All endpoints require authentication via session cookie. Base URL: https://regtwinai.com
Streaming endpoints return Server-Sent Events (SSE). All request/response bodies are JSON unless noted otherwise.
Sections
/api/auth/registerRegister a new user and organization
Request Body
{ "name": "Jane Smith", "email": "jane@bank.com", "password": "...", "orgName": "First National Bank" }Response
{ "user": { "id": "...", "email": "...", "name": "..." } }/api/auth/[...nextauth]NextAuth.js authentication (credentials, Google, Microsoft SSO)
Request Body
{ "email": "...", "password": "..." }Response
Session object
/api/regulationsList all regulations for the authenticated organization
Response
[{ "id": "...", "agency": "OCC", "referenceCode": "12 CFR 30", "title": "Safety and Soundness", "status": "active" }]/api/regulationsCreate a new regulation
Request Body
{ "agency": "OCC", "referenceCode": "12 CFR 30", "title": "...", "description": "..." }Response
{ "id": "...", "agency": "OCC", ... }/api/controlsList all controls for the organization
Response
[{ "id": "...", "title": "AML Transaction Monitoring", "controlType": "detective", "status": "active" }]/api/controlsCreate a new control
Request Body
{ "title": "...", "description": "...", "controlType": "preventive", "department": "BSA/AML" }Response
{ "id": "...", ... }/api/mappingsList regulation-to-control mappings
Response
[{ "regulationId": "...", "controlId": "...", "gapStatus": "fully_mapped" }]/api/mappingsCreate a regulation-control mapping
Request Body
{ "regulationId": "...", "controlId": "...", "gapStatus": "fully_mapped" }Response
{ "id": "...", ... }/api/ai/assessRun regulatory impact assessment
Request Body
{ "regulationId": "..." }Response
{ "taskId": "...", "assessment": { "keyRequirements": [...], "controlGaps": [...] } }/api/ai/gaps/streamStream gap analysis (SSE)
Response
Server-Sent Events: thinking → tool_call → tool_result → action → complete
/api/ai/predict/streamStream audit predictions (SSE)
Response
Server-Sent Events with predicted findings and readiness score
/api/ai/report/streamStream board report generation (SSE)
Request Body
{ "reportType": "board" | "committee" | "management" }Response
Server-Sent Events with generated report
/api/ai/remediation/streamStream remediation plan generation (SSE)
Response
Server-Sent Events with plans and milestones
/api/ai/defend/streamStream exam defense analysis (SSE)
Request Body
{ "findingId": "...", "mode": "decompose" | "map" | "draft_response" | "generate_evidence" | "simulate_examiner" }Response
Server-Sent Events with defense artifacts
/api/defend/findingsList all examination findings
Response
[{ "id": "...", "title": "BSA/AML Deficiencies", "findingType": "mra", "regulator": "occ", "status": "uploaded" }]/api/defend/findingsUpload a new finding
Request Body
{ "title": "...", "findingType": "mra", "regulator": "occ", "rawText": "Full finding text..." }Response
{ "id": "...", "status": "uploaded" }/api/defend/findings/:idGet finding with obligations, mappings, evidence, and response drafts
Response
{ "id": "...", "obligations": [...], "responseDrafts": [...] }/api/defend/findings/:idUpdate finding (title, status, etc.)
Request Body
{ "title": "Updated title", "status": "submitted" }Response
{ "id": "...", ... }/api/defend/findings/:id/responseGet response drafts for a finding
Response
[{ "id": "...", "version": 1, "responseText": "...", "acceptanceProbability": 0.82 }]/api/defend/findings/:id/responseUpdate/approve a response draft
Request Body
{ "draftId": "...", "status": "approved" }Response
{ "id": "...", "status": "approved" }/api/defend/evidence/:idUpdate evidence item status or attach artifact
Request Body
{ "status": "collected", "artifactUrl": "https://..." }Response
{ "id": "...", "status": "collected" }/api/ai/auditList all agent tasks with status and confidence
Response
[{ "id": "...", "agentType": "audit_defender", "taskType": "finding_decomposition", "status": "completed", "confidenceScore": 0.87 }]/api/ai/audit?taskId=:idGet full task detail with reasoning chain and approvals
Response
{ "task": {...}, "reasoning": [{...}], "approvals": [{...}] }/api/ai/audit/exportExport full audit trail (all tasks with reasoning chains)
Response
{ "exportedAt": "...", "totalTasks": 42, "tasks": [...] }/api/calendarGet all compliance deadlines (findings, obligations, remediation, milestones)
Response
[{ "id": "...", "type": "finding_deadline", "title": "...", "date": "2026-06-30", "status": "...", "severity": "high" }]/api/uploadUpload evidence file (PDF, images, Excel, Word). Max 10MB.
Request Body
multipart/form-data with 'file' field
Response
{ "url": "https://...", "pathname": "...", "size": 1234, "contentType": "application/pdf" }/api/notificationsList notification recipients
Response
[{ "id": "...", "name": "...", "email": "...", "watchdogAlerts": true, "defendAlerts": true }]/api/notificationsUpdate recipient preferences
Request Body
{ "id": "...", "watchdogAlerts": true, "defendAlerts": false }Response
{ "id": "...", ... }/api/users/search?q=janeSearch users in org (for @mentions)
Response
[{ "id": "...", "name": "Jane Smith", "email": "jane@bank.com" }]Need help? Contact support@regtwinai.com
Comments
/api/defend/comments?entityType=finding&entityId=:idList comments for a finding or response draft
Response
[{ "id": "...", "body": "Looks good, approve.", "authorName": "Jane" }]/api/defend/commentsAdd a comment with @mentions
Request Body
{ "entityType": "finding", "entityId": "...", "body": "@jane please review this", "mentions": ["jane"] }Response
{ "id": "...", ... }