":{"error":{"type":"object","properties":{"code":{"type":"string","enum":["invalid_input","invalid_json","unsupported_media_type","unauthenticated","forbidden","subscription_required","not_found","conflict","unprocessable","rate_limited","internal"]},"message":{"type":"string"},"issues":{"type":"array","items":{"$ref":"#/components/schemas/ApiIssue"}}},"required":["code","message"]}},"required":["error"]},"ApiIssue":{"type":"object","properties":{"path":{"type":"array","items":{"anyOf":[{"type":"string"},{"type":"number"}]}},"message":{"type":"string"},"code":{"type":"string"}},"required":["path","message","code"]},"PaginationMeta":{"type":"object","properties":{"total":{"type":"integer","minimum":0},"limit":{"type":"integer","exclusiveMinimum":0},"offset":{"type":"integer","minimum":0}},"required":["total","limit","offset"]},"PaginationQuery":{"type":"object","properties":{"limit":{"type":"integer","minimum":1,"maximum":200,"default":50},"offset":{"type":["integer","null"],"minimum":0,"default":0}}},"RiskTier":{"type":"string","enum":["unacceptable","high","limited","minimal","undetermined"]},"SystemStatus":{"type":"string","enum":["in_use","pilot","retired"]},"SystemSummary":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"name":{"type":"string"},"description":{"type":["string","null"]},"vendor":{"type":["string","null"]},"model":{"type":["string","null"]},"purpose":{"type":["string","null"]},"data_types":{"type":["array","null"],"items":{"type":"string"}},"deployment_context":{"type":["string","null"]},"risk_tier":{"$ref":"#/components/schemas/RiskTier"},"role_in_chain":{"$ref":"#/components/schemas/RoleInChain"},"dataset_version":{"type":["string","null"]},"model_version":{"type":["string","null"]},"last_retrained_at":{"type":["string","null"]},"status":{"type":"string"},"created_at":{"type":"string"},"updated_at":{"type":"string"}},"required":["id","name","description","vendor","model","purpose","data_types","deployment_context","risk_tier","role_in_chain","dataset_version","model_version","last_retrained_at","status","created_at","updated_at"]},"RoleInChain":{"type":["string","null"],"enum":["provider","deployer","both","importer","distributor",null]},"SystemCreateRequest":{"type":"object","properties":{"name":{"type":"string","minLength":1,"maxLength":200},"description":{"type":"string","maxLength":2000},"vendor":{"type":"string","maxLength":200},"model":{"type":"string","maxLength":200},"purpose":{"type":"string","maxLength":2000},"data_types":{"type":"array","items":{"type":"string","maxLength":100},"maxItems":50},"deployment_context":{"type":"string","maxLength":2000},"role_in_chain":{"$ref":"#/components/schemas/RoleInChain"},"dataset_version":{"type":"string","maxLength":200},"model_version":{"type":"string","maxLength":200},"last_retrained_at":{"type":"string","format":"date-time"}},"required":["name"]},"SystemUpdateRequest":{"type":"object","properties":{"name":{"type":"string","minLength":1,"maxLength":200},"description":{"type":"string","maxLength":2000},"vendor":{"type":"string","maxLength":200},"model":{"type":"string","maxLength":200},"purpose":{"type":"string","maxLength":2000},"data_types":{"type":"array","items":{"type":"string","maxLength":100},"maxItems":50},"deployment_context":{"type":"string","maxLength":2000},"role_in_chain":{"$ref":"#/components/schemas/RoleInChain"},"dataset_version":{"type":"string","maxLength":200},"model_version":{"type":"string","maxLength":200},"last_retrained_at":{"type":"string","format":"date-time"},"status":{"$ref":"#/components/schemas/SystemStatus"}}},"SystemCreatedResponse":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"name":{"type":"string"},"risk_tier":{"$ref":"#/components/schemas/RiskTier"},"created_at":{"type":"string"}},"required":["id","name","risk_tier","created_at"]},"Control":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"title":{"type":"string"},"description":{"type":["string","null"]},"category":{"type":["string","null"]},"framework_ref":{"type":["string","null"]},"nist_ref":{"type":["string","null"]},"iso_ref":{"type":["string","null"]},"applicable_tiers":{"type":"array","items":{"type":"string"}},"created_at":{"type":"string"}},"required":["id","title","description","category","framework_ref","nist_ref","iso_ref","applicable_tiers","created_at"]},"ControlAssignment":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"control_id":{"type":"string","format":"uuid"},"ai_system_id":{"type":"string","format":"uuid"},"owner_user_id":{"type":["string","null"],"format":"uuid"},"due_date":{"type":["string","null"]},"status":{"type":"string"},"created_at":{"type":"string"}},"required":["id","control_id","ai_system_id","owner_user_id","due_date","status","created_at"]},"ControlAssignRequest":{"type":"object","properties":{"control_id":{"type":"string","format":"uuid"},"owner_user_id":{"type":"string","format":"uuid"},"due_date":{"type":"string"}},"required":["control_id"]},"ControlAssignmentUpdate":{"type":"object","properties":{"status":{"type":"string","enum":["not_started","in_progress","complete","not_applicable"]},"owner_user_id":{"type":["string","null"],"format":"uuid"},"due_date":{"type":["string","