Skip to main content
GET
https://api-production-56df.up.railway.app
/
scores
/
event
/
{event_id}
curl -X GET "https://api-production-56df.up.railway.app/scores/event/evt_a1b2c3d4-5678-9012-abcd-ef3456789012" \
  -H "X-API-Key: your-api-key"

{
  "event_id": "evt_a1b2c3d4-5678-9012-abcd-ef3456789012",
  "status": "scored",
  "score": 62,
  "risk_level": "medium",
  "reasoning": "Agent created a pull request to a high-sensitivity repository (payments-service, sensitivity 3) and accessed a field classified as 'secret' (api_key). The action sequence is consistent with a legitimate code fix workflow, but the secret field access elevates the risk.",
  "violations": [
    "secret_field_access_in_pr"
  ],
  "scoring_source": "graph",
  "compliance_refs": [
    "EU_AI_Act:Article_14",
    "SOC2:CC6.1",
    "ISO_27001:A.9.4.1"
  ],
  "mitigations": [
    "Ensure api_key is not included in committed code or PR diff",
    "Require human review before merging to sensitive repositories",
    "Enable secret scanning on the repository"
  ],
  "score_components": [
    {"rule": "sensitivity_level_check", "contribution": 25},
    {"rule": "secret_field_access", "contribution": 20},
    {"rule": "pr_to_main_branch", "contribution": 10},
    {"rule": "session_action_coherence", "contribution": 7}
  ],
  "behavioral_flags": [],
  "graph_score": 62,
  "llm_score": null,
  "llm_fallback": false,
  "score_decomposition": {
    "graph_weight": 1.0,
    "llm_weight": 0.0,
    "gnn_weight": 0.0,
    "final": 62
  },
  "gnn_score": null,
  "confidence": 0.91,
  "rule_score": 62,
  "scorer_version": "2.4.1"
}
Requires X-API-Key header for authentication.

Path Parameters

event_id
string
required
UUID of the event whose score detail to retrieve.

Response

event_id
string
The event identifier.
status
string
Processing status: scored, pending, or failed.
score
integer
Overall risk score from 0 to 100.
risk_level
string
Risk level: none, low, medium, high, or critical.
reasoning
string
Natural language explanation of why this score was assigned.
violations
array
List of detected policy or compliance violations.
scoring_source
string
Which scoring engine produced the result: graph, llm, or hybrid.
compliance_refs
array
References to compliance framework articles relevant to this event.
mitigations
array
Recommended mitigation actions.
score_components
array
Breakdown of individual scoring rule contributions.
behavioral_flags
array
Behavioral anomalies detected from session context.
graph_score
number
Score from the graph-based rule engine (0-100).
llm_score
number
Score from the LLM scorer, if invoked. null otherwise.
llm_fallback
boolean
Whether the LLM was called due to low graph confidence.
score_decomposition
object
Detailed breakdown of how the final score was composed.
gnn_score
number
GNN co-processor score, if enabled. null otherwise.
confidence
number
Confidence level of the scoring result (0.0 to 1.0).
rule_score
number
Raw score from the deterministic rule engine.
scorer_version
string
Version of the scoring engine that produced this result.
curl -X GET "https://api-production-56df.up.railway.app/scores/event/evt_a1b2c3d4-5678-9012-abcd-ef3456789012" \
  -H "X-API-Key: your-api-key"

{
  "event_id": "evt_a1b2c3d4-5678-9012-abcd-ef3456789012",
  "status": "scored",
  "score": 62,
  "risk_level": "medium",
  "reasoning": "Agent created a pull request to a high-sensitivity repository (payments-service, sensitivity 3) and accessed a field classified as 'secret' (api_key). The action sequence is consistent with a legitimate code fix workflow, but the secret field access elevates the risk.",
  "violations": [
    "secret_field_access_in_pr"
  ],
  "scoring_source": "graph",
  "compliance_refs": [
    "EU_AI_Act:Article_14",
    "SOC2:CC6.1",
    "ISO_27001:A.9.4.1"
  ],
  "mitigations": [
    "Ensure api_key is not included in committed code or PR diff",
    "Require human review before merging to sensitive repositories",
    "Enable secret scanning on the repository"
  ],
  "score_components": [
    {"rule": "sensitivity_level_check", "contribution": 25},
    {"rule": "secret_field_access", "contribution": 20},
    {"rule": "pr_to_main_branch", "contribution": 10},
    {"rule": "session_action_coherence", "contribution": 7}
  ],
  "behavioral_flags": [],
  "graph_score": 62,
  "llm_score": null,
  "llm_fallback": false,
  "score_decomposition": {
    "graph_weight": 1.0,
    "llm_weight": 0.0,
    "gnn_weight": 0.0,
    "final": 62
  },
  "gnn_score": null,
  "confidence": 0.91,
  "rule_score": 62,
  "scorer_version": "2.4.1"
}