Developers
Narsil Platform API
REST interface for the Narsil air-gapped DevSecOps platform. Manage enclaves, run verifications, and export OSCAL evidence. All endpoints require a scoped bearer token issued inside the enclave.
Base URL
https://narsil.enclave.local/api/v1Version
v1.4.0 · OpenAPI 3.1Authentication
Bearer <enclave-scoped-token>Enclaves
Isolated, air-gapped build environments.
Returns every enclave the caller's token is scoped to.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
| status | query | string | Filter by operational | sealed | degraded |
| limit | query | integer | Max items (default 50, max 200) |
Responses
200A list of enclaves.
{
"data": [
{
"id": "enc_us_east_3",
"region": "US-EAST-3",
"status": "operational",
"controls_verified": 1284,
"last_sealed": "2026-03-04T18:22:11Z"
}
],
"next": null
}401Missing or invalid bearer token.
Freezes the enclave state and anchors the audit ledger head. Irreversible for the sealed epoch.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
| id* | path | string | Enclave identifier |
Request body · application/json
{
"reason": "quarterly authorization snapshot",
"anchor": true
}Responses
202Seal accepted and queued.
{
"enclave": "enc_us_east_3",
"epoch": 47,
"ledger_head": "sha256:9f3c…a17e"
}409Enclave already sealed for the current epoch.
Verification
Run and inspect control verifications.
Evaluates a control baseline against a target and emits signed results.
Request body · application/json
{
"enclave": "enc_us_east_3",
"baseline": "rhel9-stig",
"emit": "oscal"
}Responses
200Verification completed.
{
"run_id": "run_4471",
"controls": 1284,
"pass": 1281,
"accepted_risk": 3,
"fail": 0,
"evidence": "sha256:9f3c…a17e"
}422Unknown baseline or target.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
| run_id* | path | string | Verification run id |
Responses
200The verification run detail.
{
"run_id": "run_4471",
"status": "completed",
"started": "2026-03-04T18:20:02Z",
"duration_ms": 41280
}404Run not found.
Evidence
OSCAL evidence and audit trail export.
Parameters
| Name | In | Type | Description |
|---|---|---|---|
| run_id* | path | string | Verification run id |
| format | query | string | json | xml (default json) |
Responses
200OSCAL assessment-results document.
{
"assessment-results": {
"uuid": "b1f0…",
"metadata": { "title": "Narsil Run 4471" },
"results": [ { "uuid": "…", "findings": [] } ]
}
}404No evidence for run.
Returns the tamper-evident audit ledger head hash.
Responses
200Current ledger head.
{
"epoch": 47,
"head": "sha256:9f3c…a17e",
"anchored_at": "2026-03-04T18:22:11Z"
}