null"]}}},"Evidence":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"ai_system_id":{"type":["string","null"],"format":"uuid"},"control_assignment_id":{"type":["string","null"],"format":"uuid"},"title":{"type":"string"},"file_url":{"type":["string","null"]},"notes":{"type":["string","null"]},"storage_path":{"type":["string","null"]},"file_name":{"type":["string","null"]},"file_size_bytes":{"type":["integer","null"],"minimum":0},"mime_type":{"type":["string","null"]},"uploaded_by":{"type":"string","format":"uuid"},"uploaded_by_email":{"type":["string","null"]},"source_description":{"type":["string","null"]},"verified_at":{"type":["string","null"]},"verified_by":{"type":["string","null"],"format":"uuid"},"created_at":{"type":"string"}},"required":["id","ai_system_id","control_assignment_id","title","file_url","notes","uploaded_by_email","source_description","verified_at","created_at"]},"EvidenceCreateRequest":{"type":"object","properties":{"title":{"type":"string","minLength":1,"maxLength":200},"type":{"type":"string","enum":["link","text"]},"content":{"type":"string","minLength":1,"maxLength":10000},"source_description":{"type":"string","maxLength":2000},"control_assignment_id":{"type":"string","format":"uuid"}},"required":["title","type","content"]},"EvidenceUpdateRequest":{"type":"object","properties":{"title":{"type":"string","minLength":1,"maxLength":200},"source_description":{"type":["string","null"],"maxLength":2000},"notes":{"type":["string","null"],"maxLength":10000},"file_url":{"type":["string","null"],"format":"uri"}}},"EvidenceCreatedResponse":{"type":"object","properties":{"id":{"type":"string","format":"uuid"}},"required":["id"]},"EvidenceVerifiedResponse":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"title":{"type":"string"},"verified_at":{"type":"string"}},"required":["id","title","verified_at"]},"SystemReview":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"system_id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"reviewer_user_id":{"type":["string","null"],"format":"uuid"},"reviewed_at":{"type":"string"},"review_status":{"type":"string","enum":["reviewed","approved"]},"notes":{"type":["string","null"]},"system_state_snapshot":{"type":"object","additionalProperties":{}},"revoked_at":{"type":["string","null"]},"revoked_reason":{"type":["string","null"]},"created_at":{"type":"string"}},"required":["id","system_id","org_id","reviewer_user_id","reviewed_at","review_status","notes","system_state_snapshot","revoked_at","revoked_reason","created_at"]},"ReviewSignRequest":{"type":"object","properties":{"notes":{"type":"string","maxLength":2000}}},"ReviewApproveRequest":{"type":"object","properties":{"reviewId":{"type":"string","format":"uuid"},"notes":{"type":"string","maxLength":2000}},"required":["reviewId"]},"ReviewRevokeRequest":{"type":"object","properties":{"reason":{"type":"string","minLength":1,"maxLength":2000}},"required":["reason"]},"ReviewSignedResponse":{"type":"object","properties":{"reviewId":{"type":"string","format":"uuid"},"snapshot":{"type":"object","additionalProperties":{}}},"required":["reviewId","snapshot"]},"ObligationStatus":{"type":"string","enum":["blocked","needs_classification","missing_controls","missing_evidence","in_progress","ready","screened"]},"Obligation":{"type":"object","properties":{"id":{"type":"string"},"title":{"type":"string"},"article":{"type":"string"},"description":{"type":"string"},"whyApplies":{"type":"string"},"status":{"$ref":"#/components/schemas/ObligationStatus"},"statusLabel":{"type":"string"},"priority":{"type":"string","enum":["critical","high","medium","low"]},"categories":{"type":"array","items":{"type":"string"}},"evidenceExamples":{"type":"array","items":{"type":"string"}},"documentKeys":{"type":"array","items":{"type":"string"}},"availableControls":{"type":"integer","minimum":0},"assignedControls":{"type":"integer","minimum":0},"completeControls":{"type":"integer","minimum":0},"evidenceCount":{"type":"integer","minimum":0},"generatedDocuments":{"type":"integer","minimum":0},"missingDocumentKeys":{"type":"array","items":{"type":"string"}},"missingDocumentTitles":{"type":"array","items":{"type":"string"}},"assignedControlTitles":{"type":"array","items":{"type":"string"}},"primaryHref":{"type":"string"},"primaryCta":{"type":"string"}},"required":["id","title","article","description","whyApplies","status","statusLabel","priority","categories","evidenceExamples","documentKeys","availableControls","assignedControls","completeControls","evidenceCount","generatedDocuments","missingDocumentKeys","missingDocumentTitles","assignedControlTitles","primaryHref","primaryCta"]},"Document":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"ai_system_id":{"type":"string","format":"uuid"},"template_key":{"type":"string"},"title":{"type":"string"},"body":{"type":"string"},"version":{"type":"integer","exclusiveMinimum":0},"created_by":{"type":"string","format":"uuid"},"created_at":{"type":"string"}},"required":["id","org_id","ai_system_id","template_key","title","version","created_by","created_at"]},"DocumentGenerateRequest":{"type":"object","properties":{"template_key":{"type":"string","minLength":1}},"required":