API Reference
Admina exposes a REST + JSON-RPC 2.0 API on port 8080.
The interactive Swagger UI is always available at http://localhost:8080/docs.
/health and /docs
require the X-API-Key header (or Authorization: Bearer <key>)
when ADMINA_API_KEY is set. See Configuration.
Core endpoints
/health public Health check. Returns proxy status, version, engine type, and pillar count. Always public.
curl http://localhost:8080/health # Response
{
"status": "healthy",
"version": "0.2.0",
"engine": "rust",
"rust_available": true,
"pillars": 6,
"uptime_seconds": 3600
} /mcp auth Main governance proxy endpoint. Accepts any MCP JSON-RPC 2.0 message, applies all 6 pillars bidirectionally, and forwards to the upstream MCP server. The response includes governance metadata as HTTP headers.
curl -X POST http://localhost:8080/mcp \
-H "Content-Type: application/json" \
-H "X-API-Key: $ADMINA_API_KEY" \
-H "X-Session-Id: my-session" \
-H "X-Agent-Id: my-agent" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "read_file",
"arguments": { "path": "/etc/hostname" }
}
}' Request headers:
X-Session-IdSession identifier for rate limiting and loop detectionX-Agent-IdAgent identifier for audit trail and OTEL spansX-UpstreamOverride the default upstream MCP server URLResponse headers added by Admina:
X-Admina-DecisionALLOW | BLOCK | REDACT | CIRCUIT_BREAKX-Admina-Risk-LevelLOW | MEDIUM | HIGH | CRITICALX-Admina-Latency-UsGovernance overhead in microsecondsX-Admina-PillarsComma-separated list of active pillarsGovernance stats
/api/stats auth Aggregate governance statistics: total requests, actions by type, risk level distribution, latency.
curl http://localhost:8080/api/stats \
-H "X-API-Key: $ADMINA_API_KEY" {
"total_requests": 10482,
"actions": {
"ALLOW": 10301,
"BLOCK": 142,
"REDACT": 35,
"CIRCUIT_BREAK": 4
},
"avg_latency_us": 14.2,
"p99_latency_us": 38.1
} /governance/status auth Returns the current status of each governance pillar โ active, thresholds, and last event.
curl http://localhost:8080/governance/status \
-H "X-API-Key: $ADMINA_API_KEY" Compliance
/api/compliance/classify auth Classify an AI system's risk level under EU AI Act Art. 6 and get a gap analysis against Art. 9โ15 requirements.
curl -X POST http://localhost:8080/api/compliance/classify \
-H "Content-Type: application/json" \
-H "X-API-Key: $ADMINA_API_KEY" \
-d '{
"description": "AI credit scoring system for consumer loans",
"use_case": "financial risk assessment",
"data_types": ["financial", "personal", "behavioral"]
}' {
"risk_level": "HIGH",
"article": "Art. 6 โ High-risk AI system",
"justification": "Financial decisions affecting individuals",
"gaps": [
{"article": "Art. 9", "status": "MISSING", "description": "No risk management system documented"},
{"article": "Art. 12", "status": "COVERED", "description": "Admina forensic black box active"},
{"article": "Art. 15", "status": "COVERED", "description": "Admina firewall + loop breaker active"}
],
"enforcement_deadline": "2026-08-02"
} Forensic
/api/forensic/verify auth Verify the integrity of the forensic hash chain. Returns valid: true if no tampering is detected.
curl http://localhost:8080/api/forensic/verify \
-H "X-API-Key: $ADMINA_API_KEY" {
"valid": true,
"records": 10482,
"first_seq": 1,
"last_seq": 10482,
"last_hash": "sha256:a3f8c9..."
} OpenAPI / Swagger
The full interactive API documentation is available at http://localhost:8080/docs
when the proxy is running. It includes request/response schemas, authentication, and a live
"Try it out" interface.
# Open in browser open http://localhost:8080/docs # Download OpenAPI spec curl http://localhost:8080/openapi.json