{"openapi":"3.1.0","info":{"title":"K0NSULT ipIII API","version":"0.1.0-reference","description":"Kontrakt referencyjny (nie SLA). /api/ip3/incidents = LIVE read-path (dane SIMULATION). /api/ip3/v1/* = LIVE auth-gated (JWT/RBAC/DB). /api/incidents = legacy placeholder (GAP).","x-status":"reference-contract"},"servers":[{"url":"https://k0nsult.cloud"}],"components":{"securitySchemes":{"bearer":{"type":"http","scheme":"bearer"},"konsultSecret":{"type":"apiKey","in":"header","name":"x-konsult-secret","description":"DEPRECATED do prod — zalecane OIDC/OAuth2 + mTLS"}}},"paths":{"/api/ip3/incidents":{"get":{"summary":"Lista incydentow demo (SIMULATION, publiczny read-path)","x-status":"LIVE","parameters":[{"name":"severity","in":"query"},{"name":"status","in":"query"},{"name":"group","in":"query"}],"responses":{"200":{"description":"OK — {ok,source:simulation,count,by_severity,gap_pct,incidents[]}"}}}},"/api/incidents":{"get":{"summary":"Rejestr operacyjny (chroniony)","x-status":"GAP/secured","security":[{"bearer":[]},{"konsultSecret":[]}],"responses":{"200":{"description":"OK"},"401":{"description":"Brak autoryzacji (anon)"}}}},"/ai-truth/ipIII/status.json":{"get":{"summary":"Status modulu","x-status":"LIVE","responses":{"200":{"description":"OK"}}}},"/ai-truth/ipIII/pages.json":{"get":{"summary":"Rejestr stron modulu","x-status":"LIVE","responses":{"200":{"description":"OK"}}}},"/api/ip3/v1/auth/login":{"post":{"summary":"Login v1 (JWT)","x-status":"LIVE","responses":{"200":{"description":"OK — {token,roles}"},"401":{"description":"invalid_credentials"}}}},"/api/ip3/v1/imports/burp":{"post":{"summary":"Import Burp Suite (XML) -> incydenty+evidence (MEDIA_SIGNAL)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK — connector_run"}}}},"/api/ip3/v1/imports/zap":{"post":{"summary":"Import OWASP ZAP (JSON/XML)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/imports/nessus":{"post":{"summary":"Import Nessus/Tenable (CSV)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/imports/csv":{"post":{"summary":"Import generic CSV (title,severity,cve,cvss,type,host)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/imports/generic":{"post":{"summary":"Import generic JSON {source_tool,findings[]}","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/reports/evidence-package/{id}":{"get":{"summary":"Evidence package / board pack (JSON|PDF, manifest+package_sha256+chain-of-custody)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true},{"name":"format","in":"query","schema":{"enum":["json","pdf"]}}],"responses":{"200":{"description":"OK"}}}},"/api/ip3/v1/engagements":{"post":{"summary":"DORA/TIBER engagement (scope/crown-jewels/RoE)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK — ENG-..."}}},"get":{"summary":"Lista engagementow","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"200":{"description":"OK"}}}},"/api/ip3/v1/engagements/{id}/log":{"post":{"summary":"White-team-log / evidence-register (wpis)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/engagements/{id}/final-report":{"post":{"summary":"Raport koncowy (wymaga evidence-register — claim<=proof)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"200":{"description":"OK"},"422":{"description":"final_report_requires_evidence_register"}}}},"/api/ip3/v1/incidents/{id}/legal-triggers":{"get":{"summary":"Legal Trigger Engine (wisienka #3): obowiazki DORA/NIS2/RODO/AI Act + zegary + draft (DECISION-SUPPORT, nie porada prawna)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true},{"name":"personal_data","in":"query","schema":{"type":"boolean"}},{"name":"high_risk","in":"query","schema":{"type":"boolean"}},{"name":"entity","in":"query"},{"name":"sector","in":"query"}],"responses":{"200":{"description":"OK — {triggers[],trigger_count,basis,doctrine}"}}}},"/api/ip3/v1/engagements/{id}/report-package":{"get":{"summary":"Engagement report-package (wisienka #2): raport TLPT JSON|PDF (timeline+register+final+manifest+package_sha256)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true},{"name":"format","in":"query","schema":{"enum":["json","pdf"]}}],"responses":{"200":{"description":"OK"}}}},"/api/ip3/v1/imports/qualys":{"post":{"summary":"Import Qualys VM (CSV/XML) — Fala1 demo->LIVE","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK — connector_run"}}}},"/api/ip3/v1/imports/re":{"post":{"summary":"Import RE / analiza malware (YARA JSON / radare2 / generic RE) — evidence orchestration, nie disassembler","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK — connector_run"},"422":{"description":"no_findings|parse_failed"}}}},"/api/ip3/v1/incidents/{id}/ttp":{"get":{"summary":"MITRE ATT&CK mapping (Fala1): incydent -> techniki TTP (heurystyka)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true}],"responses":{"200":{"description":"OK — {ttps[],count}"}}}},"/api/ip3/v1/incidents/{id}/coverage":{"get":{"summary":"Evidence Coverage Score (wisienka #14): KPI pokrycia dowodowego z DB (NIE ocena bezpieczenstwa)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true}],"responses":{"200":{"description":"OK — {dimensions,coverage_pct}"}}}},"/api/ip3/v1/incidents/{id}/assign":{"post":{"summary":"Remediation: przypisz owner + SLA (per severity)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"200":{"description":"OK — {owner_email,sla_due,workflow_status}"}}}},"/api/ip3/v1/incidents/{id}/transition":{"post":{"summary":"Remediation lifecycle: open->triaged->assigned->fixing->retest (closed tylko przez /close)","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"200":{"description":"OK"},"422":{"description":"invalid_transition"}}}},"/api/ip3/v1/imports/defectdojo":{"post":{"summary":"Import DefectDojo findings (JSON) — most AppSec/pentest","x-status":"LIVE","security":[{"bearer":[]}],"responses":{"201":{"description":"OK"}}}},"/api/ip3/v1/incidents/{id}/ticket":{"get":{"summary":"Eksport tasku remediacji (Jira/GitHub Issues payload)","x-status":"LIVE","security":[{"bearer":[]}],"parameters":[{"name":"id","in":"path","required":true},{"name":"system","in":"query","schema":{"enum":["jira","github"]}}],"responses":{"200":{"description":"OK — {system,payload}"}}}}}}