["template_key"]},"AuditLogEntry":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"actor_id":{"type":"string","format":"uuid"},"actor_email":{"type":["string","null"]},"action":{"type":"string"},"entity_type":{"type":"string"},"entity_id":{"type":"string"},"metadata":{"type":["object","null"],"additionalProperties":{}},"created_at":{"type":"string"}},"required":["id","org_id","actor_id","actor_email","action","entity_type","entity_id","metadata","created_at"]},"LiteracyRecord":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"requirement_id":{"type":"string","format":"uuid"},"user_id":{"type":"string","format":"uuid"},"employee_name":{"type":"string"},"employee_email":{"type":["string","null"]},"completed_at":{"type":"string"},"expires_at":{"type":["string","null"]},"certificate_url":{"type":["string","null"]},"notes":{"type":["string","null"]},"recorded_by":{"type":"string","format":"uuid"},"competency_assessment_score":{"type":["number","null"]},"competency_assessment_at":{"type":["string","null"]},"signed_off_by":{"type":["string","null"],"format":"uuid"},"signed_off_at":{"type":["string","null"]},"created_at":{"type":"string"}},"required":["id","org_id","requirement_id","user_id","employee_name","employee_email","completed_at","expires_at","certificate_url","notes","recorded_by","competency_assessment_score","competency_assessment_at","signed_off_by","signed_off_at","created_at"]},"MonthlyReviewData":{"type":"object","properties":{"periodLabel":{"type":"string"},"generatedAtLabel":{"type":"string"},"portfolioScore":{"type":"number"},"portfolioStatus":{"type":"string"},"portfolioDetail":{"type":"string"},"metrics":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewMetric"}},"changedThisMonth":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"newSystems":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"unresolvedBlockers":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"evidenceGaps":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"documentPacks":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"leadershipDecisions":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"openSeriousIncidents":{"type":"array","items":{"$ref":"#/components/schemas/MonthlyReviewItem"}},"nextActions":{"type":"array","items":{"$ref":"#/components/schemas/ReadinessAction"}},"summaryLines":{"type":"array","items":{"type":"string"}}},"required":["periodLabel","generatedAtLabel","portfolioScore","portfolioStatus","portfolioDetail","metrics","changedThisMonth","newSystems","unresolvedBlockers","evidenceGaps","documentPacks","leadershipDecisions","openSeriousIncidents","nextActions","summaryLines"]},"MonthlyReviewMetric":{"type":"object","properties":{"label":{"type":"string"},"value":{"type":"string"},"detail":{"type":"string"}},"required":["label","value","detail"]},"MonthlyReviewItem":{"type":"object","properties":{"id":{"type":"string"},"title":{"type":"string"},"detail":{"type":"string"},"href":{"type":"string"},"severity":{"type":"string","enum":["critical","high","medium","low"]},"systemName":{"type":"string"},"dateLabel":{"type":"string"}},"required":["id","title","detail","href","severity"]},"ReadinessAction":{"type":"object","properties":{"id":{"type":"string"},"priority":{"$ref":"#/components/schemas/ReadinessPriority"},"title":{"type":"string"},"detail":{"type":"string"},"href":{"type":"string"},"cta":{"type":"string"},"systemId":{"type":"string"},"systemName":{"type":"string"}},"required":["id","priority","title","detail","href","cta"]},"ReadinessPriority":{"type":"string","enum":["critical","high","medium","low"]},"ReadinessScore":{"type":"object","properties":{"score":{"type":"number"},"statusLabel":{"type":"string"},"statusDetail":{"type":"string"}},"required":["score","statusLabel","statusDetail"]},"PacketState":{"type":"string"},"SystemReadiness":{"type":"object","properties":{"systemId":{"type":"string"},"systemName":{"type":"string"},"score":{"type":"number"},"status":{"$ref":"#/components/schemas/ConfidenceStatus"},"statusLabel":{"type":"string"},"statusDetail":{"type":"string"},"profileScore":{"type":"number"},"classificationScore":{"type":"number"},"controlsScore":{"type":"number"},"evidenceScore":{"type":"number"},"documentsScore":{"type":"number"},"blockers":{"type":"array","items":{"type":"string"}},"nextActions":{"type":"array","items":{"$ref":"#/components/schemas/ReadinessAction"}},"evidenceGaps":{"type":"array","items":{"$ref":"#/components/schemas/EvidenceGap"}},"documentCompleteness":{"$ref":"#/components/schemas/DocumentCompleteness"},"metrics":{"type":"object","properties":{"assignments":{"type":"integer","minimum":0},"completeAssignments":{"type":"integer","minimum":0},"evidenceItems":{"type":"integer","minimum":0},"controlsWithEvidence":{"type":"integer","minimum":0},"overdueAssignments":{"type":"integer","minimum":0},"missingOwners":{"type":"integer","minimum":0}},"required":["assignments","completeAssignments","evidenceItems","controlsWithEvidence","overdueAssignments","missingOwners"]}},"required":["systemId","systemName","score","status","statusLabel","statusDetail","profileScore","classificationScore","controlsScore","evidenceScore","documentsScore","blockers","nextActions","evidenceGaps","documentCompleteness","metrics"]},"ConfidenceStatus":{"type":"string","enum":["ready","needs_review","blocked","at_risk"]},"EvidenceGap":{"type":"object","properties":{"assignmentId":{"type":"string"},"controlTitle":{"type":"string"},"category":{"type":"string"},"frameworkRef":{"type":["string","null"]},"status":{"type":"string","enum":["missing","stale","covered"]},"evidenceCount":{"type":"integer","minimum":0},"lastEvidenceAt":{"type":["string","null"]},"suggestedEvidence":{"type":"array","items":{"type":"string"}},"systemId":{"type":"string"},"systemName":{"type":"string"}},"required":["assignmentId","controlTitle","category","frameworkRef","status","evidenceCount","lastEvidenceAt","suggestedEvidence"]},"DocumentCompleteness":{"type":"object","properties":{"score":{"type":"number"},"generated":{"type":"integer","minimum":0},"total":{"type":"integer","minimum":0},"generatedTemplateKeys":{"type":"array","items":{"type":"string"}},"missingCount":{"type":"integer","minimum":0},"warnings":{"type":"array","items":{"type":"string"}},"readyLabel":{"type":"string"}},"required":["score","generated","total","generatedTemplateKeys","missingCount","warnings","readyLabel"]},"PortfolioReadiness":{"type":"object","properties":{"score":{"type":"number"},"statusLabel":{"type":"string"},"statusDetail":{"type":"string"},"systems":{"type":"array","items":{"$ref":"#/components/schemas/SystemReadiness"}},"nextActions":{"type":"array","items":{"$ref":"#/components/schemas/ReadinessAction"}},"metrics":{"type":"object","properties":{"totalSystems":{"type":"integer","minimum":0},"classifiedSystems":{"type":"integer","minimum":0},"highRiskSystems":{"type":"integer","minimum":0},"unacceptableSystems":{"type":"integer","minimum":0},"totalAssignments":{"type":"integer","minimum":0},"completeAssignments":{"type":"integer","minimum":0},"evidenceItems":{"type":"integer","minimum":0},"systemsWithEvidence":{"type":"integer","minimum":0},"trainingCurrent":{"type":"integer","minimum":0},"trainingRequirements":{"type":"integer","minimum":0}},"required":["totalSystems","classifiedSystems","highRiskSystems","unacceptableSystems","totalAssignments","completeAssignments","evidenceItems","systemsWithEvidence","trainingCurrent","trainingRequirements"]},"execSummary":{"type":"array","items":{"type":"string"}},"monthlyReview":{"type":"array","items":{"type":"string"}}},"required":["score","statusLabel","statusDetail","systems","nextActions","metrics","execSummary","monthlyReview"]},"AuditLogList":{"type":"array","items":{"$ref":"#/components/schemas/AuditLogEntry"}},"ControlList":{"type":"array","items":{"$ref":"#/components/schemas/Control"}},"EvidenceGapList":{"type":"array","items":{"$ref":"#/components/schemas/EvidenceGap"}},"LiteracyList":{"type":"array","items":{"$ref":"#/components/schemas/LiteracyRecord"}},"LiteracyCreateRequest":{"type":"object","properties":{"requirement_id":{"type":"string","format":"uuid"},"employee_name":{"type":"string","minLength":1,"maxLength":200},"employee_email":{"type":"string","maxLength":200,"format":"email"},"completed_at":{"type":"string","format":"date-time"},"certificate_url":{"type":"string","maxLength":500,"format":"uri"},"notes":{"type":"string","maxLength":2000},"competency_assessment_score":{"type":"number","minimum":0,"maximum":100},"competency_assessment_at":{"type":"string","format":"date-time"},"signed_off_by":{"type":"string","format":"uuid"},"signed_off_at":{"type":"string","format":"date-time"},"user_id":{"type":"string","format":"uuid"}},"required":["requirement_id","employee_name","completed_at"]},"LiteracyUpdateRequest":{"type":"object","properties":{"competency_assessment_score":{"type":["number","null"],"minimum":0,"maximum":100},"competency_assessment_at":{"type":["string","null"],"format":"date-time"},"signed_off_by":{"type":["string","null"],"format":"uuid"},"signed_off_at":{"type":["string","null"],"format":"date-time"},"notes":{"type":["string","null"],"maxLength":2000},"certificate_url":{"type":["string","null"],"maxLength":500,"format":"uri"}}},"SystemList":{"type":"array","items":{"$ref":"#/components/schemas/SystemSummary"}},"ClassifyResponse":{"type":"object","properties":{"systemId":{"type":"string","format":"uuid"},"tier":{"$ref":"#/components/schemas/RiskTier"},"rationale":{"type":"string"},"assignedCount":{"type":"integer","minimum":0},"warnings":{"type":"array","items":{"type":"string"}}},"required":["systemId","tier","rationale","assignedCount"]},"ControlAssignmentList":{"type":"array","items":{"$ref":"#/components/schemas/ControlAssignment"}},"DocumentList":{"type":"array","items":{"$ref":"#/components/schemas/Document"}},"EvidenceList":{"type":"array","items":{"$ref":"#/components/schemas/Evidence"}},"SeriousIncidentList":{"type":"array","items":{"$ref":"#/components/schemas/SeriousIncident"}},"SeriousIncident":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"ai_system_id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"status":{"type":"string","enum":["draft","assessing_causal_link","reportable","reported","closed"]},"severity":{"type":"string","enum":["death","widespread_or_critical_infra","general