Afunana
Afunana Documentation

API Reference

All REST endpoints for authentication, programs, files, chat, tags, admin, and compliance.

← Back to Docs

Overview

Base URL: https://<your-server>/api (production) or http://localhost:8001 (development).

All endpoints require JWT authentication unless noted. Include: Authorization: Bearer <token>

Collection-scoped endpoints use the X-Collection header to specify which collection to query.

Authentication

Login

POST /auth/login
Content-Type: application/x-www-form-urlencoded
Body: username=<user>&password=<pass>
Rate Limit: 10/minute

Returns: { access_token, user: { id, username, email, full_name, role } }

Signup

POST /auth/signup
Content-Type: application/json
Body: { username, email, password, full_name }
Rate Limit: 5/minute

Current User

GET /auth/me

Returns: { user: {...}, collections: [{ collection_name, display_name }] }

Refresh Token

POST /auth/refresh

Extends idle timeout. Returns new access_token.

Logout

POST /auth/logout

Revokes current token.

Change Password

PUT /auth/password
Body: { current_password, new_password }

Forgot Password

POST /auth/forgot-password
Body: { email }
Rate Limit: 5/minute

Returns generic success (prevents email enumeration).

Reset Password

POST /auth/reset-password
Body: { token, new_password }

Programs

List All Programs

POST /get_all_programs
X-Collection: <collection_name>

Returns: { programs: [{ program_name, type, summary }], output_language }

Get Program Info

POST /get_info_program
Body: { program: "<name>" }
X-Collection: <collection_name>

Returns: Full program documentation JSON (purpose, IO, calls, files, errors, change impact).

Get Program Source Code

POST /get_code_program
Body: { program: "<name>" }
X-Collection: <collection_name>

Returns: { code: "<source_text>" }

Files

List All Files

POST /get_all_files
X-Collection: <collection_name>

Returns: { files: [{ file_name, type, description }] }

Get File Info

POST /get_info_file
Body: { file: "<name>" }
X-Collection: <collection_name>

Returns: File structure with fields, programs using it, and field details.

Tree / Call Graph

POST /get_json_tree
X-Collection: <collection_name>

Returns: Hierarchical call tree JSON with program metadata.

System Overview & Data Dictionary

Get System Overview

POST /get_system_overview
X-Collection: <collection_name>

Get Data Dictionary

POST /get_data_dictionary
X-Collection: <collection_name>

Get Cross Reference

POST /get_cross_reference
X-Collection: <collection_name>

Get Field Files

POST /get_field_files
Body: { field: "<name>" }
X-Collection: <collection_name>

Chat

Chat Query

POST /alerts
Body: { query, email, chat_history: [...], language }
X-Collection: <collection_name>

Returns: { response, duration_seconds }

Chat Query V2 (Streaming)

POST /alerts/v2
Body: { query, email, chat_history: [...], language, mode }
X-Collection: <collection_name>

Returns: Server-Sent Events stream of response tokens.

Chat Sessions

GET  /chat/sessions                    # List sessions
POST /chat/sessions                    # Create session
GET  /chat/sessions/{id}               # Get session with messages
POST /chat/sessions/{id}/messages      # Add message
DELETE /chat/sessions/{id}             # Delete session

Specification Documents

Program Spec Doc

POST /api/programs/spec-doc/list
Body: { program_name }

POST /api/programs/spec-doc/generate
Body: { program_name, audience: "business"|"analyst"|"programmer", regenerate: false, language: "en"|"he" }

Collection Spec Doc

POST /api/collection/spec-doc/list

POST /api/collection/spec-doc/generate
Body: { audience, regenerate: false, language: "en"|"he" }

Tags

GET  /api/tags?entity_type=program|file     # List tags
GET  /api/tags/all-assignments               # All tag assignments
GET  /api/tags/program/{name}                # Program tags
POST /api/tags/program/{name}                # Set program tags
     Body: { tags: ["tag1", "tag2"] }

# Admin CRUD
POST   /api/tags                             # Create tag
PUT    /api/tags/{key}                       # Update tag
DELETE /api/tags/{key}                       # Delete tag

Admin Endpoints

All admin endpoints require role: admin.

User Management

GET    /admin/users
POST   /admin/users
PUT    /admin/users/{username}
DELETE /admin/users/{username}
POST   /admin/users/{username}/revoke-sessions
GET    /admin/users/{username}/collections
POST   /admin/users/{username}/collections

Collection Management

GET    /admin/collections
POST   /admin/collections
PUT    /admin/collections/{name}
DELETE /admin/collections/{name}
POST   /admin/collections/{name}/build
GET    /admin/collections/{name}/build-log
GET    /admin/collections/{name}/build-history

AS/400 Operations

POST /admin/as400/test-connection
POST /admin/as400/extract/{app_code}
GET  /admin/as400/extract/{app_code}/status
POST /admin/as400/extract/{app_code}/pull

Configuration

GET /admin/config
PUT /admin/config/{key}

Update Check

GET /admin/actions/check-update

Returns: { current, latest, released, update_available }

Audit & Compliance

GET /compliance/audit/events              # Query events
GET /compliance/audit/stats               # Event statistics
GET /compliance/audit/export              # Export (CSV/JSON)
GET /compliance/audit/verify-hash-chain   # Integrity check

Health

GET /health                               # No auth required

Returns: { status, version, commit, checks: { database, as400 }, timestamp }

Upload

POST /upload_attachment
Content-Type: multipart/form-data
Body: file=<binary>

Returns: { extracted_text, filename }. Supports images (OCR via vision LLM) and text files (direct extraction).