Skip to main content

List programs

method
GET
/api/compliance-programs
Returns all compliance programs for the organization, each with its domains.
data.programs
array
Array of program objects. Each program includes:
  • id — Human-readable ID (e.g., CP-2026-001)
  • regulationTypebsa_aml or third_party_oversight
  • name — Program display name
  • domains — Array of domain objects with id, category, label, score

Get program

method
GET
/api/compliance-programs/{id}
id
string
required
Program ID (e.g., CP-2026-001).
data.program
object
Program object with all its domains.

Get domain details

method
GET
/api/compliance-programs/{id}/domains/{domainId}
id
string
required
Program ID.
domainId
string
required
Domain ID.
data.program
object
Parent program.
data.domain
object
Domain with id, category, label, score.
data.criteria
array
Array of scoring criteria for this domain. Each criterion includes:
  • id — Criterion ID
  • text — What the regulation requires
  • regulatorySourceId — FK to knowledge base
  • evidenceStatusmissing, stale, partial, or sufficient
  • linkedEvidence — JSONB array of linked evidence entries
  • reviewerNotes — Free-text notes

Update scoring criterion

method
PATCH
/api/compliance-programs/{id}/domains/{domainId}/criteria/{criteriaId}
Updates a scoring criterion’s evidence status, notes, or linked evidence. Automatically recomputes the domain score.
evidenceStatus
string
New evidence status. One of: missing, stale, partial, sufficient.
reviewerNotes
string
Updated reviewer notes.
addEvidence
object
Link new evidence to this criterion.
addEvidence.sourceType
string
required
One of: evidence_attachment, mra_evidence, external_url.
addEvidence.sourceId
string
required
ID of the evidence source.
addEvidence.label
string
required
Display label for the evidence.
removeEvidence
object
Unlink evidence from this criterion.
removeEvidence.sourceType
string
required
Source type of the evidence to remove.
removeEvidence.sourceId
string
required
Source ID of the evidence to remove.
acceptSuggestion
object
Accept an auto-matched evidence suggestion.
dismissSuggestion
object
Dismiss an auto-matched evidence suggestion.
data.criterion
object
Updated criterion.
data.domain
object
Updated domain with recomputed score.
Maximum 50 evidence items per criterion.

Trigger auto-match

method
POST
/api/compliance-programs/{id}/auto-match
Triggers AI-powered evidence matching between examinations’ evidence and the program’s scoring criteria. Supports batch matching across multiple examinations.
examinationId
string
Single examination ID to match evidence from. Backward compatible — use examinationIds for batch matching.
examinationIds
array
Array of examination IDs to match evidence from. Use this for multi-exam batch matching.
data.status
string
matching — the background job has been queued.
data.programId
string
The program being matched against.