"]},"occurred_at":{"type":"string"},"became_aware_at":{"type":"string"},"causal_link_established_at":{"type":["string","null"]},"reported_at":{"type":["string","null"]},"deadline_at":{"type":"string"},"description":{"type":"string"},"authorities_notified":{"type":"array","items":{"type":"string"}},"created_by":{"type":["string","null"],"format":"uuid"},"created_at":{"type":"string"},"updated_at":{"type":"string"}},"required":["id","ai_system_id","status","severity","occurred_at","became_aware_at","causal_link_established_at","reported_at","deadline_at","description","authorities_notified","created_at","updated_at"]},"SeriousIncidentCreated":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"deadline_at":{"type":"string"}},"required":["id","deadline_at"]},"SeriousIncidentCreateRequest":{"type":"object","properties":{"severity":{"type":"string","enum":["death","widespread_or_critical_infra","general"]},"occurred_at":{"type":"string"},"became_aware_at":{"type":"string"},"description":{"type":"string","minLength":1,"maxLength":10000}},"required":["severity","occurred_at","became_aware_at","description"]},"SeriousIncidentTransitionOk":{"type":"object","properties":{"ok":{"type":"boolean","enum":[true]}},"required":["ok"]},"SeriousIncidentCloseOk":{"type":"object","properties":{"ok":{"type":"boolean","enum":[true]}},"required":["ok"]},"SeriousIncidentCloseRequest":{"type":"object","properties":{"reason":{"type":"string","minLength":1,"maxLength":2000}}},"SeriousIncidentReportOk":{"type":"object","properties":{"ok":{"type":"boolean","enum":[true]}},"required":["ok"]},"SeriousIncidentMarkReportedRequest":{"type":"object","properties":{"authorities_notified":{"type":"array","items":{"type":"string","minLength":1,"maxLength":500},"minItems":1}},"required":["authorities_notified"]},"MonitoringReviewList":{"type":"array","items":{"$ref":"#/components/schemas/MonitoringReview"}},"MonitoringReview":{"type":"object","properties":{"id":{"type":"string","format":"uuid"},"ai_system_id":{"type":"string","format":"uuid"},"org_id":{"type":"string","format":"uuid"},"reviewed_at":{"type":"string"},"reviewed_by":{"type":["string","null"],"format":"uuid"},"reviewed_by_email":{"type":["string","null"]},"period_start":{"type":"string"},"period_end":{"type":"string"},"metrics_observed":{},"findings":{"type":["string","null"]},"actions_taken":{"type":["string","null"]},"next_review_due":{"type":["string","null"]},"created_at":{"type":"string"}},"required":["id","ai_system_id","reviewed_at","reviewed_by","reviewed_by_email","period_start","period_end","findings","actions_taken","next_review_due","created_at"]},"MonitoringReviewCreated":{"type":"object","properties":{"id":{"type":"string","format":"uuid"}},"required":["id"]},"MonitoringReviewCreateRequest":{"type":"object","properties":{"period_start":{"type":"string","pattern":"^\\d{4}-\\d{2}-\\d{2}$"},"period_end":{"type":"string","pattern":"^\\d{4}-\\d{2}-\\d{2}$"},"findings":{"type":"string","maxLength":10000},"actions_taken":{"type":"string","maxLength":10000},"next_review_due":{"type":"string","pattern":"^\\d{4}-\\d{2}-\\d{2}$"},"metrics_observed":{"type":"object","additionalProperties":{}}},"required":["period_start","period_end"]},"ObligationList":{"type":"array","items":{"$ref":"#/components/schemas/Obligation"}},"ReviewRevokeResponse":{"type":"object","properties":{"revoked":{"type":"integer","minimum":0}},"required":["revoked"]}},"parameters":{}},"paths":{"/audit-log":{"get":{"operationId":"auditLog.list","summary":"List audit log entries","description":"Returns audit log entries for the org, filterable by action and entity_type, paginated.","tags":["Audit Log"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"integer","minimum":1,"maximum":200,"default":50},"required":false,"name":"limit","in":"query"},{"schema":{"type":["integer","null"],"minimum":0,"default":0},"required":false,"name":"offset","in":"query"},{"schema":{"type":"string"},"required":false,"name":"action","in":"query"},{"schema":{"type":"string"},"required":false,"name":"entity_type","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/AuditLogList"},"pagination":{"$ref":"#/components/schemas/PaginationMeta"}},"required":["data","pagination"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/controls":{"get":{"operationId":"controls.list","summary":"List org control library","description":"Returns the full control catalog for the authenticated organization, paginated by creation order within category and title.","tags":["Controls"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"integer","minimum":1,"maximum":200,"default":50},"required":false,"name":"limit","in":"query"},{"schema":{"type":["integer","null"],"minimum":0,"default":0},"required":false,"name":"offset","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ControlList"},"pagination":{"$ref":"#/components/schemas/PaginationMeta"}},"required":["data","pagination"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/evidence-gaps":{"get":{"operationId":"evidenceGaps.list","summary":"List evidence gaps across the portfolio","description":"Enumerates every open evidence gap across all AI systems in the org. Each gap