API Reference

The RADAR CLI and REST API surfaces for evidence management, configuration, and export.

CLI Reference#

The RADAR CLI is the primary interface for deployment, configuration, and evidence management. Commands run inside the running container via docker exec radar radar <command>.

Evidence commands

radar status

Display collection status: connected sources, total traces, findings breakdown, retention, storage usage.

radar traces list

List traces with filters: --session, --agent, --since, --until, --framework, --limit, --offset.

radar traces get <id>

Full trace detail: all events, policy evaluations, PII findings, tool calls, review actions.

radar findings list

List findings with filters: --severity (low|medium|high|critical), --type, --status, --since, --until.

radar findings get <id>

Full finding detail: evidence context, timestamps, remediation history, control mappings.

radar findings update <id>

Update finding status: --status (open|reviewing|remediated|closed), --comment.

radar pack

Generate evidence pack: --last (time range), --session, --format (json|html|pdf), --include-controls.

radar export

Export raw evidence: --format (json|parquet|csv), --since, --until, --output.

Configuration commands

radar sources add

Add evidence source: --type (gateway|webhook|otel|logfile), --name, --endpoint.

radar sources list

List all sources with connection status, last event, and event count per source.

radar sources remove <id>

Remove source. --purge to delete associated traces.

radar sources test <id>

Test source connection and report latency, authentication, and sample event.

radar retention set

Set retention: --days (7-365), --enforce for automatic purging.

radar retention status

Display policy, storage usage %, oldest record date, legal hold count.

radar siem add

Configure SIEM: splunk|sentinel|syslog with endpoint, port, protocol, format.

radar siem status

SIEM forwarding status, last event timestamp, total forwarded, error count.

radar siem test

Send test event to verify SIEM connectivity and schema.

Admin commands

radar admin users

List dashboard users, roles, and last login.

radar admin license

Display license status, expiry, usage limits, and upgrade path.

radar admin logs

Tail RADAR system logs for debugging: --follow, --level (info|warn|error).

radar admin backup

Create evidence store backup: --output, --full (includes config).

REST API#

The RADAR REST API is available on port 8080 (configurable via RADAR_API_PORT). All endpoints require authentication.

Authentication

API key

Pass via Authorization: Bearer <key> header. Keys managed via RADAR_API_KEY env var or admin CLI.

OIDC

Bearer token from your OIDC provider. Configure via RADAR_OIDC_ISSUER_URL and RADAR_OIDC_CLIENT_ID.

Rate limiting

1000 requests/minute per API key. Rate limit headers: X-RateLimit-Remaining, X-RateLimit-Reset.

Evidence ingestion

bash

# Push a trace event
curl -X POST http://localhost:8080/api/v1/traces \
  -H "Authorization: Bearer $RADAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "sess_abc123",
    "agent": "customer-support-v2",
    "framework": "langchain",
    "events": [
      {
        "type": "llm_call",
        "model": "gpt-4o",
        "prompt": "I need a refund for my order",
        "completion": "Let me check your order history",
        "tokens_prompt": 45,
        "tokens_completion": 120,
        "timestamp": "2026-05-04T14:23:11Z"
      }
    ]
  }'

# Response: 201 Created
# {
#   "trace_id": "trc_8f7d3a1e",
#   "status": "accepted",
#   "events_ingested": 1,
#   "findings_generated": 2
# }

Evidence retrieval

bash

# List traces with filters
curl "http://localhost:8080/api/v1/traces?agent=customer-support&since=2026-05-01&limit=10"
# Response: { "traces": [...], "total": 247, "page": 1, "page_size": 10 }

# Get specific trace
curl "http://localhost:8080/api/v1/traces/sess_abc123"
# Response: { "trace_id": "sess_abc123", "events": [...], "findings": [...], "status": "completed" }

# List findings by severity
curl "http://localhost:8080/api/v1/findings?severity=high&status=open"
# Response: { "findings": [...], "total": 3, "page": 1 }

# Get export bundle
curl -o evidence-pack.zip   "http://localhost:8080/api/v1/exports/pack_xyz123"

Kill switch

Emergency stop mechanism for critical violations. Requires admin privileges.

bash

# Activate kill switch — immediately stops all evidence ingestion
curl -X POST http://localhost:8080/api/v1/kill-switch/activate \
  -H "Authorization: Bearer $RADAR_API_KEY"

# Deactivate — resumes normal operation
curl -X POST http://localhost:8080/api/v1/kill-switch/deactivate \
  -H "Authorization: Bearer $RADAR_API_KEY"

# Check kill switch status
curl http://localhost:8080/api/v1/health | grep kill_switch

Error codes

400

Bad request

Invalid payload structure, missing required fields, or schema validation failure.

401

Unauthorized

Missing or invalid API key or OIDC token.

403

Forbidden

API key does not have permission for the requested operation.

404

Not found

The requested trace, finding, or export does not exist or has been purged.

409

Conflict

Duplicate session_id or event_id. Idempotency key already processed.

429

Rate limited

Too many requests. Check X-RateLimit-Remaining and X-RateLimit-Reset headers.

500

Internal error

Contact support with trace_id from response headers.

SDK Reference#

RADAR provides SDKs for pushing evidence events programmatically from your agent runtime.

Python

pip install radar-sdk. Push trace events, configure sources, and manage exports from Python agent runtimes.

TypeScript

npm install @akioudai/radar-sdk. Integrate with existing Node.js agent infrastructure.

REST (any)

Direct HTTP integration via the REST API. Compatible with any language and runtime.

OpenTelemetry

RADAR accepts OTel traces natively. Configure your agent runtime to export OTel signals to the RADAR endpoint.