Agents API
All 31 ReguNav™ agents are exposed as deterministic, replayable HTTP endpoints. Same input + same dictionary version + same rule set = same output, every time.
Why deterministic?
Compliance is a regulator-defensible domain. "The model said so" is not a defense. Every agent decision can be replayed byte-for-byte with the input, dictionary version, and rule set used. ReguNav™ stores all three in the audit-trail.
Endpoints
| Path | Description |
|---|---|
| POST /v1/agents/classifier | EU AI Act Annex III + GPAI scoping. Classifies an AI system into minimal / limited / high-risk / prohibited / GPAI. |
| POST /v1/agents/framework-mapper | Cross-walk navigator. Given a control, identifies every framework it satisfies. |
| POST /v1/agents/evidence-compiler | Matches uploaded artefacts to controls + emits an evidence-pack. |
| POST /v1/agents/fria | EU AI Act Art. 27 fundamental-rights impact assessment authoring. |
| POST /v1/agents/incident-reporter | Regulator-shaped notification drafter for breach + AI incident + DORA major incident. |
| POST /v1/agents/training-curator | Personalised AI-literacy + role-specific compliance training plan. |
| POST /v1/agents/conformity-guide | Conformity-assessment dossier authoring for high-risk AI deployments. |
| POST /v1/agents/gpai-docs | Foundation-model provider Art. 53 disclosure pack. |
| POST /v1/agents/workflow-catalogue | Recommends + composes pre-baked workflows from the 20-workflow catalog. |
| POST /v1/agents/policy-steward | Drafts + version-controls + routes policies through approver chains. |
| POST /v1/agents/stakeholder-report | Picks the right report template per stakeholder + composes from McKinsey toolbox. |
| POST /v1/agents/analytics-insight | Surfaces drift, anomalies, and KPI trends from the analytics rail. |
| POST /v1/agents/bias-evaluator | Runs the bias-tester engine + writes a natural-language summary citing source clauses. |
| POST /v1/agents/red-team-attacker | Drives the red-team-evals engine across the 9-category corpus + reports robustness score. |
| POST /v1/agents/explainability-narrator | Renders SHAP/LIME/IG attributions into auditor-readable prose with clause citations. |
| POST /v1/agents/vendor-prefill-bot | End-to-end vendor-questionnaire pre-fill: ingests SIG/CAIQ → maps to evidence → emits prefilled response with gap list. |
| POST /v1/agents/risk-officer | Maintains the tenant risk register: ingests AI systems + vendors + findings + drift, computes ISO 31000 5×5 residual risk, surfaces top-N treatable risks, drafts treatment plans per ISO 27005. |
| POST /v1/agents/data-classifier | Applies the canonical data-classification dictionary (public / internal / confidential / restricted / regulated) to every asset; flags GDPR Art. 9 special-category data; emits retention floor + lawful-basis recommendation. |
| POST /v1/agents/data-mapper | Builds the data-concentration + flow map. Given the full asset inventory, surfaces where PII / PHI / regulated data is most concentrated, computes risk-weighted hotspots, draws store-to-store flow edges. The 'where is the data?' answer GDPR Art. 30 expects. |
| POST /v1/agents/dsar-handler | Triages incoming data-subject-access requests by jurisdiction (GDPR / UK GDPR / CCPA / LGPD / DPDP), uses the data-concentration map to enumerate every store the subject's data sits in, drafts the response packet, routes for human DPO sign-off. Tracks SLA per regulator. |
| POST /v1/agents/regunav-search | Cross-rail compliance search. Translates natural-language queries ("find every open SOC 2 CC1.2 finding across my AI systems") to deterministic BM25 + facet filters against the regunav-* indexes. Lexical layer is audit-pathable; semantic neighbour expansion is advisory. |
| POST /v1/agents/cc-search | Engineer + auditor search across runs / findings / installations / fix-PRs / exemptions on the codeconstitution.com surface. Same lexical-search-core under the hood as ReguNav Search; brand voice + result rendering differ. |
| POST /v1/agents/kye-search | Same shared engine, third brand facade. Indexes registered later under the kye-* namespace; engine ships ready-to-consume. |
| POST /v1/agents/regunav-reporting | Stakeholder-shaped report generator. Pulls compliance posture + framework coverage + audit-trail evidence from the tenant's slice, applies the requested stakeholder accent (regulator / board / Shariah board / audit committee / partner / investor / customer / internal), renders via @regunav/report-templates. Never auto-publishes — always returns a draft + recommended reviewers per the canonical reviewer matrix. |
| POST /v1/agents/cc-reporting | Engineer + executive reports on the codeconstitution.com surface: per-repo posture, org-rollup coverage, framework heat-maps, top-10 failing rules, auto-fix landing rate, monthly compliance digest, exec one-pager. Same canonical engine as ReguNav Reporting; brand voice + section ordering differ. |
| POST /v1/agents/kye-reporting | Same shared engine, third brand facade. KYE-specific templates land alongside the kye-* resource model. |
| POST /v1/agents/regunav-partner-reporting | Partner-program reports for MSSPs, consultancies, and resellers. Generates co-branded client rollups, partner-program MRR, joint-customer compliance status, white-label evidence packs. Per-partner attribution + revenue-share calculation pulled from billing ledger. Never auto-publishes; partner-success manager signs off. |
| POST /v1/agents/regunav-consultant-reporting | Per-engagement reports for individual consultants delivering compliance work on ReguNav. Posture snapshot for the GC/CCO, engagement timeline, library-of-patterns reuse (Murabaha-readiness, SOC 2 readiness, GDPR Art. 32 gap-fill, etc.), CPE-trackable evidence. Sent FROM reports@regunav.com with consultant cc'd. |
| POST /v1/agents/regunav-trainer-reporting | Cohort + curriculum reports for compliance trainers using ReguNav training surfaces. CPE/CPD credit attestations, learner-cohort performance, curriculum-coverage maps, per-organisation training rollups for L&D leaders. Certificate generation routes through evidence-pack-engine for verifiable claims. |
| POST /v1/agents/cc-partner-reporting | Lighter partner facade for CC: rollups for consultancies that resell or co-deliver CC checks. Per-client repo coverage, auto-fix landing rate by partner, partner-org MRR. Reusing the canonical engine; brand voice + section ordering follow codeconstitution.com. |
| POST /v1/agents/cc-trainer-reporting | Bootcamp + dev-rel cohort reporting on CC: per-learner repo coverage, framework-rule pass-rate over the curriculum, before/after fix-PR metrics. Useful for coding-bootcamps embedding CC in capstones + for dev-rel orgs measuring compliance literacy uplift. |
Example: Classifier
curl -X POST https://api.regunav.com/v1/agents/classifier \
-H "Authorization: Bearer $REGUNAV_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"aiSystem": {
"name": "Loan Origination Classifier",
"purpose": "Predicts approval likelihood for retail loans",
"providerKind": "first_party",
"intendedUsers": ["loan officers"]
},
"jurisdiction": "EU",
"applicableFrameworks": ["eu-ai-act", "iso-42001"]
}'
# Response (deterministic for same input)
{
"riskLevel": "high",
"rationale": "Annex III §5(a) — credit scoring of natural persons.",
"applicableClauses": ["Art 6(2)", "Art 9", "Art 10", "Art 11", "Art 14"],
"dictionaryVersion": "eu-ai-act@2024.12.1",
"decisionId": "dec_01HX..."
}Replay an earlier decision
curl https://api.regunav.com/v1/agents/decisions/dec_01HX...Returns the original input, dictionary version, rule set, output, and a hash of all four — proving the decision was reproducible.