{"count":40,"rails":[{"id":"compliance","name":"Compliance","slug":"compliance","resourceKind":"regunav.compliance","basePath":"/v1/compliance","subResources":["frameworks","assessments","obligations","evidence","attestations"],"minSku":"regunav_sandbox","description":"Multi-framework compliance lifecycle.","lifecycle":"v1"},{"id":"frameworks","name":"Frameworks","slug":"frameworks","resourceKind":"regunav.frameworks","basePath":"/v1/frameworks","subResources":["list","get","clauses","controls","questions","activate"],"minSku":"regunav_sandbox","description":"Framework dictionary CRUD.","lifecycle":"v1"},{"id":"graph","name":"Graph","slug":"graph","resourceKind":"regunav.graph","basePath":"/v1/graph","subResources":["relations","blast-radius","evidence-reuse","onboarding-savings","impact"],"minSku":"regunav_growth","description":"Cross-framework crosswalks.","lifecycle":"v1"},{"id":"reporting","name":"Reporting","slug":"reporting","resourceKind":"regunav.reporting","basePath":"/v1/reports","subResources":["generate","export","schedule","audit-pack","notified-body-pack"],"minSku":"regunav_sandbox","description":"Evidence packs + regulator-shaped reports.","lifecycle":"v1"},{"id":"agents","name":"Agents","slug":"agents","resourceKind":"regunav.agents","basePath":"/v1/agents","subResources":["list","get","invoke"],"minSku":"regunav_growth","description":"Deterministic agent catalogue + invocation. Roster is the canonical @regunav/engines agents-catalog.","lifecycle":"v1"},{"id":"stakeholders","name":"Stakeholders","slug":"stakeholders","resourceKind":"regunav.stakeholders","basePath":"/v1/stakeholders","subResources":["users","roles","assignments","raci","approval-chains"],"minSku":"regunav_sandbox","description":"Roles, RACI, approver chains.","lifecycle":"v1"},{"id":"self_audit","name":"Self-Audit","slug":"self-audit","resourceKind":"regunav.self_audit","basePath":"/v1/self-audit","subResources":["posture","drift","findings","remediations","evidence"],"minSku":"regunav_sandbox","description":"Platform self-monitoring.","lifecycle":"v1"},{"id":"trust","name":"Trust","slug":"trust","resourceKind":"regunav.trust","basePath":"/v1/trust","subResources":["posture","certifications","sub-processors","status","questionnaires","nda-vault"],"minSku":"regunav_sandbox","description":"Vendor due-diligence surface.","lifecycle":"v1"},{"id":"specialists","name":"Specialists","slug":"specialists","resourceKind":"regunav.specialists","basePath":"/v1/specialists","subResources":["firms","consultants","client-engagements","billing-share","certifications"],"minSku":"regunav_specialist","description":"Consultants onboarding clients.","lifecycle":"v1"},{"id":"seed","name":"Seed","slug":"seed","resourceKind":"regunav.seed","basePath":"/v1/seed","subResources":["tenants","frameworks","evidence","reset","demo-tour"],"minSku":"regunav_sandbox","description":"Demo-tenant seeding.","lifecycle":"v1"},{"id":"profiles","name":"Profiles","slug":"profiles","resourceKind":"regunav.profiles","basePath":"/v1/profiles","subResources":["banking","finance","healthcare","manufacturing","engineering","energy","saas","public-sector","education","retail","telecom"],"minSku":"regunav_growth","description":"Industry-specific framework bundles.","lifecycle":"v1"},{"id":"onboarding","name":"Onboarding","slug":"onboarding","resourceKind":"regunav.onboarding","basePath":"/v1/onboarding","subResources":["plan","checklist","kickoff","milestones","export"],"minSku":"regunav_sandbox","description":"Tenant setup, framework activation.","lifecycle":"v1"},{"id":"context","name":"Context","slug":"context","resourceKind":"regunav.context","basePath":"/v1/context","subResources":["upload","classify","clause-extract","map","gap-analysis","recommendations"],"minSku":"regunav_growth","description":"Upload customer policies → cross-mapped to frameworks.","lifecycle":"v1"},{"id":"audit_trail","name":"Audit-Trail","slug":"audit-trail","resourceKind":"regunav.audit_trail","basePath":"/v1/audit-trail","subResources":["events","query","export","replay"],"minSku":"regunav_sandbox","description":"Append-only WORM event log.","lifecycle":"v1"},{"id":"audit_engine","name":"Audit-Engine","slug":"audit-engine","resourceKind":"regunav.audit_engine","basePath":"/v1/audit-engine","subResources":["schedules","run","findings","replay","sign-off","attest"],"minSku":"regunav_enterprise","description":"Customer-side compliance audits.","lifecycle":"v1"},{"id":"workspace","name":"Workspace","slug":"workspaces","resourceKind":"regunav.workspace","basePath":"/v1/workspaces","subResources":["list","create","update","archive","teams","principals"],"minSku":"regunav_starter","description":"Workspace + Team + Principal management.","lifecycle":"v1.5"},{"id":"notifications","name":"Notifications","slug":"notifications","resourceKind":"regunav.notifications","basePath":"/v1/notifications","subResources":["inbox","subscribe","mark-read","preferences","slack","teams","email"],"minSku":"regunav_sandbox","description":"In-app, email, Slack, MS Teams notifications.","lifecycle":"v1.5"},{"id":"search","name":"Search","slug":"search","resourceKind":"regunav.search","basePath":"/v1/search","subResources":["frameworks","evidence","findings","specialists","crosswalks","multi-index"],"minSku":"regunav_growth","description":"Native zero-dependency BM25 full-text + faceted search.","lifecycle":"v2"},{"id":"dsar","name":"DSAR","slug":"dsar","resourceKind":"regunav.dsar","basePath":"/v1/dsar","subResources":["requests","fulfillment","verify","export","redact"],"minSku":"regunav_growth","description":"GDPR Art 15-22 Data Subject Access Requests.","lifecycle":"v1.5"},{"id":"risk_register","name":"Risk Register","slug":"risk-register","resourceKind":"regunav.risk_register","basePath":"/v1/risk-register","subResources":["risks","treatments","scores","heatmap","reviews","sign-off"],"minSku":"regunav_growth","description":"Explicit risk register with treatment plans.","lifecycle":"v1.5"},{"id":"policy_authoring","name":"Policy Authoring","slug":"policies","resourceKind":"regunav.policy_authoring","basePath":"/v1/policies","subResources":["draft","version","publish","attest","retire","gap-fill"],"minSku":"regunav_growth","description":"Customer policy versioning + lifecycle.","lifecycle":"v1.5"},{"id":"vendor_risk","name":"Vendor Risk","slug":"vendor-risk","resourceKind":"regunav.vendor_risk","basePath":"/v1/vendor-risk","subResources":["vendors","assessments","contracts","monitoring","scorecards"],"minSku":"regunav_growth","description":"Third-party AI vendor scoring + procurement.","lifecycle":"v1.5"},{"id":"procurement","name":"Procurement","slug":"procurement","resourceKind":"regunav.procurement","basePath":"/v1/procurement","subResources":["rfp","scoring","awards","onboarding"],"minSku":"regunav_enterprise","description":"AI procurement + buyer-side compliance.","lifecycle":"v2"},{"id":"insurance","name":"Insurance","slug":"insurance","resourceKind":"regunav.insurance","basePath":"/v1/insurance","subResources":["policies","claims","coverage","quotes"],"minSku":"regunav_enterprise","description":"Cyber + AI liability insurance integration.","lifecycle":"v2"},{"id":"public_disclosure","name":"Public Disclosure","slug":"public-disclosure","resourceKind":"regunav.public_disclosure","basePath":"/v1/public-disclosure","subResources":["transparency","art-50","art-53-gpai","model-card"],"minSku":"regunav_enterprise","description":"EU AI Act Art 50 + Art 53 GPAI public summaries.","lifecycle":"v2"},{"id":"litigation_hold","name":"Litigation Hold","slug":"litigation-hold","resourceKind":"regunav.litigation_hold","basePath":"/v1/litigation-hold","subResources":["holds","custodians","preservation","ediscovery"],"minSku":"regunav_enterprise","description":"Legal hold + eDiscovery integration.","lifecycle":"v2"},{"id":"whistleblower","name":"Whistleblower","slug":"whistleblower","resourceKind":"regunav.whistleblower","basePath":"/v1/whistleblower","subResources":["reports","triage","investigations","protections"],"minSku":"regunav_enterprise","description":"EU AI Act Art 87 whistleblower protections.","lifecycle":"v2"},{"id":"marketplace","name":"Marketplace","slug":"marketplace","resourceKind":"regunav.marketplace","basePath":"/v1/marketplace","subResources":["specialists","listings","matching","reviews"],"minSku":"regunav_starter","description":"Specialist marketplace.","lifecycle":"v2"},{"id":"training_records","name":"Training Records","slug":"training-records","resourceKind":"regunav.training_records","basePath":"/v1/training-records","subResources":["modules","records","coverage","certificates"],"minSku":"regunav_sandbox","description":"EU AI Act Art. 4 AI-literacy register. Tracks staff training completions per module + framework.","lifecycle":"v1.5"},{"id":"incident_disclosures","name":"Incident Disclosures","slug":"incident-disclosures","resourceKind":"regunav.incident_disclosures","basePath":"/v1/incident-disclosures","subResources":["channels","disclosures","drafts","timelines","sla"],"minSku":"regunav_starter","description":"Regulator-shaped incident-notification workflows. EU AI Act Art. 73 + GDPR Art. 33 + DORA Art. 19 + NIS2.","lifecycle":"v1.5"},{"id":"gpai_summary","name":"GPAI