API Overview
The backend is a FastAPI application defined in backend/main.py. It exposes 14 routers under a /api/ base path.
Base URL
/api/
Health Check
GET /api/health-check
Returns {"status": "ok", "service": "byoc-health-agent"}. No authentication required.
Authentication
All other endpoints require a valid JWT in the Authorization: Bearer <token> header. Tokens are issued by POST /api/auth/login.
CORS
CORS is enabled for all origins in development (*). In production, set CORS_ORIGINS in the environment to a comma-separated allowlist.
SPA Catch-All
Non-API GET requests fall through to frontend/dist/index.html for React Router client-side routing. Requests to /api/* that don't match a route return 404.
Routers
| # | Prefix | Tag | Description |
|---|---|---|---|
| 1 | /api/auth | auth | Login, logout, activation, current user |
| 2 | /api/health | health | Health scores, KPIs, enrichment, refresh |
| 3 | /api/issues | issues | Alert-based issue tracking (list, detail, update) |
| 4 | /api/risk | risk | Cluster risk snapshots and rules |
| 5 | /api/analysis | analysis | Breaking-point analysis, usage patterns, upgrades |
| 6 | /api/investigations | investigations | Autonomous agent investigation results |
| 7 | /api/chat | chat | AI assistant chat (Claude-powered) |
| 8 | /api/patrol | patrol | Fleet-wide AI patrol scan reports |
| 9 | /api/fleet | fleet | Unified fleet health scores and rules |
| 10 | /api/critical-clusters | critical-clusters | Top problematic clusters ranked by severity |
| 11 | /api/ai-issues | ai-issues | AI-grouped issues (backed by alerts.ai_issues) |
| 12 | /api/llm-usage | llm-usage | LLM token/cost monitoring (superadmin only) |
| 13 | /api/looker | looker | Looker embed session management |
| 14 | /api/settings | settings | Rules YAML, user management, audit log |