AgentCop API
Core scanning endpoints — submit code, retrieve results, manage scan history.
POST /api/scan
/api/scan
Submit agent source code for a security scan. Returns a trust score, risk level, and a detailed list of detected issues. Results are cached by code hash — identical code submitted again will return the cached result instantly.
Request body
{
"code": "import os\nagent = ...",
"description": "LangChain ReAct agent with web search",
"agent_name": "my-agent",
"framework": "langchain"
}| Field | Type | Required | Description |
|---|---|---|---|
code | string | Yes | Agent source code to scan (max 100 KB) |
description | string | No | Human-readable description of the agent |
agent_name | string | No | Identifier used in scan history and share URLs |
framework | string | No | Hint for framework-specific rules: langchain, crewai, autogen, moltbook |
Response
{
"scan_id": "scan_abc123",
"trust_score": 72,
"risk_level": "MODERATE",
"total_issues": 3,
"issues": [
{
"id": "issue_001",
"type": "LLM01_PROMPT_INJECTION",
"severity": "HIGH",
"description": "f-string interpolation in LLM prompt",
"line": 14,
"code_snippet": "prompt = f'Answer: {user_input}'",
"fix": "Use PromptTemplate with input_variables",
"owasp": "LLM01",
"cwe": "CWE-20"
}
],
"scan_time_ms": 234,
"created_at": "2026-04-06T14:23:11Z",
"share_url": "https://agentcop.live/scan/scan_abc123"
}| Field | Type | Description |
|---|---|---|
trust_score | integer (0–100) | Higher is safer. Penalized by severity and count of issues. |
risk_level | string | SAFE, LOW, MODERATE, HIGH, CRITICAL |
issues[].owasp | string | OWASP LLM Top 10 category (e.g., LLM01) |
issues[].cwe | string | CWE identifier |
share_url | string | Public permalink to this scan result |
POST /api/scan/zip
/api/scan/zip
Scan an entire agent project by uploading a ZIP archive. Accepts multipart/form-data. All .py files inside the archive are scanned and their issues are merged into a single result. Maximum archive size is 10 MB.
Request (multipart/form-data)
curl -X POST https://api.agentcop.live/api/scan/zip \
-H "X-AgentCop-Key: your_api_key_here" \
-F "file=@agents.zip" \
-F "description=My agent project"| Field | Type | Required | Description |
|---|---|---|---|
file | file | Yes | ZIP archive containing agent source files |
description | string | No | Project description, stored with scan result |
framework | string | No | Framework hint applied to all files |
The response schema is identical to POST /api/scan, with an additional files_scanned integer field.
GET /api/scan/{scan_id}
/api/scan/{scan_id}
Retrieve a previously created scan result by its ID. Scan results are retained for 90 days on Free plans and indefinitely on Pro and Enterprise plans.
Path parameters
| Parameter | Type | Description |
|---|---|---|
scan_id | string | The scan ID returned by POST /api/scan |
Response schema is identical to POST /api/scan.
GET /api/badge/{badge_id}
/api/badge/{badge_id}
Returns an SVG trust badge for a scan result. Intended for embedding in READMEs and documentation. The response carries Content-Type: image/svg+xml and Cache-Control: max-age=3600.
Example embed
The badge_id is the same value as the scan_id returned from any scan endpoint.
GET /health
/health
Returns the operational status of the API and its subsystems. Useful for uptime monitoring and readiness checks. Does not require authentication.
Response
{
"status": "ok",
"version": "1.0.0",
"scanner": "ok",
"database": "ok",
"uptime_seconds": 84623
}Any subsystem in a degraded state will appear as "degraded". If status itself is not "ok", the HTTP status code will be 503.