Summary","slug":"gpai-summary","resourceKind":"regunav.gpai_summary","basePath":"/v1/gpai-summary","subResources":["summaries","template","data-sources","copyright-policy","energy-disclosure"],"minSku":"regunav_growth","description":"EU AI Act Art. 53(1)(c) GPAI training-data summary disclosure surface for foundation-model providers.","lifecycle":"v1.5"},{"id":"red_team","name":"Red Team","slug":"red-team","resourceKind":"regunav.red_team","basePath":"/v1/red-team","subResources":["corpus","runs","results","robustness","categories"],"minSku":"regunav_growth","description":"Adversarial-testing rail. EU AI Act Art. 15 robustness + GPAI Art. 55 systemic-risk evaluations. Drives the red-team-evals engine.","lifecycle":"v1.5"},{"id":"ontology","name":"Compliance-to-Architecture Ontology","slug":"ontology","resourceKind":"regunav.ontology","basePath":"/v1/ontology","subResources":["authorities","obligations","controls","evidence","architecture","policies","resolve"],"minSku":"regunav_sandbox","description":"Public read surface for the ReguNav Compliance-to-Architecture Framework™ v0.1. The 8-layer ontology (Authority → Obligation → Control → Evidence → Architecture → Policy-as-Code → Audit-Trail → AI-Governance) machine-readable across every populated framework.","lifecycle":"v1.5"},{"id":"metadata","name":"Metadata","slug":"metadata","resourceKind":"regunav.metadata","basePath":"/v1/metadata","subResources":["label","facets","search","items"],"minSku":"regunav_sandbox","description":"Auto-label artefacts (policies, standards, vendor docs, evidence, reports) with frameworks/clauses/obligations/controls/jurisdictions/risk-class/severity/freshness so they're searchable + filterable across the entire platform. Drives the metadata engine.","lifecycle":"v1.5"},{"id":"taxonomy","name":"Taxonomy","slug":"taxonomy","resourceKind":"regunav.taxonomy","basePath":"/v1/taxonomy","subResources":["frameworks","controls","clauses","evidence-types","jurisdictions","regulators","risk-classes","roles","bundle-hash"],"minSku":"regunav_sandbox","description":"Content-addressable taxonomy of all compliance nouns. Bundle-hash pinned per tenant for replay.","lifecycle":"v1"},{"id":"risk","name":"Risk Navigator","slug":"risk","resourceKind":"regunav.risk","basePath":"/v1/risk","subResources":["navigate","policy-gaps","watchlist","top-risks","by-domain"],"minSku":"regunav_starter","description":"Tenant-level risk navigator. Combines risk-scoring, vendor-risk, obligation-tracker, drift signals, and policy/handbook gap analysis into a composite view with top-N actionable risks.","lifecycle":"v1"},{"id":"governance","name":"Governance","slug":"governance","resourceKind":"regunav.governance","basePath":"/v1/governance","subResources":["raci","decision-rights","approvals","board-meetings","delegations","conflicts","snapshot"],"minSku":"regunav_growth","description":"Governance rail — RACI matrix, decision rights, multi-step approval chains, board-decision log, delegation register, conflict-of-interest register. Maps ISO/IEC 42001 §5 + §6 + EU AI Act Art. 26.","lifecycle":"v1"},{"id":"workflows_registry","name":"Workflow Registry","slug":"workflows-registry","resourceKind":"regunav.workflows_registry","basePath":"/v1/workflows-registry","subResources":["catalog","by-framework","by-stakeholder","by-category","snapshot"],"minSku":"regunav_starter","description":"SSOT catalogue of 20 stock compliance workflows (DSAR-30d, AI-incident-Art-73, vendor-DDQ, ISO 42001 internal audit, FRIA-on-deploy, GPAI Art-53 summary, etc.) with SLAs, RACI, evidence outputs, billability.","lifecycle":"v1"},{"id":"reconciliation","name":"Reconciliation","slug":"reconciliation","resourceKind":"regunav.reconciliation","basePath":"/v1/reconciliation","subResources":["events","summary","declared"],"minSku":"regunav_sandbox","description":"Drift events from the regunav-reconciler Worker — declared infrastructure + CC installation state vs actual state, every 5 min. Banking-grade auditable: WORM hash-chained to D1 audit_events.","lifecycle":"v1"},{"id":"events","name":"Event engine","slug":"events","resourceKind":"regunav.events","basePath":"/v1/events","subResources":["query","lifecycle","trail","sources","drifts"],"minSku":"regunav_sandbox","description":"Canonical event-index rail. POST /v1/events emits a row that must conform to packages/manifests/src/event-index-schema.json (14 typed fields). GET /v1/events filters by time/tenant/source/kind/phase/severity/actor/entity/action. Owns the index storage, routes to event-agents, runs the 7 reconciler-covers-events drift checks, enforces Amendment 2 latency budgets. Single source of truth for 'what happened, when, to what, by whom'.","lifecycle":"v1"}]}