# Compliance

## Compliance dashboard composite

> Composite compliance dashboard — HIPAA status, retention, credentials summary.\
> \
> Aggregates compliance signals into a single dashboard view.\
> \
> Permissions: admin, owner.

```json
{"openapi":"3.1.0","info":{"title":"Platform API","version":"1.0.0"},"servers":[{"url":"https://api.platform.amigo.ai","description":"Production"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"API key issued via `POST /v1/{workspace_id}/api-keys`. Pass the returned `api_key` value as a Bearer token."}},"schemas":{"ComplianceDashboardResponse":{"properties":{"hipaa_status":{"type":"string","title":"Hipaa Status"},"retention_days":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Retention Days"},"legal_hold":{"type":"boolean","title":"Legal Hold"},"total_credentials":{"type":"integer","title":"Total Credentials"},"active_credentials":{"type":"integer","title":"Active Credentials"},"last_audit_export":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Last Audit Export"},"generated_at":{"type":"string","title":"Generated At"}},"type":"object","required":["hipaa_status","retention_days","legal_hold","total_credentials","active_credentials","last_audit_export","generated_at"],"title":"ComplianceDashboardResponse","description":"Composite compliance health overview."}}},"paths":{"/v1/{workspace_id}/compliance/dashboard":{"get":{"tags":["Compliance"],"summary":"Compliance dashboard composite","description":"Composite compliance dashboard — HIPAA status, retention, credentials summary.\n\nAggregates compliance signals into a single dashboard view.\n\nPermissions: admin, owner.","operationId":"get-compliance-dashboard","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ComplianceDashboardResponse"}}}},"429":{"description":"Rate limited"}}}}}}
```

## HIPAA compliance evidence report

> HIPAA compliance evidence report.\
> \
> Aggregates audit statistics, retention policy, encryption status,\
> and API key summary for the specified period. Identity-specific\
> fields (MFA, SSO, lockout) return null pending integration.\
> \
> Permissions: admin, owner.

```json
{"openapi":"3.1.0","info":{"title":"Platform API","version":"1.0.0"},"servers":[{"url":"https://api.platform.amigo.ai","description":"Production"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"API key issued via `POST /v1/{workspace_id}/api-keys`. Pass the returned `api_key` value as a Bearer token."}},"schemas":{"HipaaReportResponse":{"properties":{"generated_at":{"type":"string","title":"Generated At"},"report_period_days":{"type":"integer","title":"Report Period Days"},"workspace_id":{"type":"string","title":"Workspace Id"},"audit_summary":{"additionalProperties":true,"type":"object","title":"Audit Summary"},"retention_policy":{"additionalProperties":true,"type":"object","title":"Retention Policy"},"encryption":{"additionalProperties":{"type":"boolean"},"type":"object","title":"Encryption"},"access_controls":{"additionalProperties":true,"type":"object","title":"Access Controls"},"api_key_summary":{"additionalProperties":{"type":"integer"},"type":"object","title":"Api Key Summary"},"compliance_status":{"type":"string","title":"Compliance Status"}},"type":"object","required":["generated_at","report_period_days","workspace_id","audit_summary","retention_policy","encryption","access_controls","api_key_summary","compliance_status"],"title":"HipaaReportResponse"},"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"},"input":{"title":"Input"},"ctx":{"type":"object","title":"Context"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"}}},"paths":{"/v1/{workspace_id}/compliance/hipaa":{"get":{"tags":["Compliance"],"summary":"HIPAA compliance evidence report","description":"HIPAA compliance evidence report.\n\nAggregates audit statistics, retention policy, encryption status,\nand API key summary for the specified period. Identity-specific\nfields (MFA, SSO, lockout) return null pending integration.\n\nPermissions: admin, owner.","operationId":"get-hipaa-report","parameters":[{"name":"report_period_days","in":"query","required":false,"schema":{"type":"integer","maximum":365,"minimum":1,"description":"Report period in days","default":90,"title":"Report Period Days"},"description":"Report period in days"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HipaaReportResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}},"429":{"description":"Rate limited"}}}}}}
```

## Access review export

> Access review export for SOC2 attestation.\
> \
> Lists all API key credentials with role, status, and activity dates.\
> Download, review, and upload signed attestation for SOC2 compliance.\
> \
> Permissions: admin, owner.

```json
{"openapi":"3.1.0","info":{"title":"Platform API","version":"1.0.0"},"servers":[{"url":"https://api.platform.amigo.ai","description":"Production"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"API key issued via `POST /v1/{workspace_id}/api-keys`. Pass the returned `api_key` value as a Bearer token."}},"schemas":{"AccessReviewResponse":{"properties":{"generated_at":{"type":"string","title":"Generated At"},"workspace_id":{"type":"string","title":"Workspace Id"},"credentials":{"items":{"additionalProperties":true,"type":"object"},"type":"array","title":"Credentials"},"total_credentials":{"type":"integer","title":"Total Credentials"},"jwt_credentials_note":{"type":"string","title":"Jwt Credentials Note"}},"type":"object","required":["generated_at","workspace_id","credentials","total_credentials","jwt_credentials_note"],"title":"AccessReviewResponse"}}},"paths":{"/v1/{workspace_id}/compliance/access-review":{"get":{"tags":["Compliance"],"summary":"Access review export","description":"Access review export for SOC2 attestation.\n\nLists all API key credentials with role, status, and activity dates.\nDownload, review, and upload signed attestation for SOC2 compliance.\n\nPermissions: admin, owner.","operationId":"get-access-review","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessReviewResponse"}}}},"429":{"description":"Rate limited"}}}}}}
```