Skip to main content

Reports API

Enterprise report generation, library management, and scheduling. F3 adds three new AI-specific report types with compliance control mapping.

Generate Report

POST /api/enterprise-users/generate-report

Generate an enterprise report using live analytics and AI governance data.

Authentication: JWT (admin or super_admin role required)

Request Body:

{
  "report_type": "compliance",
  "template_name": "AI Agent Governance Report",
  "classification": "Confidential"
}

Available Template Names:

TemplateTypeDescription
SOX Compliance ReportcomplianceSOX IT controls mapped to governed actions
HIPAA Compliance ReportcomplianceHIPAA technical safeguards assessment
Risk Assessment ReportriskOverall security posture and risk distribution
Executive Security ReportexecutiveExecutive summary with AI + user sections
AI Agent Governance ReportcomplianceF3: Full AI governance assessment with 4-framework mapping
MCP Server Compliance ReportcomplianceF3: MCP server inventory and risk analysis
Autonomous Agent Risk SummaryriskF3: Autonomous agent census and risk trajectory

Response: 200 OK

{
  "status": "success",
  "message": "AI Agent Governance Report generated successfully",
  "report_id": "RPT-AI-20260410-40858",
  "classification": "Confidential",
  "generated_by": "sarah.chen@meridian-capital.com",
  "content_preview": {
    "total_users": 3,
    "security_score": 65.2,
    "compliance_status": {
      "sox_compliance": 17.3,
      "hipaa_compliance": 79.8,
      "pci_compliance": 81.5,
      "iso27001_compliance": 60.6,
      "source": "ai_governance_pipeline"
    }
  }
}

New Report Types (F3)

AI Agent Governance Report

Full enterprise governance assessment for CISO, Board, and regulators.

Sections:

  1. Governance Summary — total governed actions, approval/denial rates, risk posture, security score
  2. Risk Path Evidence — MITRE ATT&CK detections with pattern, severity, and confidence
  3. Agent Inventory — registered agents, MCP servers, discovered agents
  4. Compliance Mapping — SOX, HIPAA, PCI-DSS, NIST AI RMF control scores with evidence counts
  5. User Access Controls — MFA adoption, user count (reported separately from AI governance)
  6. Recommendations — compliance improvement suggestions

MCP Server Compliance Report

Focused assessment of MCP server governance and tool usage.

Sections:

  1. MCP Server Inventory — all registered MCP servers with trust level and health
  2. MCP Risk Detectionsunauthorized_mcp_tool and secrets_via_mcp pattern detections
  3. Overall Risk Evidence — all risk path detections for context

Autonomous Agent Risk Summary

Risk-focused view of autonomous (non-supervised) agents.

Sections:

  1. Autonomous Agent Census — count, names, status
  2. Governance Summary — approval rates, human review rates for autonomous actions
  3. Risk Detections — risk paths involving autonomous agents
  4. Kill Switch Events — any terminations
  5. Agent Type Breakdown — autonomous vs supervised comparison
  6. Recommendations — agents that should be moved to supervised mode

Threat Intelligence Brief (Updated)

The Executive Security Report now includes clearly separated sections:

  • Section A: AI Agent Threat Intelligence — governance summary, risk path detections, agent inventory (sourced from GovernanceReportPipeline)
  • Section B: User Access Controls — security score, MFA adoption, compliance overview, department distribution (sourced from existing get_user_analytics)

These two sections are never mixed. A regulator can clearly distinguish AI agent activity from human user activity.

Report Library

GET /api/enterprise-users/reports/library

List all generated reports for the organization.

Response: 200 OK — array of report metadata (id, title, type, classification, created_at, download_count)

GET /api/enterprise-users/reports/download/:report_id

Download a specific report by ID. Increments download counter.

Scheduled Reports

POST /api/enterprise-users/scheduled-reports

Create a scheduled report generation job.

Request Body:

{
  "name": "Weekly AI Governance Report",
  "template_name": "AI Agent Governance Report",
  "report_type": "compliance",
  "frequency": "weekly",
  "day_of_week": 1,
  "time_of_day": "08:00",
  "recipients": ["ciso@company.com"],
  "classification": "Confidential"
}