Exogram API
Base URL: https://api.exogram.ai
All endpoints require Authorization: Bearer sk_exo_...
The Verdict Object
Every evaluation returns a strictly deterministic verdict. If is_safe is false, the error object always contains an actionable code for automated recovery.
POST /v1/evaluate — Request
{
"action": "database_query",
"payload": {
"query": "DROP TABLE users;"
}
}Verdict Response
{
"is_safe": false,
"latency_ms": 0.07,
"hash": "e3b0c442...",
"error": {
"code": "POLICY_VIOLATION",
"message": "DDL statements are
strictly prohibited."
}
}Deterministic Error Codes
Use these exact string constants in your client application to orchestrate recovery logic. Every error is deterministic — same input, same code, every time.
| Code | Description |
|---|---|
| SCHEMA_MISMATCH | Payload violates the required JSON schema — missing fields, wrong types, invented parameters. |
| POLICY_VIOLATION | Payload attempts an action explicitly forbidden by boundary rules (DDL, destructive ops). |
| DEST_MUTATION | Detects potentially catastrophic destructive actions (mass deletes, table drops, filesystem wipes). |
| RATE_LIMIT_EXCEEDED | Agent is caught in an infinite loop of identical failing calls. |
| EXFILTRATION_BLOCKED | Outbound API call to untrusted domain detected — potential data exfiltration. |
| FILESYSTEM_DENIED | Agent attempted to read or write privileged system paths (/etc, /root, ~/.ssh). |
| CONFLICT_DETECTED | Proposed action contradicts verified facts in the truth ledger (409 Conflict). |
| STATE_DRIFT | SHA-256 state hash changed between evaluation and commit (TOCTOU protection). |
Full Endpoint Reference
Vault (Memory Governance)
/v2/vault/storeStore a verifiable claim into the semantic ledger. Runs PII scrubbing, conflict detection, and Pinecone embedding.
REQUEST BODY
{ "claim": "string", "source": "string", "confidence": 0.95 }RESPONSE
{ "id": "uuid", "version": 1, "conflicts": [], "state_hash": "sha256..." }/v2/vault/searchSemantic search across the ledger. Returns facts ranked by relevance × confidence.
REQUEST BODY
{ "query": "string", "top_k": 5 }RESPONSE
{ "results": [{ "claim": "...", "confidence": 0.95, "source": "..." }] }Actions (Judgment Engine)
/v2/actions/evaluateSubmit a proposed action through the 7-gate Judgment Engine. Returns ALLOWED, BLOCKED, or ESCALATE.
REQUEST BODY
{
"action_type": "string",
"actor": "string",
"actor_role": "user|admin|assistant",
"payload": {},
"impact_scope": "internal|external|critical"
}RESPONSE
{
"decision": "ALLOWED",
"reason": "All gates passed",
"evaluation_id": "uuid",
"gates": { "authority": { "passed": true }, ... }
}Subscription & Billing
/subscription/checkoutCreate a Stripe checkout session for plan subscription.
REQUEST BODY
{ "plan_id": "pro_monthly", "success_url": "...", "cancel_url": "..." }RESPONSE
{ "success": true, "checkout_url": "https://checkout.stripe.com/..." }/subscription/statusGet current subscription status, plan details, and billing period.
RESPONSE
{ "success": true, "plan": "pro", "status": "active", ... }/billing/usage/currentGet current month's API usage summary.
RESPONSE
{ "total_api_calls": 142, "total_cost_usd": 0.0, ... }API Keys
/api-keysCreate a new API key.
REQUEST BODY
{ "name": "my-app-key" }RESPONSE
{ "id": "uuid", "key": "sk_exogram_...", "name": "my-app-key", ... }/api-keysList all API keys for the authenticated user.
RESPONSE
[{ "id": "uuid", "key": "sk_exogram_...", "name": "...", "calls_this_month": 42 }]/api-keys/{key_id}Revoke an API key permanently.
RESPONSE
{ "success": true }GDPR & Data Portability
/gdpr/exportExport all user data as JSON (GDPR Article 20). Includes ledger entries, audit logs, API keys, and profile.
RESPONSE
{ "profile": {...}, "ledger_entries": [...], "audit_log": [...], ... }/gdpr/delete-accountDelete all user data (GDPR Article 17). Audit log entries retained for compliance.
RESPONSE
{ "success": true, "message": "Account and all associated data deleted." }The Mental Model
Exogram does not generate outputs. It enforces them.