Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/samkit511/SAW---Security-Analyst-Workspace/llms.txt

Use this file to discover all available pages before exploring further.

SAW exposes three unauthenticated read-only endpoints for monitoring and orchestration purposes. Use /health for liveness probes, /warmup for readiness probes, and /latest to inspect the most recently processed incident without sending a new log.

GET /health

Returns {"status": "ok"} as soon as the FastAPI process is accepting connections. No authentication is required. This endpoint is safe to poll at high frequency. 
curl https://your-saw-host/health
Response 
{
  "status": "ok"
}
status
string
required
Always "ok" when the process is alive and the HTTP server is accepting requests.

GET /warmup

Returns {"status": "ready"} once the application has finished initializing. No authentication is required. Use this endpoint as a Kubernetes readiness probe or a container health check in Docker Compose. 
curl https://your-saw-host/warmup
Response 
{
  "status": "ready"
}
status
string
required
Always "ready" when the application layer is initialized and ready to accept triage requests.

GET /latest

Returns the full decorated response object of the most recently processed incident. No authentication is required. The response is identical in shape to a POST /ingest-log or POST /assistant/request success response, making this endpoint useful for dashboards and polling integrations that do not want to re-submit a log. If no incident has been processed since the server started, the response is an empty object {}. 
curl https://your-saw-host/latest
Response 
{
  "system_name": "Multi-Agent Security Operations Assistant",
  "request_id": "req_4a1b2c3d4e5f",
  "incident_id": "inc_7f8e9d0c1b2a",
  "request_type": "log_triage",
  "summary": "SQL Injection detected (Risk: 2.34) -> Decision: EXECUTE -> Mitigation applied to 192.168.1.55.",
  "agent_summary": [
    "DetectionAgent identified SQL Injection using deterministic with deterministic proof.",
    "RiskAgent kept deterministic authority and selected EXECUTE.",
    "MitigationAgent applied 2 control-plane action(s).",
    "AuditAgent persisted the incident workspace, task state, and agent collaboration trail."
  ],
  "workflow_status": "COMPLETED",
  "meta": {
    "trace_id": "req_4a1b2c3d4e5f",
    "schema_version": "2.0.0",
    "timestamp": 1748124800.123
  }
}
system_name
string
Human-readable name of the SAW system ("Multi-Agent Security Operations Assistant").
request_id
string
Unique request identifier prefixed with req_.
incident_id
string
Unique identifier of the incident record created or updated by this request.
workflow_status
string
"COMPLETED" if all agents succeeded, "DEGRADED" if one or more agents failed during orchestration.
agent_summary
string[]
One sentence per agent describing what each agent did.
meta
object
Metadata block added by the response decorator.
/latest is served from an in-memory store and is reset when the server restarts. It is not persisted to the database.

Build docs developers (and LLMs) love

Get started for freeTalk to us