is decorated with the owning systemId and systemName.","tags":["Evidence"],"security":[{"ApiKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/EvidenceGapList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/literacy":{"get":{"operationId":"literacy.list","summary":"List AI literacy training records","description":"Training records for Article 4 literacy compliance.","tags":["Literacy"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"integer","minimum":1,"maximum":200,"default":50},"required":false,"name":"limit","in":"query"},{"schema":{"type":["integer","null"],"minimum":0,"default":0},"required":false,"name":"offset","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/LiteracyList"},"pagination":{"$ref":"#/components/schemas/PaginationMeta"}},"required":["data","pagination"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"literacy.create","summary":"Log a training completion","description":"Records a training completion against an existing literacy requirement. Set competency_assessment_score and signed_off_by to have the record count toward Art. 4 readiness; omit them to leave the record pending sign-off.","tags":["Literacy"],"security":[{"ApiKey":[]}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/LiteracyCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/LiteracyRecord"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/literacy/{id}":{"put":{"operationId":"literacy.update","summary":"Update a training record","description":"Updates competency and sign-off fields on an existing training record. Used to back-fill sign-off after a record was logged (Art. 4 readiness gate) or to correct notes, certificate URLs, and expiry-related fields.","tags":["Literacy"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/LiteracyUpdateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/LiteracyRecord"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/monthly-review":{"get":{"operationId":"monthlyReview.get","summary":"Get monthly review report","description":"Returns the canonical monthly review report: period summary, metrics, new systems, blockers, evidence gaps, document packs, leadership decisions, and next actions. Defaults to month-to-date when `month` is omitted; pass `month=YYYY-MM` to request a historical month.","tags":["Monthly Review"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","pattern":"^\\d{4}-\\d{2}$"},"required":false,"name":"month","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MonthlyReviewData"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/readiness":{"get":{"operationId":"readiness.portfolio","summary":"Portfolio-level readiness snapshot","description":"Returns aggregated readiness for the org: counts per tier, counts per packet state, and overall portfolio score.","tags":["Readiness"],"security":[{"ApiKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/PortfolioReadiness"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems":{"get":{"operationId":"systems.list","summary":"List AI systems","description":"Returns all AI systems in the org, ordered by creation date (newest first).","tags":["Systems"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"integer","minimum":1,"maximum":200,"default":50},"required":false,"name":"limit","in":"query"},{"schema":{"type":["integer","null"],"minimum":0,"default":0},"required":false,"name":"offset","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemList"},"pagination":{"$ref":"#/components/schemas/PaginationMeta"}},"required":["data","pagination"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.create","summary":"Create a new AI system","description":"Registers an AI system in the org inventory. Subject to plan limits.","tags":["Systems"],"security":[{"ApiKey":[]}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SystemCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemCreatedResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}":{"get":{"operationId":"systems.get","summary":"Get an AI system by ID","tags":["Systems"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemSummary"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"put":{"operationId":"systems.update","summary":"Update an AI system","tags":["Systems"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SystemUpdateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemSummary"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"delete":{"operationId":"systems.delete","summary":"Delete an AI system","description":"Deletes the system and cascades to related controls, evidence, documents, and reviews.","tags":["Systems"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"204":{"description":"No Content"},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/classify":{"post":{"operationId":"systems.classify","summary":"Classify a system's risk tier","description":"Applies the risk classification and cascades: auto-assigns the applicable control set and revokes any prior tier-dependent reviews.","tags":["Systems"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"tier":{"type":"string","enum":["unacceptable","high","limited","minimal"]},"rationale":{"type":"string","maxLength":5000}},"required":["tier"]}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ClassifyResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/controls":{"get":{"operationId":"systems.controls.list","summary":"List