Fetch assessment coverage data
GET/api/v1/assessments/:assessment_id/coverage
Fetch coverage data produced for an assessment.
Returns the observed HTTP endpoints (from captured traffic) and the
per-security-property coverage verdicts (from the knowledge base),
rendered with human labels and zero internal-id leaks. Also carries the
code-audit / white-box Assessment Context fields (summary /
threat_model / codebase_overview) drawn from the runner's
materialized project.
- Enforces org + assessment-level RBAC (cross-org returns 404).
- Coverage reads are admission-free: the endpoint keeps serving in-flight assessments even when a release flag is flipped off.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.