Core API Endpoints

• POST /api/v1/scan — create a scan run.
• GET /api/v1/scan/:id — get run status and artifacts.
• GET /api/v1/scan/:id/diffs — list detected diffs.
• POST /api/v1/approve-baseline — approve a completed run as baseline.
• POST /api/internal/slack/notify — internal endpoint to dispatch Slack notifications.

Rate limit and retries

API rate limit headers are returned for authenticated requests (100 requests/minute). The GitHub action polls with exponential backoff and retries until timeout.