controls assigned to a system","tags":["Systems","Controls"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ControlAssignmentList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.controls.assign","summary":"Assign a control to a system","tags":["Systems","Controls"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ControlAssignRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ControlAssignment"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/controls/{assignmentId}":{"put":{"operationId":"systems.controls.update","summary":"Update a control assignment","tags":["Systems","Controls"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"assignmentId","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ControlAssignmentUpdate"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ControlAssignment"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"delete":{"operationId":"systems.controls.remove","summary":"Remove a control assignment","tags":["Systems","Controls"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"assignmentId","in":"path"}],"responses":{"204":{"description":"No Content"},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/documents":{"get":{"operationId":"systems.documents.list","summary":"List generated documents for a system","tags":["Systems","Documents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/DocumentList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.documents.generate","summary":"Generate a document from a template","tags":["Systems","Documents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/DocumentGenerateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Document"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/evidence":{"get":{"operationId":"systems.evidence.list","summary":"List evidence for a system","tags":["Systems","Evidence"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"integer","minimum":1,"maximum":200,"default":50},"required":false,"name":"limit","in":"query"},{"schema":{"type":["integer","null"],"minimum":0,"default":0},"required":false,"name":"offset","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/EvidenceList"},"pagination":{"$ref":"#/components/schemas/PaginationMeta"}},"required":["data","pagination"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.evidence.create","summary":"Add evidence to a system (link or text)","description":"File uploads are not yet supported via API; use link or text evidence.","tags":["Systems","Evidence"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EvidenceCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/EvidenceCreatedResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/evidence/{evidenceId}":{"put":{"operationId":"systems.evidence.update","summary":"Update evidence","tags":["Systems","Evidence"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"evidenceId","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/EvidenceUpdateRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/Evidence"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"delete":{"operationId":"systems.evidence.delete","summary":"Delete evidence","tags":["Systems","Evidence"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"evidenceId","in":"path"}],"responses":{"204":{"description":"No Content"},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/evidence/{evidenceId}/verify":{"post":{"operationId":"systems.evidence.verify","summary":"Mark evidence as freshly verified","description":"Sets verified_at to now and verified_by to the API key creator. Clears any `stale` state on the evidence.","tags":["Systems","Evidence"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"evidenceId","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/EvidenceVerifiedResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/incidents":{"get":{"operationId":"systems.incidents.list","summary":"List Art. 73 serious incidents for a system","description":"Pass `?status=draft|assessing_causal_link|reportable|reported|closed` to narrow the list to a single state.","tags":["Systems","Incidents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","enum":["draft","assessing_causal_link","reportable","reported","closed"]},"required":false,"name":"status","in":"query"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SeriousIncidentList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.incidents.create","summary":"Log an Art. 73 serious incident","description":"The outer deadline clock is computed server-side from severity + became_aware_at using the Art. 73 truth table (15 / 10 / 2 days). The Art. 73(7) immediately obligation activates separately when the causal link is established via the causal-link endpoint.","tags":["Systems","Incidents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SeriousIncidentCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SeriousIncidentCreated"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/incidents/{incidentId}/causal-link":{"post":{"operationId":"systems.incidents.establishCausalLink","summary":"Establish