mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-10 22:33:48 +02:00
2.4 KiB
2.4 KiB
API Reference
CyberStrikeAI exposes built-in OpenAPI docs:
/api-docs
GET /api/openapi/spec
The OpenAPI spec is protected to avoid exposing the API surface to unauthenticated users.
Authentication
Login:
POST /api/auth/login
Content-Type: application/json
{"password":"your-password"}
The auth middleware accepts token from:
Authorization: Bearer <token>Authorization: <token>?token=<token>auth_tokencookie
Prefer Authorization: Bearer for scripts. Query tokens can leak through logs.
Agent APIs
Single-agent:
POST /api/eino-agentPOST /api/eino-agent/stream
Multi-agent:
POST /api/multi-agentPOST /api/multi-agent/stream
orchestration may be deep, plan_execute, or supervisor.
SSE Notes
Streaming endpoints are long-lived. Clients should:
- handle
errorevents; - wait for
done; - avoid blindly replaying destructive requests;
- disable proxy buffering;
- pass
conversationIdwhen continuing a conversation.
Stability Tiers
| API type | Stability | Recommendation |
|---|---|---|
/api/auth/* |
high | safe to integrate |
/api/eino-agent* |
high | preferred chat entry |
/api/openapi/spec |
high | client generation |
/api/config* |
medium | admin automation only |
/api/c2/*, /api/webshell/* |
medium | high-risk, restrict access |
| frontend private calls | low | avoid plugin dependency |
Common Areas
- Conversations:
/api/conversations - Projects/facts:
/api/projects - Vulnerabilities:
/api/vulnerabilities - Knowledge:
/api/knowledge/* - Roles:
/api/roles - Skills:
/api/skills - External MCP:
/api/external-mcp - Monitoring:
/api/monitor - Audit:
/api/audit - C2:
/api/c2 - WebShell:
/api/webshell
Curl Example
curl -k https://127.0.0.1:8080/api/conversations \
-H "Authorization: Bearer <token>"
curl -k https://127.0.0.1:8080/api/eino-agent \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"message":"Run authorized basic recon against 127.0.0.1; avoid high-risk actions."}'
Source Anchors
- Routes:
internal/app/app.go - Auth middleware:
internal/security/auth_middleware.go - OpenAPI:
internal/handler/openapi.go - Single-agent:
internal/handler/eino_single_agent.go - Multi-agent:
internal/handler/multi_agent.go