Publish a report
Publish an audit report
/ v1 / reports Publish an audit report. The report payload is the full `AuditReport` produced by the CLI/engine. Visibility defaults to `private`. **Only `public` reports are credit-gated** (`report_publish`, 2 credits) when the request resolves to an organization — `unlisted` and `private` are free and always create a new report (no idempotency). For org-scoped `public` publishes, the charge is keyed on the publisher + a content hash: republishing the identical payload is an idempotent replay — it returns the original report with `200` if the prior response was cached, or `409` otherwise (still in flight / not cached). A later PATCH of that report to `public` replays the same charge key for free.
Request body required
reportobjectrequiredThe full audit report payload produced by the squirrelscan engine. Only the high-signal top-level fields are documented here; the complete schema is validated server-side (see `apps/api/src/schemas/audit-report.ts`). Extra top-level fields are accepted but ignored (the server-side schema strips unknown keys rather than rejecting them) — hence `additionalProperties: true`. The documented fields below are still validated and must conform.
visibilityanydefault: privateResponses
Idempotent replay of an identical org-scoped `public` publish whose original response was cached — returns the originally published report.
id string required url string (uri) required visibility "public" | "unlisted" | "private" required Available options: public, unlisted, private
createdAt string (date-time) required curl --request POST \
--url "https://api.squirrelscan.com/v1/reports"{
"id": "<string>",
"url": "<url>",
"visibility": "public",
"createdAt": "2023-11-07T05:31:56Z"
}