the causal link for a serious incident (Art. 73(7))","description":"Transitions the incident from draft / assessing_causal_link to reportable and stamps causal_link_established_at. The Art. 73(7) immediately obligation activates; the outer Art. 73 deadline clock continues until /report.","tags":["Systems","Incidents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"incidentId","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SeriousIncidentTransitionOk"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/incidents/{incidentId}/close":{"post":{"operationId":"systems.incidents.close","summary":"Close a serious incident","description":"Transitions the incident to `closed`. Per the migration, mistaken or withdrawn incidents should be closed rather than deleted so the record survives audit. Closing is idempotent — a second call on an already-closed incident returns 200 with no further mutation.","tags":["Systems","Incidents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"incidentId","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SeriousIncidentCloseRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SeriousIncidentCloseOk"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/incidents/{incidentId}/report":{"post":{"operationId":"systems.incidents.markReported","summary":"Record that a serious incident has been reported to authorities","description":"Transitions the incident to `reported` and stamps reported_at. Requires the causal link to have been established first (Art. 73(7)). Authorities_notified replaces any prior list.","tags":["Systems","Incidents"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"},{"schema":{"type":"string","format":"uuid"},"required":true,"name":"incidentId","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SeriousIncidentMarkReportedRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SeriousIncidentReportOk"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/monitoring-reviews":{"get":{"operationId":"systems.monitoringReviews.list","summary":"List Art. 72 monitoring reviews for a system","tags":["Systems","Monitoring"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MonitoringReviewList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}},"post":{"operationId":"systems.monitoringReviews.create","summary":"Log an Art. 72 monitoring review","description":"Records one monitoring review against the system's post-market monitoring plan. period_end must be on or after period_start.","tags":["Systems","Monitoring"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/MonitoringReviewCreateRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/MonitoringReviewCreated"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/obligations":{"get":{"operationId":"systems.obligations","summary":"Get obligation map for a system","description":"Returns the computed obligation map for a system based on its risk tier, with status per obligation.","tags":["Systems","Obligations"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ObligationList"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/readiness":{"get":{"operationId":"systems.readiness","summary":"Get readiness snapshot for a system","tags":["Systems","Readiness"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemReadiness"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/reviews/approve":{"post":{"operationId":"systems.reviews.approve","summary":"Approve a reviewed system for internal use","description":"Upgrades a specific 'reviewed' review to 'approved' by review ID. Does not create a new row — mutates the exact record identified by reviewId.","tags":["Systems","Reviews"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ReviewApproveRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/SystemReview"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/reviews/revoke":{"post":{"operationId":"systems.reviews.revoke","summary":"Revoke all active reviews on a system","description":"Marks every active review on the system as revoked with the supplied reason.","tags":["Systems","Reviews"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ReviewRevokeRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ReviewRevokeResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}},"/systems/{id}/reviews/sign":{"post":{"operationId":"systems.reviews.sign","summary":"Sign off on a system packet (reviewed)","description":"Captures a snapshot of the system's controls/evidence/documents state, revokes prior active reviews, and inserts a new 'reviewed' review.","tags":["Systems","Reviews"],"security":[{"ApiKey":[]}],"parameters":[{"schema":{"type":"string","format":"uuid"},"required":true,"name":"id","in":"path"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ReviewSignRequest"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"$ref":"#/components/schemas/ReviewSignedResponse"}},"required":["data"]}}}},"400":{"description":"Invalid input","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"401":{"description":"Unauthenticated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorEnvelope"}}}}}}}},"webhooks":{}}